Adobe Photoshop CC. VirtualDJ Avast Free Security. WhatsApp Messenger. Talking Tom Cat. Clash of Clans. Subway Surfers. TubeMate 3. Google Play. Navient student loan settlement. GameStop in-store PS5 restock. N95, KN95, KF94 masks. Windows Windows. Most Popular. Let us help you reduce the time and effort you spend dealing with spam.
Your Message Sniffer subscription comes with free support to help get Message Sniffer installed on your system. For complete instructions on how the Installer works, please see the Windows Installer Guide found in the Documentation section of the site.
Overview The Message Sniffer software is designed to be installed on an email server or filtering appliance. Learn More about what Message Sniffer is and how it works. The Installer Alters the following files: Identity. Proper quoting is key. The Installer performs the following command line actions: Executes a download of the rulebase and creates first. Performs authentication test with snf2check against the rulebase.
Also, session viewer nodes in Session Explorer and session viewer tabs are assigned a different color code to distinguish the data of different sessions. In addition, if any assets have been applied to a session, such as a view Filter or Viewpoint , a funnel icon displays to the right of the session viewer node in Session Explorer. The effects of assets that you apply to any data viewer are limited in scope to the data viewer where you apply the asset.
This means that no other data viewer will be affected by this action, whether the viewer is in the same session or a different session. You should note that the Filtering toolbar, from where you apply assets such as view Filters , Time Filters , and Viewpoints , is displayed above every data viewer that contains trace results. This is the case for Chart viewer Layouts as well. This enables you to apply different assets to different data viewers without the effects extending outside a particular viewer where an asset is applied.
Note that the Grouping viewer has a separate instance of the same Filtering toolbar and any assets that you apply to the Grouping viewer affects the Grouping viewer display only. Some Message Analyzer data viewers are interactive , in that data selection in one viewer drives the display of data in another viewer or Tool Window.
For example, in a Chart viewer Layout , you can double-click a bar element in the Bar visualizer component or a module node in the Timeline visualizer component that represents the messages of a particular protocol that were captured in a trace, and display only those messages in a new Analysis Grid viewer tab for data assessment purposes. You might do this, to isolate a group of messages where further investigation is required.
Similarly, you can select a message in the Analysis Grid viewer and drive the display of the network stack in the Message Stack window.
Other types of interactions that occur when performing actions such as message, field, or session selection, include the following. Message Analyzer enables you to customize the working environment in which you manipulate data and perform analysis. Message Analyzer does this by providing several built-in Window Layouts that organize the Analysis Grid viewer along with different Tool Windows into preset configurations that enable you to customize your working environment for the type of troubleshooting and analysis you perform.
The window layouts are accessible from the Window Layout drop-down list on the global Message Analyzer toolbar. When you shut down Message Analyzer, the window configuration that you last displayed is registered in a configuration file so that the window configuration persists through subsequent Message Analyzer startups. The Window Layout presets that you can select range from simple to increasingly more complex selections, given that they are intended to accommodate a cross-section of typical Message Analyzer users.
However, you can organize your data windows any way you want. By default, Message Analyzer uses the Analysis Grid viewer in all the built-in Window Layouts ; however, after you display one of the presets, you can select a different viewer of choice if you wish. You can also add other Tool Windows to any of the built-in Windows Layouts , as needed, although you cannot modify the configuration of the built-in Window Layouts.
Rather, any Tool Windows that you add to a displayed Window Layout are registered in the previously mentioned configuration file to persist the configuration across Message Analyzer restarts. Message Analyzer now provides the Profiles feature, which enables you to use built-in or custom-specified data viewer and Layout presets that activate whenever you load data from specific types of input files.
Prior to the introduction of this feature, you had to manually select viewer Layouts in which to display your data, whenever you wanted to analyze data from different types of input files that you load into Message Analyzer. Although, it is likely that you had to engage in a trial-and-error process to discover the best Layout with the right context for the type of data you are analyzing.
Even then, earlier versions of Message Analyzer had a minimal selection of Layouts from which to choose, but this is remediated in Message Analyzer v1. Because Message Analyzer viewing components can expose data in different ways, you can obtain different analysis contexts for the data with different viewer Layouts , although if you are a new user, you may not always know which viewer Layout will maximize your data analysis capabilities in a given instance.
The default Layout for the Analysis Grid viewer contains a baseline set of data columns that is suitable for many environments, as described in the Default View Layout topic. However, this is only a starting point, as there are many different Layouts that you can select from the Layout drop-down list on the Analysis Grid viewer toolbar.
Similarly, you can select numerous Layouts for the Grouping and Chart viewers. Displaying Predefined Analysis Environments with Built-in Profiles Some of the Layouts that Message Analyzer provides for the previously indicated data viewers are designed to work with each other to create an integrated and interactive analysis environment that exposes key information.
