Showing posts with label NetMon. Show all posts
Showing posts with label NetMon. Show all posts

Thursday, September 26, 2013

Did you get the message? Message Analyzer v1.0 has RTW'd

MessageAnalyzer - Message Analyzer has Released – A New Beginning

We are excited to announce the official release of Message Analyzer to the Microsoft Download Center. Sci-Fi movie references aside, this really is a new beginning for troubleshooting and analysis. Message Analyzer brings a set of new ideas, new techniques, and new paradigms in order to make analysis of protocols, log files, and system events a cohesive activity which allows correlation across all those types of traces.

New Ways to Capture

As I detailed in the Network Capture is Dead blog, we have updated the way we capture messages. By leveraging ETW and providing inspection points to capture at the Firewall and HTTP Proxy layers, you can capture loopback and encrypted traffic ...

New Ways to Analyze

There are also new ways to analyze and organize the trace data. Automatic diagnosis and coalescing of fragments and messages provide a concise and succinct view allowing you to focus on the problems and not the noise. New visualizations let you see a problem at a high level, and then dig in by viewing selected data in detail in the Analysis Grid. New tools like....

New Ways to Share

The world is full of many specialized areas each with their own silos of knowledge. Subject matter experts need a way to share this expertise so that everybody can benefit and learn from the masters. ....

Analyze Now

...

Microsoft Downloads - Microsoft Message Analyzer

Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components

Version: 1.0

Date Published: 9/24/2013

Message Analyzer FAQ and Known Issues.docx, 126 KB

MessageAnalyzer.msi, 33.6 MB

MessageAnalyzer64.msi, 33.9 MB

Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic and other system messages. Message Analyzer also enables you to import, aggregate, and analyze data from log and trace files. It is the successor to Microsoft Network Monitor 3.4 and a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can choose to capture data live or load archived message collections from multiple data sources simultaneously.

Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree grid view and other selectable graphical views that employ grids, charts, and timeline visualizer components which provide high-level data summaries and other statistics. It also enables you to configure your own custom data viewers. In addition, Message Analyzer is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well.

Supported Operating System

Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

32-bit and 64-bit of Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2012 and Windows Server 2012 R2

Microsoft Message Analyzer Operating Guide

SNAGHTML11797ec8SNAGHTML117a8a4c

 

Related Past Post XRef:
Microsoft Message Analyzer better in Beta 2 (Gantt viewer, Quick filter, Parsing REST Protocols and more)
Goodbye Microsoft Network Monitor... Hello Microsoft Message Analyzer!

Capturing data (cough… passwords… cough) on unsecured wireless isn’t hard… (so don’t use them or SSL it baby!)

Network Monitor (NetMon/NM) 3.3 Released
NetMon Parsers – Existing parsers available and more coming via CodePlex
NetMon API – Capture, Parse and and Capture File Access (with Managed P/Invoke example too)
Network Monitor 3.2 (aka NetMon, NM3) Beta Released – Now with application network conversation tracking UI
NetMon 3.1 Released
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Friday, February 15, 2013

Microsoft Message Analyzer better in Beta 2 (Gantt viewer, Quick filter, Parsing REST Protocols and more)

MessageAnalyzer - Microsoft Message Analyzer Beta 2 is released (build 5950)!

Install the Beta 2 version from here: https://connect.microsoft.com/site216/Downloads.  You’ll need to be a member of our connection.

This release adds a range of new functionality and resolves a number of bugs:

· IntelliSense UI for filter creation – As one of the most requested features, Filter IntelliSense is now available for exploring protocol message hierarchies to find the fields you need to build filter expressions. The capabilities are vastly improved compared to Network Monitor, now displaying protocols, messages, fields, structures, properties, annotations and more!

· Quick filter - Quick filtering makes it easy to create a time window in which to view trace results!   Unlike BSV, it filters messages in memory after loading them instead of during import.  Just select the traces you want, adjust the time slider as needed, and you are done.  It’s that easy.

