Over 1 million tech questions and answers.

Message Analyzer - Local and Network traffic

Q: Message Analyzer - Local and Network traffic

I want to capture both local and network traffic for connections and disconnections unrelated to http
Capture filter "(tcp.RST || tcp.SYN) && tcp.Port != 80 && tcp.Port != 443"

I found that I can do one or the other, but when I add both below, I capture neither ???
>> What is the trick to capturing both ?
Thanks

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Message Analyzer - Local and Network traffic

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 84.4

Hello,
I've used Message Analyzer in the past to decrypt HTTPS traffic after importing the certificate used by the web server and it was a tremendous improvement over Netmon & NMDecrypt.    I'm looking at a trace I took of LDAPS traffic (TCP.port==636)
and the traffic after the SSL handshake Message Analyzer is not decrypting the traffic.   

Is the decryption sub-routines in Message Analyzer only supposed to work with HTTPS traffic, or should we be expecting to see success on LDAPS traffic as well?
Thank you,
John

Read other answers
RELEVANCY SCORE 83.6

Hi,
Is is possible to monitor the DHCP server logs and traffic on a Windows 2012 R2 DHCP load balanced server using Message Analyzer?
Mike

Read other answers
RELEVANCY SCORE 83.2

I'm looking for a good network analyzer software that allows me to monitor the network. maybe have some features on discovering devices, ports, bandwidth in a certain amount of time, etc. Thanks.
 

A:network traffic analyzer

That would depend on the network topology. Any global network monitoring will have to be done with access to a common point where all the traffic converges. Addressed traffic between workstations will go directly between them via any switches and gateways in the path, so you can't do this with just a workstation.
 

Read other 1 answers
RELEVANCY SCORE 82.4

Upgraded to Windows 10 today, and Message Analyzer no longer seems to be capturing traffic (build 4.0.7540.0).

Get-NetEventSession shows that there's a session running, but nothing shows up in the Message Analyzer window.
 

Read other answers
RELEVANCY SCORE 82.4

While I open my the ETL file captured in Windows 10, the PID/VID seems to be incorrect (compared to what I read in Network Monitor 3.4 and I plugged the devices myself, I know what's the right VID/PID).
I did discover there are some error messages in the log, and I only put two examples below,
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(173,45-173,62):  undeclared 'EventTemplate_130'
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(197,50-197,67):  undeclared 'EventTemplate_130'

Could you help me to understand what I should do to overcome it?

Read other answers
RELEVANCY SCORE 81.6

Hi!
Is there a way to look inside GRE tunnel traffic captured with Wireshark in Message Analyzer? I'm troubleshooting a scenario where I need to correlate event log entries from a server with network trace captured on by another person using ERSPAN protocol.
Thanks,
Ivan

Ivan Seriavin

Read other answers
RELEVANCY SCORE 81.6

My network seems to be slowing way down. I have basic networking knowledge and moderate Server knowledge. I, however, do not have very good analyzer skills.

Just like how we have an awsome sticky on RAID, I was wondering if we could have one on analyzing tools.

Personally I am looking for something either built into Server 2003, downloadable form Microsoft, or even free or expensive software that lets me monitor my network for traffic problems.

I am getting lots of users who are connected to a database on our server, and about every 5 minutes it looses the connection. I am trying to track the problem and don't know where to start.
 

Read other answers
RELEVANCY SCORE 78.4

Dear all,
it should be possible to
"Capture firewall discard Events - This feature allows you to discover how the firewall is affecting network traffic.  New messages tell you when traffic is blocked and associated IDs point to the specific firewall rule responsible
for dropping the message."
Source
Does anybody of you know a little bit more about how Message Analyzer has to be configured to show which rule blocks (in my case Outbound) traffic?
This would be a great improvement to the pfirewall.log, where this important information is missing...
Best regards

Peter

Read other answers
RELEVANCY SCORE 72

Hi there,

when extracting an archive to the same network location on which the archive itself resides, why is it that I'm having local bandwidth usage?

As you can see, there is simultaneous ~150Mbit/s upstream/downstream on my local ethernet adapter. WHY? As far as I am concerned there should be no meaningful traffic since it's actually a copy process on the local hard disk of my server.

