Anyone who has spent any time at all with ISA Server or Forefront TMG has found themselves needing to evaluate the network traffic generated by the ISA Server Firewall client (TMG client for Forefront TMG). The problem with that effort is that none of the available network capture tools included a parser for this traffic.
Today that changes. In collaboration with the Network Monitor and Forefront Edge Core teams, the Forefront Edge CS team is happy (little-girl-giggly, truth be told) to announce the public availability of a parser written specifically for Network Monitor 3.3. Now you can actually understand what happens between the client and the firewall when your favorite application is misbehaving. You can obtain the parser from CodePlex. The parser provides two new protocols for Network Monitor 3.3:
· RWS (Remote WinSock): the control channel protocol used between the client and firewall
· WSP (WinSock Proxy): the abstracted application protocol
Look for additional articles that describe this traffic and offer some hints on using the parser for troubleshooting.
HUGE Thanx to the Network Monitor and Forefront Edge Core teams for their support – we literally could not have done this without them!
PM FF Edge CS