· Capture firewall discard events – This feature allows you to discover how the firewall is affecting network traffic.  New messages tell you when traffic is blocked and associated IDs point to the specific firewall rule responsible for dropping the message.

· OPN Viewer – You can right click on any field and select Go to Definition to view the field’s OPN definition.  This feature provides the equivalent functionality of the NPL Viewer in Network Monitor 3.4.

· Parsing REST Protocols – This feature enables you to diagnose and analyze RESTful web services.  RESTful web services are one of the fastest growing network areas.

· Performance improvements:

· Gantt viewer – Do you need to see a bird’s eye view of your message traffic?  Message Analyzer now includes a highly customizable Gantt Viewer that provides easy-to-use navigation, zooming, and the ability to drill down into further details, as necessary.

· Console viewer provides an interactive command-line interface for filtering, sorting, grouping, and viewing messages collections.

..."

Lots of cool features if you're into Network traffic analysis (and who isn't?  :P )

 

Related Past Post XRef:
Goodbye Microsoft Network Monitor... Hello Microsoft Message Analyzer!

Capturing data (cough… passwords… cough) on unsecured wireless isn’t hard… (so don’t use them or SSL it baby!)

Network Monitor (NetMon/NM) 3.3 Released
NetMon Parsers – Existing parsers available and more coming via CodePlex
NetMon API – Capture, Parse and and Capture File Access (with Managed P/Invoke example too)
Network Monitor 3.2 (aka NetMon, NM3) Beta Released – Now with application network conversation tracking UI
NetMon 3.1 Released
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Tuesday, September 18, 2012

Goodbye Microsoft Network Monitor... Hello Microsoft Message Analyzer!

MessageAnalyzer - Meet the successor to Microsoft Network Monitor!

It’s a very exciting week for me and my team!  This week I’m attending the SNIA SDC 2012 conference in Santa Clara, CA and this is where we will announce Message Analyzer.  There are so many new features and aspects to discuss, but for now I’ll leave you with the official announcement:

Microsoft Message Analyzer has been released to the public, available here:

https://connect.microsoft.com/site216 (you’ll have to join the Message Analyzer and Network Monitor program to see the downloads and access other parts of or our site.)

...

Microsoft Message Analyzer

Meet the successor to Microsoft Network Monitor!

Microsoft Message Analyzer has been released to the public, available here.  In order to download the program, please join Message Analyzer program.

As you might guess from the name, Message Analyzer is much more than a network sniffer or packet tracing tool.  Key capabilities include:

  • Integrated "live" event and message capture at various system levels and endpoints
  • Parsing and validation of protocol messages and sequences
  • Automatic parsing of event messages described by ETW manifests
  • Summarized grid display – top level is  “operations”, (requests matched with responses)
  • User controlled "on the fly" grouping by message attributes
  • Ability to browse for logs of different types (.cap, .etl, .txt) and import them together
  • Automatic re-assembly and ability to render payloads
  • Ability to import text logs, parsing them into key element/value pairs
  • Support for “Trace Scenarios” (one or more message providers, filters, and views)

We are providing this beta release to give you an opportunity to let us know what you like and don’t like and where we need to focus our energy as we drive towards a mid-2013 RTM date. 

..."

Message Analzyer Intro PPT

image

image

Is it weird that I get excited over a new network monitoring tool like this?

While you're there, make sure you check out the other downloads, like How to Filter.pdf, too.

 

Related Past Post XRef:
Capturing data (cough… passwords… cough) on unsecured wireless isn’t hard… (so don’t use them or SSL it baby!)

Network Monitor (NetMon/NM) 3.3 Released
NetMon Parsers – Existing parsers available and more coming via CodePlex
NetMon API – Capture, Parse and and Capture File Access (with Managed P/Invoke example too)
Network Monitor 3.2 (aka NetMon, NM3) Beta Released – Now with application network conversation tracking UI
NetMon 3.1 Released
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Monday, November 08, 2010

Capturing data (cough… passwords… cough) on unsecured wireless isn’t hard… (so don’t use them or SSL it baby!)

