Message Analyzer has Released – A New Beginning

We are excited to announce the official release of Message Analyzer to the Microsoft Download Center. Sci-Fi movie references aside, this really is a new beginning for troubleshooting and analysis. Message Analyzer brings a set of new ideas, new techniques, and new paradigms in order to make analysis of protocols, log files, and system events a cohesive activity which allows correlation across all those types of traces.

New Ways to Capture

As I detailed in the Network Capture is Dead blog, we have updated the way we capture messages. By leveraging ETW and providing inspection points to capture at the Firewall and HTTP Proxy layers, you can capture loopback and encrypted traffic that was not possible in the past. Message Analyzer also enables you to capture messages from multiple places in the system at the same time, collect them in one trace file and package up all the information so that it can be analyzed elsewhere.

New Ways to Analyze

There are also new ways to analyze and organize the trace data. Automatic diagnosis and coalescing of fragments and messages provide a concise and succinct view allowing you to focus on the problems and not the noise. New visualizations let you see a problem at a high level, and then dig in by viewing selected data in detail in the Analysis Grid. New tools like Sequence Matching, Viewpoints, and Grouping provide alternative ways to slice, dice and find the problems buried in heaps of noisy traces. Improved filtering syntax continues on where Network Monitor left and provides a richer way to specify fields and properties.

New Ways to Share

The world is full of many specialized areas each with their own silos of knowledge. Subject matter experts need a way to share this expertise so that everybody can benefit and learn from the masters. The sharing infrastructure is the starting place for this new innovation which will continue to evolve. Designed to allow users to manage and share various Message Analyzer assets like filters, views, trace scenarios and more, expert knowledge will become easier to discover and use.

Analyze Now

The new name, Message Analyzer, reflects the broader initiative to analyze more than just network packet captures. Now your text files, event logs, and system event traces can be included altogether. When you analyze the merged traces the combined data helps provide an extra level of inspection and insight. And while this is the end of one chapter, it is only the start of a story that we will continue to share at a rapid pace. So please download Message Analyzer take it for a spin and if you have feedback of problems, please report them on our Microsoft Message Analyzer Forum.


More Information

To learn more about some of the concepts briefly described in this article, see the following topics in the Message Analyzer Operating Guide on TechNet:

  • Release Features Summary — get a brief overview of Message Analyzer features.
  • Technology Tutorials — review Message Analyzer technologies, the Protocol Engineering Framework (PEF) architecture, and the Event Tracing for Windows (ETW) Framework.
  • Default Trace Scenarios — lists the predefined scenarios that you can use to capture live data.
  • PEF-WFP Layer Set Filters — includes information on capturing loop back traffic.
  • PEF-WebProxy Provider — includes information on capturing encrypted traffic.
  • Analysis Grid — describes the default tree-grid-style viewer for analyzing message data and how to use its features.
  • Sequence Match — discusses the use of sequence match viewer features, provides a walkthrough of the default sequence expressions, and describes how to create your own sequence matching patterns.
  • Applying and Managing Viewpoints — includes how to apply predefined viewpoint filters that enable you to observe network traffic from the perspective of specific protocols.
  • Using the Data Grouping Feature — describes how to use Analysis Grid features to bubble up and organize relevant data into a grouped display, similar to the conversation tree in Network Monitor.
  • Writing Filter Expressions — describes how to use the filtering language to create your own filters.
  • Managing Assets and Resources — includes information on how to obtain Message Analyzer assets, synchronize your installation to receive automatic asset updates, and share your assets with others.
  • Importing Message Data — includes information about importing log files.

Comments (21)
  1. Woohoo! Congrats folks.

    And what sci-fi reference is "a new beginning"? I am hoping you don't mean…/tt0214641.


  2. Paul E Long says:

    The conversation tree and process tracking is something we still need to move forward to Message Analyzer from Network Monitor.  We do grouping now, which creates an in-line conversation tree though it's not fixed anymore.  Somebody in our forums asked a similar question (…/where-is-the-pidimage-name-info).  Also the blog I point to might also be helpful.(…/pivoting-on-trace-data-using-grouping.aspx)

  3. Paul E Long says:

    Re: "execute and capture on remote workstations".  Besides powershell, we also have a new remote capture feature that works with Windows 8.1 and Server 2012 R2.  Stay tuned for more details once it's Windows 8.1 is official available.

  4. Anonymous says:

    Is this in Server 2012 R2?

  5. To see the PowerShell cmdlets run the PowerShell console as administrator.  The module name is PEF.

    PS C:> Import-Module PEF

    PS C:> Update-Help -Module PEF -Verbose

    PS C:> Get-Command -Module PEF

    Here is a link to the online help for New-PefTraceSession:…/dn265996(v=wps.630).aspx

  6. Ing. Ondrej Žilinec says:

    Let's try it and see 🙂

    New product and there is already Known issues documents 😀

  7. Mike Kline says:

    Congrats on the release.   Will netmon continue to be developed and updated or from this point on is it going to be message analyzer only?

  8. Chris says:

    Congratulations guys!

  9. Wez Nagwama says:

    All we need is an easier way to deploy, execute and capture on remote workstations (inbuilt psexec functionality?) and we are set. Cheers.

  10. Jan Kaestner says:

    Congrats folks, was so long waiting for you new methods of capturing and visualizing it! Perfect job. Will see you on making now the former "experts" perfect and customizable as well 😉 , Jan

  11. paul says:

    NedPyle: A beginning is a very delicate time…

  12. Chris Malone says:

    This definitely looks like the Kwisatz Haderach…thanks for all the hard work. Can't wait to try it out.

  13. Jon says:

    In netmon, if I click "New Capture" followed by "Start", I can see a list of process names and PIDs in a tree on the left, which can then be drilled down to individual conversations within that process. Clicking on any node in the tree shows details of conversations in the "Frame Summary" window, and clicking on a line there gives more information in "Frame Details" and "Hex Details".

    How do I accomplish the same thing in Message Analyzer?

  14. Jon says:

    Thanks Paul. For now I'll be sticking with Netmon but I look forward to Message Analyzer having that feature.

  15. Tom Robinson says:

    During installation I lost network connectivity. Reboots didn't help. Uninstalling it was the only solution that worked.

    I'm running Windows 8 Pro with the Hyper-V role installed.

  16. Anonymous says:

      Applies to: Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows 8 Windows Server 2008

  17. Anonymous says:

    ARCHIVED as of May 2015.  Instead look at Tool: Installing the Microsoft Message Analyzer version

  18. Anonymous says:

    Applies to: Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows 8 Windows Server 2008 R2 Windows

  19. Anonymous says:

    Applies to: Windows 10 Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows 8.0 Windows Server

  20. Anonymous says:

    Applies to: Windows 10 Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows 8 Windows Server

Comments are closed.

Skip to main content