Microsoft Message Analyzer #MMA Microsoft Network Monitor

Message Analyzer Icon 48

Microsoft Message Analyzer

Meet the successor to Microsoft Network Monitor!

Microsoft Message Analyzer has been released to the public.

As you might guess from the name, Message Analyzer is much more than a network sniffer or packet tracing tool. Key capabilities include:

• Integrated "live" event and message capture at various system levels and endpoints

• Parsing and validation of protocol messages and sequences

• Automatic parsing of event messages described by ETW manifests

• Summarized grid display – top level is “operations”, (requests matched with responses)

• User controlled "on the fly" grouping by message attributes

• Ability to browse for logs of different types (.cap, .etl, .txt) and import them together

• Automatic re-assembly and ability to render payloads

• Ability to import text logs, parsing them into key element/value pairs

• Support for “Trace Scenarios” (one or more message providers, filters, and views)

(To capture at the NDIS and Firewall layers without running as admin, you must log off and back on after installation to pick up the necessary credentials. Please do this!)

Powerful, extensible viewing and analysis


•Browse, Select, View

•Browse for messages from various sources (live, or stored)

•Select a set of messages from those sources by characteristic(s)

•View messages in a provided viewer, configure or build your own

•A new high-level grid view

•High level “Operations” view with automatic re-assembly

•“Bubbling up” of errors in the stack to the top level

•Ability to drill down the stack to underlying messages and/or packets

•On the fly grouping, filtering, finding, or sorting by any message property

•Payload rendering

•Validation of message structures, behavior, and architecture

•Does the protocol comply with the specifications?


Posted September 20, 2012 by Robert Smit in Microsoft Message Analyzer

Tagged with

  • Tag