NirBlog - How to capture data and passwords of unsecured wireless networks with SniffPass and SmartSniff

“A few months ago, I released a new version of both SmartSniff and SniffPass with support for using them with Microsoft Network Monitor 3.x

In the release details, I also specified that 'Wifi Monitor Mode' button was added for using 'Monitor Mode' under Windows Vista/7/2008, but without giving extensive explanation about how to use this feature. So in this blog post, I'll add more details about this 'Wifi Monitor Mode' and how to use it on SmartSniff and SniffPass.

When a wireless network card enters into a 'Monitor Mode', it listens to specific channel that you choose and captures all the packets that are sent by wireless networks on your area in the specific channel that you selected.  If the wireless network that sent the packet is unsecured,   SmartSniff and SniffPass will be able to show you the packets data.

Before I start to explain you how to use this mode, here's the system requirements for using  'Monitor Mode':

NirSoftPageSnap…”

The recent heightened awareness of how unsecure wireless networks are (funny that given the “unsecure” keyword…) with the release of the FireFox FireSheep extension is a good thing, IMHO. Well, let me say I feel the “awareness” is good… Knowledge is power. How many of you were not using the SSL versions of Twitter/Facebook/Gmail/Hotmail/etc/etc before this? And now?

Here’s another, lower level, net-guy/gal, tool that gives you a view into this world…

Note: Please use this information for Good… With great power, … etc, etc

Wednesday, April 22, 2009

Network Monitor (NetMon/NM) 3.3 Released

Microsoft Downloads - Microsoft Network Monitor 3.3

“Tool to allow capturing and protocol analysis of network traffic.

Version: 3.3 1641
Date Published: 4/21/2009
Language: English
Download Size: 5.0 MB - 16.3 MB*

Network Monitor 3.3 is a protocol analyzer. It allows you to capture network traffic, view and analyze it. Version 3.3 is an update and replaces Network Monitor 3.2. Network Monitor 3.x is a complete overhaul of the previous Network Monitor 2.x version.

…”

What more can be said? NetMon rocks? Updated NetMon == Cool?  ;)

Update 4/22/2009 @ 7:40AM PDT:
For a cool list of what’s new, check out Blake’s post, The Road to Know Where - Microsoft Releases Final Version of Microsoft Network Monitor 3.3 for Windows 7

 

Related Past Post XRef:
NetMon Parsers – Existing parsers available and more coming via CodePlex
NetMon API – Capture, Parse and and Capture File Access (with Managed P/Invoke example too)
Network Monitor 3.2 (aka NetMon, NM3) Beta Released – Now with application network conversation tracking UI
NetMon 3.1 Released
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Friday, November 07, 2008

NetMon Parsers – Existing parsers available and more coming via CodePlex

Network Monitor - Open Source Parsers for Network Monitor 3.2

“With the release of NM3.2, we revamped the parser management so that we can support parser upgrades. So I’m pleased to announce that we just released a new version of the parsers on http://www.codeplex.com/nmparsers. As new parsers become available or the current parsers become extended or improved, you’ll be able to get the latest version.

The Plan

Our plan is to release a new set parsers every month. The updates will be based on your feedback and bug/issue reports that are filed on the site. It may take us a bit of time to completely convert our development over to CodePlex. In the meantime there may be fixes for bugs that have been filed internally. But soon you’ll see the parser files updated live along with a matching MSI installer each month. We have already released a new MSI with the current parser changes. Just look at the Release tab off of our CodePlex site and choose the MSI package that matches your installed Network Monitor OS version.

Eventually, we will document and expose the code for MSI creation so that you can create packages for your own parser sets. Also, we are planning to provide documentation for how to test parsers so that you can understand how we test internally for regressions and compatibility.

…”

CodeProject - Network Monitor Open Source Parsers

“Welcome to the Network Monitor Open Protocol CodePlex Project!
This project will contain the latest updates for the Network Monitor parsers. All parser development will be done through this CodePlex site starting in November 2008, and we welcome your input as well as your parser bug reports.