Ideas anyone? Your help/insight is highly appreciated!

Cheers

A:copy from/to network share - why local traffic?

The action is being processed on your local machine's CPU rather than the servers CPU since the task was initiated from your machine, the only way to reach your machine from the server is via your ethernet card.

If you were able to initiate the task on the server itself then you would not see any ethernet usage on your client machine. You wouldn't even see the application completing the task. The only change you would see is the new files on the servers share.

Hope This Helps,
Josh

Read other 3 answers
RELEVANCY SCORE 72

Hi,

I have recently moved to a wireless broadband connection. The connection is slower than my cable internet in my previous residence. So, I'm noticing some things while I work. One thing is that every time I access my local hard drive, there is network traffic and I have to wait for the network. This is while I'm connected to a VPN. The folders I'm accessing are not synchronized off-line files, either. I do have one mapped network drive.

Anyone know what would cause Windows XP to instigate network traffic when accessing a local drive and how to limit it?

Thanks,
Paul
 

A:Network traffic while accessing local drive

This is actually a situation I ran across some time back. Every local access was trying to touch a network drive, and when that drive wasn't available, it got ugly! In my case, it was a errant path in the registry that was being searched every time I opened a file locally.
 

Read other 3 answers
RELEVANCY SCORE 70.4

Dear Team,

We have two offices at 1 floor. both are connected with uplink of their switch.

We are facing latency or packet drop issue at second office. I am not sure why facing such kind of issues but it may be some packets or request redirected to the firewall. Due to this our switch traffic get jam & we are facing network congestion issue

My concern is only that request will move to the firewall which want internet access, apart from that all LAN traffic will use another gateway to local transfer or communication purpose.

For your kind information I am giving you Network Infra.

1 office :- 40 Users, 1 Firewall, Squid Proxy Server, 3 Switches
2 office :- 20 Users, 2 switches
Up-link from office 1 to Office 2
 

Read other answers
RELEVANCY SCORE 68.8

Message Analyzer seems to have no print/export as CSV/TSV. 
Log parser 2.2 doesn't seem to understand .matp formats. 2.2 seems to be the latest version.
logparser -i:netmon "SELECT * INTO test.csv from test.matp
says "not recognized as a valid NetMon capture file"

Are there other tools? I'm surprised this is not a common request. 

Message Analyzer can export as .cap files, but these particular traces either export badly or the traffic is something that wireshark doesn't handle. MessageAnalyzer shows it as fairly standard TCP traffic, albeit to/from IPV4-loopback, which is the correct
"NIC".

Read other answers
RELEVANCY SCORE 68.4

My application does not have any network-like implementation except FlexNet Publisher for licensing. I expect it should connect only to license server.

When I use Microsoft Network Monitor then it shows only connections from/to my application and license server.

When I use Microsoft Message Analyzer then it shows enormous additional traffic for my application which I cannot explain. For example many events' source and destination do not match my local machine (BRWS/DNS/UDP modules), so it seems that my application
is kind of proxy (?) for them. Can anyone give some hints how to interpret Message Analyzer data, please?

Read other answers
RELEVANCY SCORE 66

Hi guys,

I hope you guys could provide me with a few sites on

Traffic Generator Functions or Performance Analyzer

these are for networking, layer 1 and layer 2 switches
I cant seem to find any, so i hope you guys could help me out
thanks
 

Read other answers
RELEVANCY SCORE 66

Hi everyone!!!

I've been tasked with running message analyzer to determine if data is encrypted from an endpoint. We are using MBAM and want to ensure that any data sent to MBAM application server is encrypted. Now, we know it is via https, but, we still need to verify this
(for audit purposes).

Can anyone provide some insight as to how I could use microsoft message anaylzer (or perhaps something better) ?

We are planning to run a capture for 24 hours. We also want to ensure data is encrypted from app server to sql server. 



Thanks all! 

