Using Microsoft Message Analyzer for Network Troubleshooting
Protocol analyzers like Wireshark are very powerful tools network analysts use for a variety of reasons, including application baselining, identifying the root cause of application or network performance problems, documenting and mitigating cyberattacks, and device configuration tuning.
In this video, I show you how to use a protocol analyzer that you may not be familiar with: Microsoft Message Analyzer. This free analyzer is a good complementary tool to have in your toolbox. It can do some things that Wireshark can't.
Making a protocol analyzer effective relies on capturing and analyzing packets, but capturing packets isn’t as obvious as you would think. Factors such as SPAN vs TAP vs inline will impact what packets you can capture and timing accuracy. Moreover, analyzing the data is an art in itself; it takes a combination of theory, street smarts, and experience. One of the main features of a protocol analyzer like Wireshark is the ability to decode specific protocols and provide analysis if anomalies are detected.
However, all analysts will eventually run into a common scenario where they need to identify which application or process transmitted the packets in a trace. In some cases, it will be obvious -- for example, HTTP packets with a Mozilla User-Agent request header probably come from a web browser.
In other scenarios, you might have encrypted packets transmitted to an unknown IP address using TCP port number 3433. If you are still near the host, and within a timely fashion, you can try command line utilities like netstat –b to determine which application was used.
The tricky part is what do you if you need to figure this out at a later date, or when you are back at your desk with no access to that system. This is where Microsoft Message Analyzer helps. It captures more than just packets and can identify which process was involved with which packets. This feature helps in a variety of scenarios, from identifying malicious code to tuning application performance.
In the video, I show you how to add the process name as a column in Microsoft Message Analyzer to streamline your work.
Recommended For You
Most successful IBN deployments focus on the network verification process. Not only is it safe, it also can easily integrate into existing networks and workflows.
Continuous monitoring and baselining of net performance monitoring metrics can reveal problems before users do and prevent complaints on performance degradation.
It's time to move past some common misconceptions and fears about SD-WAN. Here are three common myths you can ignore.
As the routing protocol that runs the Internet, BGP is a key piece of the puzzle that helps you understand how your customers get to you.
From a network planning and design perspective, manually created diagrams drawn by a human architect will continue to be the go-to method for years to come.