If you’re someone who troubleshoots enterprise IT systems regularly to root out any problems, then you must know that there comes a point where you have to really dig down deep to find out what’s causing the problem. However, you don’t go into battle without a worthy weapon (just like Cade Yeager has in “Transformers 5” – that is a serious weapon!), and in this case, you will find plenty of tools on the Internet that help you with the process.
But not all of them have the same level of effectiveness, and there’s also the issue of having to deal with an unbelievable number of logs. Thus, there are times when you find your valuable screen real estate being taken up by one window after the other, each of them carrying different troubleshooting tools.
In this sort of a situation, screen real estate is the least of your problems. You’ve got to waste time just switching back and forth, attempting to correlate a packet in a particular troubleshooting tool with a certain event log entry while using a log file as reference. Sounds confusing, doesn’t it? That’s because it is.
Most of the time you find yourself wishing for a single window where you could view and manage all of these diverse sources of information. And that is exactly where Microsoft Message Analyzer comes to your aid.
The best part of this tool is its sheer simplicity; no longer do you have to be an experienced troubleshooter to deftly juggle the numerous functions. Think of Microsoft Message Analyzer as your one-stop shop for all the network troubleshooting needs. (Microsoft has also been continually improving the product. For an in-depth look at what’s new in Version 1.4, go here.
Let’s take a look at some of the features of this wondrous tool right here: (You can also check out this operating guide from Microsoft.)
More than just your average network monitor replacement
Microsoft had earlier brought out a Network Monitor tool for the purpose of packet captures. Though the company promised a lot of functionality and features, the actual tool turned out to be a bit of mess. Then other tools came in quick succession, but none of them was able to truly live up to the expectations of the users. Until now.
Troubleshooters were quick to dismiss Microsoft Message Analyzer when it was first announced back in 2012. This was partly Microsoft’s fault, as the company labeled it a Microsoft Network Monitor successor, and people had already moved on to other tools by then.
But no one could anticipate just how efficient and performance-driven this tool was. Not only could it capture traffic and read those captures in various formats, but it could also analyze the information gathered from a large number of other sources. Some of these sources included Windows event logs, Azure, SQL, PowerShell, and *.log files.
An amazing interface
As the name implies, the “message” forms the basis of data. This “message” takes on different formats, ranging from a captured frame or packet to an event found on Event Viewer. You are able to merge or “stack” these messages into conversations and sessions.
The module column
This is a notable addition as it enables you to view the whole communication hierarchy. You can easily check out all the messages for the conversations and sessions without any hassle, thanks to the handy filters which allow you to arrange the whole stack in order, the data for each field, and the message details.
If there is a conversation going on between two hosts, you can easily tell what’s what pertaining to the color-coded system. For example, the color blue denotes a two-way conversation.
The level of detail this tool provides is astounding. You can follow the sub message stacks all the way down to their binary data.
Remote capture capabilities
Microsoft has ensured that the Message Analyzer stays relevant and powerful with time. That’s why beginning with Windows 8.1/2012, the tool’s capture driver is integrated with the Windows operating system. What this signifies is effective WinRM configuration – the kind you are able to capture using a remote machine. That’s not all! You are now able to capture from more than one machine at the same time.
When you’re beginning a new live trace, you have the option of editing the target systems and entering either the IP or the name of the computer you actually want to capture from.
There’s another method you can use to capture. This involves capturing at the Windows Firewall level prior to the local IPsec encryption, or even at the actual application level before it gets encrypted by HTTPS.
Decryption made quick and simple
If you’ve been troubleshooting long enough, you understand just how much weight encryption holds in the modern world. Almost everything remains encrypted nowadays. However, this also makes tasks harder, as you’re essentially trying to see what someone does not want to show.
However, Microsoft Message Analyzer has a simple workaround to this problem. Simply click on the “Tools” tab, and then go to “Options.” Now it is impossible for you to import a server-side SSL certificate, and then decrypt the entirety of the data with minimal effort, which is the opposite of what it took for Rocky Balboa to take down Ivan Drago in “Rocky IV,” since that took maximum effort.
More intelligence to better handle different scenarios
If you thought Microsoft Message Analyzer’s capabilities ended with catching HTTP and IPsec traffic, you were wrong – that was only the beginning. This tool allows you to perform captures or traces that you can use to troubleshoot SMB directly, along with Bluetooth and USB.
At the time of setting up the trace, make sure you pick only the required trace scenario out of multiple options. That’s all you need to do! Moreover, this tool is capable of intelligent operations, checking the messages for anomalies, errors, or warnings with the utmost care.
You are able to choose between the views that provide information as per your demand. In fact, there are a couple of views that enable you to look at the timing of the packets, the associated responses, along with the kernel module as well as the process name.
Alternate viewing options
While the Microsoft Message Analyzer is a judicious way to troubleshoot with numerous data sources, thanks to its “one pane of glass” view, that is not the only option you have at your disposal. You have the freedom to open data sources in individual analysis grids as per your convenience. You can even place them side by side kind of like in “Jay Leno’s Garage” and all those cars he has side by side!
Final thoughts
Network troubleshooting has always been tricky owing to the different components involved and the trouble the user has to cope with just to switch panes. However, not only does the Microsoft Message Analyzer allow you to network troubleshoot at the professional level, it adds to your repertoire of IT tricks that can be used in a plenitude of different aspects in your career and life.
Photo credit: Microsoft
