Hopefully yesterday's tip inspired you to go download and install the latest version of Message Analyzer. In this tip, let's see how to grab a quick capture.
First, Launch Message Analyzer. Making sure to Run As Administrator
Then, select File > Quick Trace > Local Network Interfaces Capture
After you've gathered sufficient data, click Stop. That's all there is to it!
What about filtering you ask? Well, Message Analyzer provides a crazy amount of information and lots of new ways to drill into it! As a result MA could seem a little intimidating at first glance. If that’s the case, don’t let it stop you from jumping in. Let's check out a few things……
Note the View Filter box on the right. First thing we see in this very basic example is that we can filter on IP and Protocol Type just like Network Monitor. In this example we are looking for a specific IP and protocol type.
Now take a look at the Analysis Grid to the left. Message Analyzer uses the concept of sessions in its approach to capturing and displaying data. This is a key differentiator between it and Net Mon. Let’s look at an illustration. The screen shot above shows three (of four) separate sessions captured from a single ICMP Echo Operation.
- Message Number 1085 reflects the first of these sessions (unexpanded); an ICMP Echo Operation which consists of both an Echo Request and its related Echo Reply.
- Now look at 1099. Here we have the second session expanded just enough to see both the individual Echo Request and Reply frames.
- Message 1109 is where things get really cool! Here we have the Echo Request message expanded at length down the ‘stack’. Note that we are even able to see that communications is traversing a Wi-Fi adaptor.
Obviously there is a lot more to see. To help find your way, checkout the following resources.
For even more information check out the Message Analyzer Blog
In our next tip we will take a look at some of the other ways to organize and view data.