Read other answers
RELEVANCY SCORE 66

To whom it may concern,
 
I have been directed to Google's "unusual Traffic from your computer network" webpage on several occasions.  I have ran Malwarebytes and Avast! at times and it has yet to report anything suspicious.  I know this won't help when I say this but I've had other weird symptoms as well but can't remember what they were.  I do know that there is a file in a folder on my computer that is locked and I can't delete and I know I didn't put it there (file/folder name is lengthy numbers and letters).  I'm sorry I can't offer more descriptions, my brain isn't what it used to be.  But I look forward to your help!  Thank you in advance for your time!!
 
Sincerely,
 
Jen

A:Google "Unusual traffic from your computer network" message

Hello,
I will be helping you with your problems. Please be patient while I assist you.
Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us
Please do NOT run, install or uninstall any programs,  unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate... Read more

Read other 12 answers
RELEVANCY SCORE 66

I keep getting this alert despite the amount of resources that I add to my Gateway.  
Our DC and Gateway are running virtually in VMware.  Distributed Virtual Switches are not an option so I have to resort to configuring Promiscuous Port Group.  
I configured a Promiscuous Port Group on the same Virtual Switch that the DC (and the rest of our servers) is connected , and assigned it the same VLAN ID as the DC. 
ATA is capturing and reporting traffic but I continually receive an alert for some network traffic is not being analyzed.  I have thrown double the resources at our Gateway's
than what the sizing tool identified, and still receive this alert.  At this point I have 24GB of RAM and 10 Cores allocated to my Gateway which is only capturing reporting on 1 DC.  At this point I am about ready to scrap ATA because of how resource
intense it is.  
Any ideas or suggestions?  Does it sound like I have the Promiscuous Port Group configured correctly, or is it possible that I am capturing ALL traffic for the VLAN assigned?  

Read other answers
RELEVANCY SCORE 64.8

Is there a good network traffic/broadband monitor that actually keeps track of ALL (really ALL) traffic in a network?
I have used quite a few (eg, Ethereal, ntop, network probe) but all of them kinda keep track of only traffic that is coming in and out of the PC they are run from.

I need one that really tracks every single transaction that goes on in the network, including PCs talking to PCs, PCs talking to servers, servers talking to PCs, PCs talking to printers, etc.

Would help a great deal if they are FREE too!

Anyone know of any good ones?
 

A:Network traffic/bandwidth monitor that tracks GLOBAL network traffic

Hi.

You may find something here...

http://www.freewarehome.com/Internet/Networking/Network_Monitoring_t.html
 

Read other 2 answers
RELEVANCY SCORE 60.4

any body got any good ideas about a good in house message system? Looking for something that can be installed on all computers that will notify that a new post was posted. I need to spread information thru out my network like, when a computer is ready for a customer, or the status of one, or sending a message to a certain computer on my network of what needs to be done to a system. Open source would be great.

Read other answers
RELEVANCY SCORE 57.6

Hello,

I did some searching on this topic and saw the answer was to turn off default gateway. I work at home and am connected to my home network and VPN into my work network so outlook will work. If I look at my VPN Status, it says IPv4 connectivity - no internet access- and IPv6 connectivity no network access.

From what I was able to find this is how I want it set up so that my general internet browsing it not going over my VPN. Can you confirm that's what IPv4 no internet access means?

My home network says IPv4 connectivity - internet -
 

Read other answers
RELEVANCY SCORE 57.6

I get the error message :Some of the controls on this property sheet are disabled becuase one or more other network property sheets are already open.

What exactly does this mean and what should I do about it?
 

A:strange error message when i click on local network connections (WinXP)

Start by rebooting.
 

Read other 1 answers
RELEVANCY SCORE 57.2

Could any one tell how i would make an ethernet adaptor in vista capable of only local traffic and not internet traffic.

Read other answers
RELEVANCY SCORE 56.4

Okay first here's a little bit on my hardware setup:

Router: Belkin F5D8235-4 v2000 Latest Firmware

My laptop: Acer 5739g with the latest windows 7 and the latest drivers installed as well.

Roommates laptop: Same as mine but with windows vista(she never got the free upgrade lol)

Desktop: Custom built with the latest windows vista and the latest drivers installed as well.

All computers have wireless! Laptops have N and the desktop has G.