You can select these manually if you know which ones are designed for integrated analysis, or to automate the process, you can simply select one of many built-in Message Analyzer Profiles that each define different Layout configurations for the Analysis Grid , Chart , and Grouping viewers, depending on the type of input data to be analyzed. The analysis environments created by the built-in Profiles are predefined by Microsoft to expose the data that is typically the most important for problem solving and to expose it in a way that provides multiple perspectives on the data, from low-level details and calculated statistics to high level overviews and other data summaries.
The built-in Profiles along with usage overviews and analysis examples are described in Working With Message Analyzer Profiles. Message Analyzer Profiles are contained in an updatable package that is known as the Message Analyzer Profiles asset collection. You can set this asset collection for automatic updates in the Asset Manager dialog, which is accessible from the global Message Analyzer Tools menu. You can use these Profiles as is, or you can create your own Profiles with the use of the Add Profile feature.
If you want to see the internal configuration of viewer Layouts for any of the built-in Profiles , select the Profile of interest and then click the Edit Profile button on the Advanced Profiles toolbar. Note that the built-in Profiles are ReadOnly and cannot be edited, although you can edit any Profile that you custom design. You can access the Options dialog from the global Message Analyzer Tools menu. The figure that follows shows what this viewing configuration looks like after data from a.
You will need to manually open the Chart viewer Layout for the Profile by selecting the Default item in the Chart drop-down list in the New Viewer drop-down list on the global Message Analyzer toolbar. Whenever the data of an input file related to an enabled Profile is loaded into Message Analyzer, selecting the Default item references the Chart viewer Layout configured in the Profile and causes it to be displayed.
Because the Grouping viewer is in Selection Mode , as described in Grouping Viewer Modes of Operation , Group selection causes the messages that correspond to the conversation to be interactively highlighted in the Analysis Grid viewer — of which the preceding figure shows only three due to display constraints.
By identifying these messages, you can then analyze them in further detail with the use of the Message Stack , Details , and Message Data Tool Windows. In Conclusion The built-in Message Analyzer Profiles are important tools for data correlation, analysis, and problem solving. They enable you to display integrated analysis environments that expose key data fields, calculated statistics or other low-level details, and data summaries that help you to achieve the data perspectives you need to quickly discover areas where issues are occurring.
To learn more about using the Asset Manager dialog, see the Asset Manager topic. To learn more about Message Analyzer data viewers that you can work with during data analysis, including numerous Layouts for the Chart viewer, see the Data Viewers topic.
Message Analyzer provides numerous filtering capabilities to enhance data retrieval, capture, and assessment processes. Filtering is critical for focusing on specific messages and enhancing performance. For example, if you were unable to filter message data in a Live Trace Session, you might need to examine potentially tens of thousands of messages to isolate a specific problem. What most Message Analyzer users need to observe is usually related to a specific protocol, error message, conversation, or process.
By providing the ability to filter while retrieving, capturing, or viewing data, Message Analyzer provides a convenient way to reduce the scope of the data that you are working with and more effectively pinpoint your issues. When capturing data or loading data into Message Analyzer through a Live Trace Session or a Data Retrieval Session, as shown in the figures of the earlier sections: Configuring a Live Trace Session and Retrieve Message Data , you can use the Session Filter feature to isolate specific data that you want to work with.
You can select a built-in Session Filter from the Message Analyzer Filters asset collection Library drop-down list that appears on the Session Filter toolbar of the New Session dialog, or you can create a custom Filter of your own design. After specifying a Session Filter and clicking the Start button for a configured Live Trace Session or Data Retrieval Session, the filtering action is automatically applied in the background as messages are filtered and delivered to the default data viewer, for example, the Analysis Grid viewer.
A Session Filter works in the same way most filters work, by passing data that matches the filtering criteria and dropping any data that does not. However, you should carefully note that you can never recapture the data that you filter out with a Session Filter in a Live Trace Session, whereas with a Data Retrieval Session, you can always click the Edit Session button on the global Message Analyzer toolbar to return to session configuration, where you can remove or recast your filtering criteria and then reload the data from the originally specified saved files.
A Session Filter is shown in the figure that follows. For instance, when configuring a Session Filter , you could specify a Filter Expression that isolates messages to a specific network address, port, or protocol, or that contains a particular field value or other text. For a Live Trace Session, the effects of a Session Filter are applied at the time of data capture, therefore, your trace results will already reflect application of the filtering.
For a Data Retrieval Session, the effects of a Session Filter are applied at the time of data loading, therefore, the loaded data will already reflect application of the filtering.
By contrast, the effects of a view Filter are applied to a set of trace results or loaded data results and are temporary, as you can alternately remove or apply the Filter repeatedly as required, or even modify it, during data analysis.
