Microsoft Message Analyzer has been released to the public (in beta) and is available for download at the following link:
A 24MB download, Microsoft Message Analyzer is much more than a network sniffer or packet tracing tool.
Key capabilities include:
- Integrated “live” event and message capture at various system levels and endpoints
- Parsing and validation of protocol messages and sequences
- Automatic parsing of event messages described by ETW manifests
- Higher-level display of operations->messages->packets
- User controlled “on the fly” grouping by message attributes
- Ability to browse for logs of different types (.cap, etl, txt) and import them together
- Automatic re-assembly and ability to render payloads
- Ability to import text logs, parsing them into key element/value pairs
- Support for “Trace Scenarios” (one or more message providers, filters, and views)
Microsoft is providing this beta release to give you an opportunity to give feedback. There are “Report Issue” and “Community” buttons built into the ribbon for direct feedback.
Microsoft Message Analyzer also has now has it’s own blog : http://blogs.technet.com/messageanalyzer.
NOTE: To capture at the NDIS and Firewall layers without running as admin, you must log off and back on after installation to pick up the necessary credentials.