Introduction
This project will contain the latest updates for Network Monitor parsers. All parser development will be done through this Codeplex site starting in November 2008 and we welcome your input as well as your parser bug reports.

While parsers for many protocols have always shipped with Network Monitor, we have now decided to ship parsers for the protocols described in the Windows Open Protocol Specifications and to move parser development into the CodePlex open source environment. This is a big step for us, so please be patient as we get settled in.

With the launch of this portal, we have also released an updated set of parsers for Network Monitor 3.2. Over the course of the next month, we’ll be moving to develop completely within CodePlex so parser developers, enthusiasts, and the like can have access to the latest parser changes immediately. In the meantime, we’ll be synching the CodePlex branch with our internal development once a week and dropping a couple of new tested parser installation packages every couple of weeks.

…”

Just looking at the amount of NetMon parsing code now in the CodePlex project is making my eyes bleed… Man I love open source (or Source Available or what ever ;)

To give you a feel for what the NetMon Team is releasing check out these two snaps of the source code trees. Each listed item is a parser (i.e. protocol)

Change Set 16184 / NPL / common

image

Change Set 16184 / NPL / Windows

image

See what I mean? That’s a ton-o-NetMon parsing!  :)

 

Related Past Post XRef:
NetMon API – Capture, Parse and and Capture File Access (with Managed P/Invoke example too)
Network Monitor 3.2 (aka NetMon, NM3) Beta Released – Now with application network conversation tracking UI
NetMon 3.1 Released
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Saturday, November 01, 2008

NetMon API – Capture, Parse and and Capture File Access (with Managed P/Invoke example too)

Network Monitor - Intro to the Network Monitor API

“I’ve recently played with a new tool here at MS, which analyzes HTTP traffic and provides performance information so that you can better tune your web servers and applications. I also have seen an internal SMB expert that summarizes SMB traffic, for instance open files and connects. These types of experts provide a protocol specific view of network data that is tailored to a specific protocol. The NMAPI provides a powerful way to access our parsing and capturing engine directly. This gives you a lot of flexibility to analyze network traffic in ways you can only imagine. I want to give a quick overview of how the API works so that you can harness the power of the NMAPI.

VRTA – Visual Round Trip Analyzer

Before I dig into the API, let me show you an example of what the API can accomplish for you. It is available here:

http://www.microsoft.com/downloads/details.aspx?familyid=119F3477-DCED-41E3-A0E7-D8B5CAE893A3&displaylang=en

This tool was recently released and allows you to visualize HTTP traffic so that you can diagnose performance of your HTTP server or Browser.

VRTA

What Does the API Allow?

I like to divide the API into 3 areas, though they tend to overlap some. They are Capturing, Parsing, and Capture File access. So let me start by explaining what each can do.

Capturing: You have most of the same capabilities as you do in the UI. You can Start/Stop/Pause the capture engine on any of the network interfaces. The API lets you enumerate the available adapters and setup a unique callback for each one, if you want. Each time a frame arrives, the callback is sent the raw frame which you can then evaluate or simply save to a capture file.

Parsing: With access to the parsing engine, you can inspect any data field that is parsed. You can reassemble data on the fly to quickly parse for a few fields or enumerate through them all. You also have the same UI filtering language available to you in the API. You can define a filter as part of your frame parser and then evaluate that filter, very quickly, on each frame.

Capture File Access: The API also allows you to read and write capture files using the Netmon 2.1 file format for NM3.2.

Where is the SDK?

Almost everything is included when you install NM3.2. This includes NetMonSDK.CHM which describes each of the API and contains examples as well. The only other requirement is that you need to install the WDK. This is because we reference the NDIS headers for each adapter, which is one of the functions the API provides.

For more information on setting up your environment, see the section called Network Monitor API Overview in the CHM file. This can be accessed from the help menu in NM3.2.

Managed Code

While we haven’t created an official Managed wrapper, we have included a simple NetmonAPI.CS file which uses PInvoke to call the DLL directly. We hope to release a more proper wrapper externally at some point. Perhaps in the shorter term we can also start an open project which wraps the API.