Thereafter, an IPv4 Gradient Right Color Rule with dark green highlights was applied to the Live Trace Session results to quickly expose messages that are using the IPv4 protocol, for analysis purposes. You also have the option to use many other types of filters in a Live Trace Session, depending on the Trace Scenario and operating system you are running, as follows:. You can display this dialog by clicking the Configure link to the right of any provider listing on the Live Trace tab of the New Session dialog.
The filters that are available for the Microsoft-Windows-NDIS-PacketCapture provider in these scenarios consist of advanced driver-level filters that include the following:. Otherwise, you could return all switch traffic rather than the traffic of a selected VM, given that a Hyper-V-Switch driver cannot distinguish between VMs. Time Filter — you can utilize a Time Filter to configure a window of time in which to view the results of a Message Analyzer session.
This is particularly useful if you can approximate a time frame in which you suspect a particular issue occurred that you need to detect. It is also useful in situations where you are working with data from multiple input files in different time zones to which you have applied a Time Shift and you want to view all the data that exists in a particular time slot, for which you can create a Time Filter window.
Applying a Time Filter to Captured Data The major advantage of using a Time Filter against a set of trace results is that you can remove it, modify the time window, reapply it, and repeat this process as many times as needed. You can display the Time Filter configuration controls for session results by selecting Add Time Filter from the Add Filter drop-down list on the Filtering toolbar that appears above all session data viewers.
The Time Filter configuration panel contains the time slider controls and window definition readouts, along with the Apply and Remove buttons that enable you to alternately apply a Time Filter or remove its effects as required. Applying a Time Filter to Loaded Data You can also utilize a Time Filter to configure a window of time in which to view static data that you load into Message Analyzer from selected input files.
Note in this case that the Time Filter configuration is applied as you load the data, rather than after you load the data. To apply a Time Filter to data that you are loading, you must create the Time Filter window during Data Retrieval Session configuration in the New Session dialog, where the Time Filter controls are located below the input Files list in the dialog. Note that you have the option to modify the original Time Filter configuration in the Edit Session dialog for the Data Retrieval Session by clicking Edit Session on the global Message Analyzer toolbar.
When the adjustments are complete, click the Apply button in the New Session dialog to apply the Time Filter changes to the data set. Also note that if you did not apply a Time Filter to the data loading process in a Data Retrieval Session, you still have the option to utilize the Time Filter feature from the Add Filter drop-down list on the Filtering toolbar. From this location, you can use simple button clicks to alternately Apply and Remove the filtering effects as required.
Message Analyzer provides you with the versatility to apply a Time Filter to the results of a Live Trace Session, the results of a Data Retrieval Session, or to the data loading process. In the latter case, you can achieve performance enhancements due to the effects of a Time Filter on reducing the input message volume that is loaded into Message Analyzer.
But this can have an effect on usability when the filtered-out messages have a bearing on the analysis in which you are engaged. When this is the case and you want to recover messages that the input Time Filter dropped, you will need to edit the session as described earlier, to create a different Time Filter configuration; this also has an impact on usability. Therefore, you might want to further consider the tradeoffs between performance and usability, especially when loading data from very large files.
More Information To learn more about the impacts on performance and usability with the Time Filter feature, see Considering Performance vs. Usability Factors for Time Filter Application. After you capture or retrieve your message data in a Live Trace Session or Data Retrieval Session, respectively, you have a baseline set of trace results to work with. However, it is very likely that to analyze the data, you will want to manipulate it with various Message Analyzer tools to isolate specific messages of interest that can expose issues you are trying to detect.
One of the most common ways to do this, is to use a view Filter to filter for data that is relevant to the problem you are trying to solve while filtering out data that isn't. This enables you to create a set of messages that is focused on the data you need to examine, without the encumbrance of scrutinizing potentially hundreds if not thousands of messages that are irrelevant to the issue at hand. When you apply a view Filter , the original data set is always preserved and re-displays after you remove it.
Note that the effects of a view Filter apply to the in-focus data viewer only and do not impact other viewers, even in the same session. You can display the configuration controls for a view Filter by selecting Add Filter from the Add Filter drop-down list on the Filtering toolbar that appears above all session data viewers. The controls that display in the Filter configuration panel enable you to specify a built-in or custom Filter , and then apply and remove it as required, as described in Applying and Managing Filters.
The built-in view Filters are contained in a centralized Library that is exposed in the following locations. Filter configuration panel that appears when you select Add Filter in the Add Filter drop-down list on the Filtering toolbar above any session data viewer.
Filter configuration panel that appears when you select Add Filter in the Add Filter drop-down list on the Filtering toolbar above the Grouping viewer toolbar.
Note that a Viewpoint must be already applied to a set of trace results for this list item to be available for selection. Helps you to further refine your analytical focus on specific messages. Find Message panel that is accessible from the Analysis Grid viewer toolbar. Note that typical configuration of a Color Rule includes specifying a Filter Expression from the centralized Library. Note that this action automatically creates the Filter Expression in the Filter configuration panel, but does not apply it.