Now for my problem. At random after I attempt any sort of local network traffic (such as copying files across the network), my wireless for all the computers crashes without warning. This happened when I still had vista on my laptop too, however it did not happen with the old router that got fried. I have tried a couple of things to see if I could resolve the issue such as upgrading to the latest firmware and playing around with the settings(different radio channels etc). No matter what settings I use it seems to crash. I assigned static IP's for all the computers hoping it might fix the problem but I had no luck with that either.

Here's my wireless router settings:
http://img96.imageshack.us/img96/7654/wirelesssettings1.png
http://img139.imageshack.us/img139/5143/wirelesssettings2.png

I have no problems with the internet and I can download large files without any problems this seems to be a local issue only, and it seems to happen more often when moving large amounts of data.
I'm pretty stumped about this one and... Read more

A:Wireless crashes with local traffic

Read other 12 answers
RELEVANCY SCORE 56

After Windows 10 1803 update, the loopback capture scenario does not show network events.
Repro steps :

I run Message Analyzer as an adminNew SessionLive TraceSelect ScenarioLocal Loopback network
Navigate with my browser to any self hosted web site at 127.0.0.1, any port.
try ping 127.0.0.1 or localhost
The analysis grid only shows Windows_Kernel_Trace modules.
I tried uninstall, install Message Analyzer again, update Assets (they are all in sync).
Any help is appreciated

Read other answers
RELEVANCY SCORE 56

Hi

On one computer I am running one ISP and on the other computer I am using a different ISP.

Each Computer has its own PPPOE dial up connection. My router is set up in bridge mode (Telkom Mega 100WR2)

Is there a way of making my router split the international and local bandwidth of my one ISP account so that when I go onto a local site it doesn't use my international bandwidth?

Or is the only solution buying two different accounts - one international and one local?

Please let me know ASAP

Thanks

A:Splitting International and Local traffic using one account with one ISP

Think of it from the router's point of view. Every packet that it comes across must be "routed" to either a specific gateway, or its default gateway if none of the other routes match.

There's really nothing at the IP address layer that directly distinguishes "national" from "international" addresses, but you could for example deduce that IPs in the (making this up completely) 144.123.X.Y and 144.124.A.B ranges are definitely "national" so they should be forwarded to a specific (national) gateway instead of being sent to the router's default gateway to process.

The precise mechanism for adding routes will depend on your router. There may be a console interface, or you might need to connect via its HTTP administration page and find the "manage routes" section. That's the easy part.

The hard part will be establishing exactly what IP ranges are considered "national" in your area, and whether the blocks are sufficiently contiguous to allow you to add all of them individually, or whether you'd have to use supernetting. Unless you've done that type of work before you'd probably want some direct assistance from a networking technician.

Read other 1 answers
RELEVANCY SCORE 56

Please provide removal assistance
 

A:svchost.exe does suspicious internet and local traffic

I've saw that hiting F12 on Chrome on different sites, on different times, sometimes, I get this js script added, although on different PCs aren't there:
<script src="http://93.113.37.2/stats/793Dv"></script>
<script src="http://s3.amazonaws.com/jscache/caa21cd32b826e98dc.js"></script>
 

Read other 0 answers
RELEVANCY SCORE 55.2

Hey all im new here and im mainly looking for an answer or maybe some assitance for setting somthing up what would take all new or existing IPs and route/direct or forward there first viewed page to a specific web page. This is an open network with new useres comming and going all the time
thanks for the help ladys and gents

cheers
 

A:redirect local traffic to a certain URL apon opening browser

Read other 9 answers
RELEVANCY SCORE 54.8

Hi,

I am having a problem on a clients home computers where if I use the option on the VPN to force local traffic to bypass the VPN, after XX Hours Outlook/Exchange stops working and requires a reconnect of the VPN.
When I have the Option in IPv4 to disable bypassing local traffic the above problem is gone and all works fine.. connections last for days+

This happened when a recent change of both the server and client having Telstra BIGPOND Internet. I have previously used Other ISP and Tested the issues with home connections and all works fine eg(Telstra Bigpond to TPG). This is a telstra bigpond to telstra
bigpond connection and thats the issue!
Server is using Telstra Bigpond ADSL
Client is using Telstra Bigpond Cable Coax Internet
So I would like to learn what is required to use the Route function.
I need help on how to create a few routes which would bypass all websites (Ipaddress in the www) and leave out the server's IP address (The remote server's Ipaddress I dont want to bypass the VPN)  I would like to leave the server ip out for security
reasons. If a Private Message can be done? or an explanation?