…”

I’m such a sucker for Managed code’able API’s… ;)

I’m thinking that this could be useful to build a custom capture feature into an app to help diagnose network issues. Think about a feature where, either on demand or automagically, an application starts capturing traffic, say based on some local benchmark, to help diagnose an intermittent connectivity or performance issue. Then submits that info to a central repository for analysis… Would have to look into the deployment of it (NetMon) though.

 

Related Past Post XRef:
Network Monitor 3.2 (aka NetMon, NM3) Beta Released – Now with application network conversation tracking UI
NetMon 3.1 Released
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Thursday, June 12, 2008

Network Monitor 3.2 (aka NetMon, NM3) Beta Released – Now with application network conversation tracking UI

“Network Monitor 3.2 Beta is available!

We are our proud and excited to announce the release of NM3.2 Beta, available at http://connect.microsoft.com. Please visit the Network Monitor Project on Microsoft Connect and download the Network Monitor 3.2 Beta. You can also view the FAQ from the home page for more information about the latest version.

Also remember that you can visit our blog for continued updates about using NM3 and network troubleshooting in general: http://blogs.technet.com/netmon.

What's New since Network Monitor 3.1

  • Process Tracking: View all the processes on your machine generating network traffic (process name and PID). Use the conversation tree to view frames associated with each process.

3409eb5d-c45e-4fec-aa77-4a080684340f

  • Find conversations: Quickly isolate frames in the same network conversation. Isolate TCP streams, HTTP flows etc.

290f72ad-74e5-4cc7-929e-0424a674f11e

  • PCAP capture file support*
  • Capture engine re-architecture to improve capture rate in high-speed networks. NM 3.2 drops significantly fewer frames that NM 3.1
  • Extensive parser set: Parsers for over 300 protocols! Parsers for the protocols covered by the Windows Open Protocol Specifications (see http://msdn.microsoft.com/en-us/library/cc216517.aspx).

  • NM API: Create your own applications that capture, parser and analyze network traffic!

  • Better parser management: By default only a subset of parsers are loaded. You can load the full parser set by changing the parser search order in Tools>Options>Parser
  • Support for frame truncation. Go to Tools>Options and limit the number of bytes captured per frame to improve performance.
  • More extensive documentation of the NPL which includes documentation on the new NMAPI. Access the documentation from Help > NPL and API Documentation
  • Enhanced filtering on items within NPL while loops or arrays. You can specify an index into the array or while loop to filter on
  • IA64 version now available.
  • ContainsBin Plug-in: Search frames for arbitrary byte sequences or strings. For example, ContainsBin(FrameData, ASCII, "msn").
  • More UI indications of conversation status, dropped frames and the number of frames in the capture buffer.

1e78d59a-f11b-453b-bc0b-f116688b7d0e

  • . and more. See our Release Notes in the NM3.2 installation directory for a complete list of new features and known issues with the Beta.

Enjoy!

The Network Monitor Team” [Email in full]

I think my favorite is the first item, the process tracking… There have been any number of times when I’ve wanted to see the network traffic from a specific application and this feature seems to make that easy.

Monday, July 02, 2007

NetMon 3.1 Released

Network Monitor - Network Monitor 3.1 Has Released!

"The NM3.1 is now available on http://connect.microsoft.com featuring wireless sniffing and an easier way to create filters using "Right Click Add To Filter". Here is a list of features that are new to NM3.1.

What's New in Network Monitor 3.1?

