New great (free) tool : Microsoft Message Analyzer

131121-ether2R.I.P Microsoft Network Monitor, welcome Microsoft Message Analyzer !

As I was investigating all my issues, I tried to see if there was another tool to sniff low-level packets and interactions with the system. Wireshark is a good sniffer, but being multiplatform and portable limits its capabilities to network.

I discovered that Microsoft had a new free product replacing their old (but still good) Network Monitor 3.4. It’s called Microsoft Message Analyzer, can be downloaded here, and seems to be quite interesting according to the dedicated TechNet blog and forums.

I didn’t have the time to test it fully, but I’ve read that it is able to handle a lot of new parsers, is able to do automatic tracing using PowerShell, and much more.

Amongst the cool features : SSL decryption. About this, the setup popup adds a privacy warning : « Microsoft Message Analyzer can expose the encrypted personal information of all users in an unencrypted format. This information can be viewed or saved in an unencrypted format » :

I guess Windows Power users and/or network troubleshooters should let it give a try…

I still use Wireshark, as I’m used to it and know it works on nearly every platform I have to run it on, but I’ll also have a try, since it also log application and event viewer logs, as I may have understood. More than 900 parsers are included…

 

As seen in the screenshot below, it has many capabilities, such as reconstructing images from packets flowing on the network. And that’s 10% of the whole thing !

131121-messageAnalyzer640

I’ve taken those images from this blog, where you’ll find much more detailed screen captures of this useful tool.

Have fun

No Comments »

Bruno Kerouanton on novembre 21st 2013 in IT, IT Security

Trackback URI | Comments RSS

Laisser un commentaire