I understand and read that I can use mask to allow me to route a range of IP Addresses but got very confused on how the numbering worked.
http://superuser.com/questions/121998/windows-7-how-can-i-add-an-ip-range-in-the-route-command
this is where I seen how to range IP route
If there is another way Please let me know. Like I said earlier. I c... Read more

Read other answers
RELEVANCY SCORE 54.8

Message analyzer 1.4
Hello,
Just discovered the tool and used to identify Web application bottleneck performance.
But I need some helps.
During analysis, I have found out a possible issue related to DNS (several seconds).
The problem is that I can not understand if the DNS is related to the application or other source.

Is a way to add the source (not the host name) but the application?
Thanks

Read other answers
RELEVANCY SCORE 54

Hi everybody,
I need to investigate somes logs for find an issue on Outlook calendar
So i followed this topic to activate the "debug mode" of Outlook :
https://support.office.com/en-ie/article/What-is-the-Enable-logging-troubleshooting-option-0fdc446d-d1d4-42c7-bd73-74ffd4034af5
Now, i got a file : OLKCalLog_2017_01_02_08_39_07.etl
I opened it on Message Analyzer for make some easy checks :
- Calendar item actions (creation, modification, or deletion)
How can i use the filter for find the keyword i created on the calendar (or the event ID for list all calendar items créations ??).
Example here, i made a calendar item called "Hello Technet".
The result :

PS : I just discovered that the ETL file is filled at the Outlook closing.
thanks for your help

Read other answers
RELEVANCY SCORE 54

Hi everyone!

Why is not possible in Message Analyzer to parse the ICMPv6 traffic inside the IP-HTTPS tunnel (at least up to my current knowledge) and only shows the ESP traffic when the scenario "Network Tunnel Traffic and Unencrypted IPSEC" is chosen.
I also tried to  capture on a specific interface, but the IP-HTTPS interface was not listed among the available interfaces.

For additional information, the environment of the DirectAccess i deployed on Hyper-V Windows server 2012 R2 which means that my DA clients are VM's on the Hyper-V.

I would be so appreciated if someone gives me a feedback on this :) 

Thanks,

Ali

Read other answers
RELEVANCY SCORE 54

Hello.
I need to capture parse and save SIP/RTP traffic according sessions.
I'm trying to find way to capture this through Microsoft Message Analyzer but could not find any useful docs or samples.
All I found, only documentation about Open Protocol Notation, but this part about creating parsers for new protocols, not about catching traffic.
As I understand MMA based on Protocol Engineering Framework, but I also could not find any APIs to this
https://technet.microsoft.com/ru-ru/library/jj714800.aspx
I need some API to 
1. Configure catching network traffic with "Microsoft-Windows-NDIS-PacketCapture Provider"
2. Possible parse SIP packets with MMA
3. Receive flow of SIP (possible parsed already) and RTP traffic into my app.

Read other answers
RELEVANCY SCORE 54

Has Message Analyzer been abandoned by Microsoft?  It seems that Paul doesn't hang around here anymore, spam is starting to get posted, there haven't been any blog updates since 2016, and the Connect site doesn't appear to have been migrated to Collaborate. 
It's a really useful tool, but there are some serious performance problems with it still.

Read other answers
RELEVANCY SCORE 54

Hello,
- Does anyone know if MS has any plan to expose Message Analyzer C++ API? If yes, when will it be roughly?

- It seems NM 3.4 is in "archived" mode now, i.e. no new updates. However, if there is a vulnerability/serious bug, will MS fix/patch it?

- To develop a network monitoring tool, is there an alternative to NM 3.4 (with C++ API support), which is robust and have long-term development cycle? I am not entirely sure if Windows Filtering Platform (WFP) is the right one?

Thanks,

Victor

Read other answers
RELEVANCY SCORE 53.6

I've only recently started playing with Message Analyzer and found that an update was published on 3/10/2016. Are there any release notes or a basic list of bug fixes/improvements for the latest update?