  • Wireless (802.11) capturing and monitor mode on Vista – With supported hardware, (Native WIFI), you can now trace wireless management packets. You can scan all channels or a subset of the ones your wireless NIC supports. You can also focus in on one specific channel. We now show the wireless metadata for normal wireless frames. This is really cool for t-shooting wireless problems. See signal strength and transfer speed as you walk around your house!
  • RAS tracing support on Vista – Now you can trace your RAS connections so you can see the traffic inside your VPN tunnel. Previously this was only available with XP.
  • Right click add to filter – Now there's an easier way to discover how to create filters. Right click in the frame details data element or a column field in the frame summary and select add to filter. What could be easier!
  • Microsoft Update enabled – Now you will be prompted when new updates exist. NM3.1 will occasionally check for a new version and notify you when one is available.
  • New look filter toolbar – We've changed the UI related to apply and remove filters. You can now apply a filter without having to UN-apply it first.
  • New reassembly engine – Our reassembly engine has been improved to handle a larger variety of protocol reassembly schemes.
  • New public parsers – These include ip1394, ipcp, ipv6cp, madcap, pppoE, soap, ssdp, winsrpl, as well as improvements in the previously shipped parsers.
  • Numerous Bug Fixes – We've taken your reported problems on the connect site and fixed many of the confirmed bugs.
  • Faster Parser Loading – We've significantly improved the time it takes to load the parsers. Now rebuilding takes a fraction of the time it used to.

..." [Almost entire post leached]

That about says it all...

Related Past Post XRef:
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Saturday, February 24, 2007

Network Monitor 3 Now Available on Microsoft Downloads

Microsoft Downloads - Microsoft Network Monitor 3

"...

Network Monitor 3.0 is a protocol analyzer. It allows you to capture network traffic, view and analyze it. This version is a complete overhaul of the previous Network Monitor 2.x version.

..."

NM3 (Network Monitor 3, NetMon 3, etc) is now available from Microsoft Downloads, which is can be easier to access than its connect.microsoft.com location (i.e. no Windows Live ID/sign-in required) .

Related Past Post XRef:
Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista
NetMon 3.0 RTW

Friday, December 22, 2006

Network Monitor 3 (aka NetMon 3, aka NM3) Re-released for Vista

Via an email from Paul Long;

"Hi Folks,

Microsoft Network Monitor 3.0 (hereafter referred to as "NM3") was one of the first applications that worked on released version of Windows Vista, (both 32 and 64 bit).

Weeks after release we uncovered an issue with NM3 running on Windows Vista. Specifically, we had a new driver on Windows Vista that was forced to expire after a fixed period of time for our beta builds. Inadvertently, we left this forced expiration code in our Release build. The NM3 driver on Windows Vista will stop working after April 2007.

This email is being sent to inform you that we are releasing a new version (3.0.0372.0001) of NM3 that fixes this issue.

If you are running NM3 version 3.0.0372.0000 on Windows XP or Windows Server 2003, you will NOT encounter this issue and you DO NOT need to upgrade to this release.

If you are running NM3 version 3.0.0372.0000 on Windows Vista, it is advised that you DO upgrade to this release.

We sincerely apologize for the inconvenience.

Please do keep sending your feedback and suggestions!

The Microsoft Network Monitor Team"

If you're running NM3 on Vista you'll obviously want to download this re-release from the Network Monitor 3 Connect site

Related Past Post XRef:
NetMon 3.0 RTW

Wednesday, November 22, 2006

NetMon 3.0 RTW

Network Monitor - Network Monitor 3.0 has released!!

"After many months of hard work we are proud to announce the Release to Web of Microsoft Network Monitor 3.0 (NM3). The final version is available from Microsoft Connects site (http://connect.microsoft.com). The Connects site does require you have a passport account, but this is also free.

What you get for your money

Well since it's free, I suppose you get infinite value. But in nut shell here are some of the key features of NM3.

  • A completely new user interface
  • Real time capture and display of frames
  • Simultaneous capture on multiple network adapters
  • Multiple simultaneous capture sessions
  • Network conversations and a tree view displaying frames by conversation
  • A new script-based protocol parser language, and script-based parsers
  • Support for Vista/Windows XP/Windows Server 2003
  • Support for 32bit and 64bit platforms

..."

When you go to Connect, don't let the "Network Monitor 3.0 Beta" throw you. Once you Apply to join the beta, you get access to the 3.0 RTM...

Downloaded, installed and it looks pretty darn cool... This is not your Father's NetMon...  ;)