As a result, you must manually apply such a Filter by clicking the Apply button in the Filter configuration panel. This feature enables you to automatically code a column value into a valid Filter Expression, which you can quickly apply to a set of trace results. To specify a view Filter , Session Filter , Find Message filter, Color Rule filter, or Viewpoint Filter for a set of trace results, you will need to either select a built-in Filter Expression from the centralized Library in the above specified locations, or manually create one as described in Writing Filter Expressions.
You will then need to click the Apply button or Find command in the case of Find Message filters for the Filter configuration to take effect. The centralized Library contains the built-in Filter Expressions that are provided by the Message Analyzer Filters asset collection in every Message Analyzer installation, for which you can use the following for the indicated purpose:.
Asset Manager dialog — to manage downloads and auto-sync updates for the Message Analyzer Filters asset collection or other collections. Asset Manager is accessible from the global Message Analyzer Tools menu. Manage Filters dialog — to export and import asset collection items to and from others, respectively, for mutual sharing. The Manage Filters dialog is accessible from every user Library drop-down list.
To learn more about auto-syncing, downloading, and managing the Message Analyzer Filters asset collection with the Asset Manager dialog, see the Sharing Infrastructure and Managing Asset Collection Downloads and Updates topics. This Operating Guide devotes a significant amount of coverage to the subject, to help you understand and use the Filtering Language, as described in the "More Information" section that follows.
Filter IntelliSense is an interactive and intelligent statement completion service that responds to the text that you enter in any Filter Expression text box, by providing a display of choices in response to the characters you type.
When you create your own custom Filters you must save them to the centralized Filter Expression Library that is exposed in the locations described earlier, that is, if you want such Filters for future use and for sharing with others.
However, before you save a Filter that you created, Message Analyzer performs a simple verification check to ensure that you have a valid expression, although checks on field names are less restrictive in Message Analyzer v1. Note that when you create and save a custom Filter , it is located to the My Items category in the Filter Expression Library. Use this map to quickly navigate to the topics that show you how to get started with Message Analyzer, how to use its basic and more advanced features, and to understand the underlying frameworks on which it is built.
At a high level, the map breaks out into the three content spaces that are specified in the following table, within which you will find quick links that point to topics of interest in these spaces:. In this Operating Guide, Message Analyzer guidance is presented in the form of usage tasks. Each task provides some conceptual background with respect to the functions and features you will be working with, discusses how to use the associated UI features, and also includes example procedures to help you walk through various Message Analyzer usage contexts.
To proceed directly to the usage tasks presented in this Operating Guide, click a task link below such as Capturing Message Data :. If you want to proceed directly to usage procedures that demonstrate Message Analyzer features in the context of the usage tasks contained in this Operating Guide, click a link below:.
Procedures: Quick Start — display saved data with the Open feature; start a Live Trace Session; display data quickly from your favorite Trace Scenarios by using the Favorite Scenarios feature on the Message Analyzer File menu or Start Page ; load saved data through a Data Retrieval Session; and deploy various viewers, which includes Layouts for the Chart viewer, to display your data. Procedures: Using the Data Retrieval Features — browse for data and create a message collection to load into Message Analyzer; apply a Session Filter to loaded input data to isolate specific messages that you want to work with; display saved trace data in different viewers; use the Recent Files feature to display saved trace data to resume previous work; load data from multiple sources and save it as a single message collection; and apply a Time Filter to data being loaded into Message Analyzer.
Procedures: Using the Data Viewing Features — learn how to apply gradient-style Color Rules or a built-in view Layout ; execute Group commands to group data and streamline message analysis; use the graphic visualizer components of the Protocol Dashboard to analyze top-level summary data such as top bandwidth consumption and message activity within a specified time window; analyze data with the interactive features of the Protocol Dashboard and Analysis Grid viewers; apply Quick Filters and Viewpoints ; configure friendly Aliases for field values; create Unions of two or more message fields; and drive the display of various message details through Analysis Grid viewer and Tool Window interactions.
Procedures: Using the Data Filtering Features — create and apply filters to the data loading process, live captures, and trace results data to address and solve commonly encountered, real-world issues; create Color Rules to serve as an alert when certain message types, states, or values are present in a displayed message set, for example, TCP diagnostic information and SMB error status.
Procedures: Using the Asset Management Features — perform procedures that demonstrate how to manage user Library items and share them with others, or download and update Library item collections from the default Message Analyzer subscriber feed.
If you want to expand your knowledge of the technologies upon which Message Analyzer is built, click the links below:. Technology Tutorials — get an overview of Message Analyzer functions and technology concepts, and learn about the PEF architecture and ETW framework components that support them:.
Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.
0コメント