Read other answers
RELEVANCY SCORE 53.6

Hello.  I am attempting to use Message Analyzer to troubleshoot a USB device.  I know the device's VID and PID.  I've also installed Message Analyzer on multiple PCs.  One some PCs I can see traffic from the device (I can see the VID
and PID appear) but on others I can't.  Any thoughts on why Message Analyzer can see my USB device on some PCs but not others?  I am using up-to-date chipset and USB drivers, so that shouldn't be the problem.  All PCs are Win 7 Pro SP1 64-bit. 
Thanks!

Read other answers
RELEVANCY SCORE 53.6

First time installation. 
When attempting to launch on Windows 7 get the error: 
Problem signature:
  Problem Event Name: APPCRASH
  Application Name: MessageAnalyzer.exe
  Application Version: 4.0.7948.0
  Application Timestamp: 56f0e7af
  Fault Module Name: USER32.dll
  Fault Module Version: 6.1.7601.19061
  Fault Module Timestamp: 56423d2a
  Exception Code: c0000005
  Exception Offset: 0000000000010800
  OS Version: 6.1.7601.2.1.0.256.4
  Locale ID: 1033
  Additional Information 1: 5838
  Additional Information 2: 583871ada3fbdcca9a3132ef9217b6ab
  Additional Information 3: 9c9d
  Additional Information 4: 9c9d036872bdb375cb2c4c6a9d6f29a2

Any ideas or what more information is needed?
System is Windows 7 Enterprise SP1 x64 - 8GB RAM. Dual Monitor. Intel Core i5.
.NET 4.6.1 installed
VisualStudio Community 2013 with Update 4
WireShark
Many other apps and things, but that should be mostly all that is really relevant, I think.
Thanks!
 

Read other answers
RELEVANCY SCORE 53.6

Howdy - any suggestions on how to "bulk" anonymize a Message Analyzer *.matp capture before we share it with a 3rd party?  Regards, Christopher

Read other answers
RELEVANCY SCORE 53.6

Hi,
Does anyone know how to capture traffic using p-mode via powershell? Can someone give me an example?
Here is the code I was working with, but it seems that Add-PefProviderConfig does not have a property to enable P-mode on the interface.
$TargetHost = New-PefTargetHost -ComputerName "DESKTOP-8T37P4E"
$TraceConfig = $TargetHost | Add-PefProviderConfig -Provider "Microsoft-Windows-NDIS-PacketCapture"
$TraceConfig.Configurations[0].Interfaces[7].Enabled=1
$TraceSession = New-PefTraceSession -Name "Test" -Force -Path "C:\Traces\Trace.matu" -SaveOnStop | Add-PefMessageSource -Source $TargetHost
Start-PefTraceSession $TraceSession

Thanks!
Andre

Read other answers
RELEVANCY SCORE 53.6

Hello,
i try to build my own OPN parser. I just made a little test in order to check if everything working before moving forward. So i wrote this one below:

protocol LAMSEL with
BinaryEncodingDefaults{Endian = Endian.Big},
Documentation
{
ProtocolName = "",
ShortName = "LAMSEL",
Description = ""
},
OPNAuthoring
{
Copyright = "",
};

using Standard;
using Utility;
using UDP;
using IANA;

endpoint Server over UDP.Host issues LAMSELMessage accepts LAMSELMessage;
client endpoint Client connected to Server;

autostart actor LAMSELOverUDP(UDP.Host host)
{
process host accepts d:UDP.Datagram where ((d.Payload.Count > 0) && (d.DestinationPort == 1024))
{
dispatch endpoint LAMSEL.Server over host accepts ("TEST" as LAMSELMessage);
}
}

// Header
message LAMSELMessage
{
string MyString;
override string ToString()
{
return "TEST";
}
}
ttps://blogs.technet.microsoft.com/messageanalyzer/2016/05/13/how-to-plug-into-message-analyzer-parsers/
i try to plug this one as described in the link (i use the "Loopback and Unencrypted IPSEC" session because, i use a local software to send UDP packet localy on port 1024). The "LAMSEL.opn" file has been put here "C:\Program Files\Microsoft
Message Analyzer\OPNAndConfiguration\OPNForEtw\CoreNetworking"
I can see the UDP packet within the gridview "
MessageNumber Diagnosi... Read more

