Parse As – When a Protocol Doesn’t Use a Standard Port


It’s is a fairly common practice to use non-standard ports in protocol communications, such as port 12345 instead of port 1433 for SQL communications with the TDS protocol. HTTP, RDP, TLS, and LDAP are some of the more common protocols that system administrators typically configure to use alternate ports, in some cases to limit exposure to security threats. Message Analyzer now provides an option that enables you to align certain protocols with this practice, by configuring alternate ports so that they parse properly.

Parser Options

Message Analyzer now enables you to select Parsing options for several parsers that change the way they behave, for example, the ports on which certain message types will be parsed. Although, this is the main usage for the current set of parsing options, more protocol-specific options will be provided going forward. You can access these features from the Configurable Parsers pane on the Parsing tab of the Options dialog, via the right-click context menu in the Analysis Grid viewer shown below, by navigating to Tools->Options->Parsing, or by using the Ctrl+P key stroke shortcut.

clip_image002

The drop-down list in the Options dialog shown below presents a list of protocols or modules for which parsing options are available. By selecting a protocol in the list, the specific options that are available for the protocol display in one or more text box labels below the drop-down. For instance, if you choose TDS, you can specify a comma-delimited set of ports in the Ports text box. When you make a change to a port number, you’ll see an information bar which tells you that Pressing OK will reload all sessions, which is similar to what occurs when reopening a trace.

clip_image004

Keep in mind that some protocols such as HTTP and LDAP have a separate port configuration for Secure (SSL/TLS) traffic.

All Clear Now

After you click OK in the Options dialog, you should now see the protocol parse on the specified port, as expected. Note that the optional ports that you specified will be saved for your next session as well. If you encounter other protocols that you believe should be handled this way, please let us know. As always, the Message Analyzer user interface Feedback mechanism or the TechNet forums are a good way communicate these type of requests.

More Information

To learn more about some of the features and concepts described in this article, see the following topics in the Message Analyzer Operating Guide:

Setting Message Analyzer Global Options

Analysis Grid Viewer

Feedback

Editing Existing Sessions


Comments (0)

Skip to main content