Read other answers
RELEVANCY SCORE 53.6

Hello,
I'm trying to upload a certificate to the message analyzer and receiving invalid password error. I know the password is correct as I can install the certificate using MMC with same password. I notice that every time I try to upload the certificate in Message
Analyzer, I receive this error in Windows Security Log (below). This certificate has multiple SAN entries as it's for a load balanced environment. I've been able to successfully load certificates that do not have SAN entries.
Any pointers on what might be causing this issue and how to resolve it?
Message Analyzer Error: Password for MyCert.pfx is Incorrect.
Corresponding Windows Security Log Entry:
Cryptographic operation.

Subject:
Security ID:
DOM\MyId
Account Name:
MyId
Account Domain:
DOM
Logon ID:
0x56fad

Cryptographic Parameters:
Provider Name:
Microsoft Software Key Storage Provider
Algorithm Name:
RSA
Key Name:
le-WebServerAlternateName-{some GUID}
Key Type:
Machine key.

Cryptographic Operation:
Operation:
Create Key.
Return Code:
0x80090010

SANs in Certificate:
DNS Name=DOMAPSV1
DNS Name=DOMAPSV1.dom.ag.loc
DNS Name=DOMAPSV2
DNS Name=DOMAPSV2.dom.ag.loc
DNS Name=DOMAPSV3
DNS Name=DOMAPSV3.dom.ag.loc
DNS Name=DOMAPSV4
DNS Name=DOMAPSV4.dom.ag.loc
DNS Name=DOMAPSV5
DNS Name=DOMAPSV5.dom.ag.loc
DNS Name=DOMAPSV6
DNS Name=DOMAPSV6.dom.ag.loc

Read other answers
RELEVANCY SCORE 52.8

Hi Everyone,
I've been attempting to capture traffic by invoking this tool via PowerShell but for whatever reason it is not generating .matu output file. Can someone please let me know what am I doing wrong?
$TraceSessionA = New-PefTraceSession -Mode Linear

#Establish Triggers
$Trigger01 = New-PefTimeSpanTrigger -TimeSpan (New-TimeSpan -Seconds 60)
$Trigger02 = New-PefDateTimeTrigger -DateTime "1/12/2018 9:35 AM"
$Trigger03 = New-PefDateTimeTrigger -DateTime "1/12/2018 9:40 AM"

<#Windows 2012 or earlier
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-PEF-NDIS-PacketCapture"
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-L2NACP"
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-Wired-AutoConfig"
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-EapHost"
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-OneX"
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-NDIS"
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-SMBClient"
#>

#Windows 2012 R2 or later
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-NDIS-PacketCapture"
Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-L2NACP"
Add-PefMessageSource -PEFSession $TraceSessi... Read more

Read other answers
RELEVANCY SCORE 52.8

I couldn't get MA to Sync over our corporate proxy (which requires authentication). If you know how to get this working let me know.
Thanks,
-Wes

A:Message Analyzer updates over an authenticated proxy

Yes, we did some more research and found there is a difference in how it tries to authenticate.  If your proxy requires authentication for a proxy request, then this exposes the issue.  We have a bug filed and we will look for a solution.
Paul

Read other 5 answers
RELEVANCY SCORE 52.8

Hello everyone, 
I am new here, and trying to download message analyzer for the first time.  When I go to the link https://www.microsoft.com/en-us/download/details.aspx?id=44226
and click on the big red DOWNLOAD button, this pops up:
"Choose the download you want"
So then I try to choose, but I can't.  The file names aren't "active" and I cannot choose any of them.  
Anyone have any ideas?
Thank you very much for any help

Read other answers
RELEVANCY SCORE 52.8

My OS is windows10, Message Analyzer version is 1.3.1. Blueooth dongle is CSR bluetooth4.0 USB dongle.
I want to know:
1. Does Message Analyzer support bluetooth ? Can I use it to capture bluetooth package ? If yes, how to configure it ?
2. Dose Message Analyzer can parse bluetooth package, such as parse HCI cmd, HCI reply, L2cap request and L2cap reply and so on ?

Read other answers