none
create a point-to-point capture RRS feed

  • Question

  • I am new to this tool, in netmon you were able to create a IP-to-ip (point to point) capture, IS there a way to do this in message analyzer? I have read the TechNet articles on this and it does not show me what I need to know. If I can create a IP-to-ip capture what do I do? How do I create it?

    in case there is any misunderstandings this is the scenario, I have a workstation that has severe latency when accessing a server, no one can provide any clues and our WAN team says everything is perfect on the network. I need to install this tool on the workstation and initialize traffic to the server and capture those packets. I do not need any other traffic.

    Sunday, November 8, 2015 9:06 PM

Answers

  • If you don't have a lot of traffic, and not concerned with performance, you can add a session filter.  If you need the filtering to be more performant, you can configure the capture component filtering.  Both of these are accomplished by using New Session->Live Trace.  If you've already created a session, you can use the Edit Session button to get to the same place.  But you'll have to stop the capture first.

    Once there, you have the option to add a session filter, which filters data before it's saved.  This filtering has the same syntax as a normal filter, so something like IPv4.Address == 192.168.1.10 can be used to filtering traffic from a specific source.  Or if you want to see non IP traffic you could also do Ethernet.Address == AA-BB-CC-EE-11-22, as an example.  Of course you could capture everything first, and the filter afterwards instead, which is often better because once you filter it out using a selection filter, you can never get it back.  And if you open the Grouping view (New Viewer->Grouping), you can even just click on conversations you want to view, and that will filter the session automatically.

    If you need a higher performance filter, perhaps because you can't keep up with the traffic you are capturing, you can configure the capture component.  Again, this is done form the New/Edit Session dialog.  If you are creating a New Session, you need to add the provider first.  You can populate this manually, looking for a provider called "Microsoft-Windows-NDIS-PacketCapture", or just select the Local Network Interfaces scenario, which will populate the providers.  Once this is done, there's is a configure link which you can select.  This leads to another dialog which has two tabs, select the one called Provider.   You'll see a top section with adapters you can select, and a bottom section where you can set filters on various things, include the IP address.

    For more information, the help is fairly complete.  Help->Guidance gets you to the top level topic, but the specific topic for configuration a live session is here.

    Hope this helps,

    Paul

    • Proposed as answer by Paul E Long Wednesday, November 11, 2015 2:44 PM
    • Marked as answer by Jedi_Administrator Wednesday, November 11, 2015 5:43 PM
    Wednesday, November 11, 2015 2:43 PM

All replies

  • You can certainly run Message Analyzer as administrator on the workstation, then select the Start button from the start page, and you should be able to capture the traffic between the client and server.  You can also remote capture form the server as well, but I don't think that's what you want based on the data you want to capture.

    As a first step for analysis, you can sort on the Time Elapsed column (click twice), and see what the longest transactions are.

    Paul

    Tuesday, November 10, 2015 8:29 PM
  • In netmon if you click filters and go to IP you can enter the IP of the server and that would be the point to point... I need to know how to do the same in message analyzer.
    Tuesday, November 10, 2015 8:31 PM
  • If you don't have a lot of traffic, and not concerned with performance, you can add a session filter.  If you need the filtering to be more performant, you can configure the capture component filtering.  Both of these are accomplished by using New Session->Live Trace.  If you've already created a session, you can use the Edit Session button to get to the same place.  But you'll have to stop the capture first.

    Once there, you have the option to add a session filter, which filters data before it's saved.  This filtering has the same syntax as a normal filter, so something like IPv4.Address == 192.168.1.10 can be used to filtering traffic from a specific source.  Or if you want to see non IP traffic you could also do Ethernet.Address == AA-BB-CC-EE-11-22, as an example.  Of course you could capture everything first, and the filter afterwards instead, which is often better because once you filter it out using a selection filter, you can never get it back.  And if you open the Grouping view (New Viewer->Grouping), you can even just click on conversations you want to view, and that will filter the session automatically.

    If you need a higher performance filter, perhaps because you can't keep up with the traffic you are capturing, you can configure the capture component.  Again, this is done form the New/Edit Session dialog.  If you are creating a New Session, you need to add the provider first.  You can populate this manually, looking for a provider called "Microsoft-Windows-NDIS-PacketCapture", or just select the Local Network Interfaces scenario, which will populate the providers.  Once this is done, there's is a configure link which you can select.  This leads to another dialog which has two tabs, select the one called Provider.   You'll see a top section with adapters you can select, and a bottom section where you can set filters on various things, include the IP address.

    For more information, the help is fairly complete.  Help->Guidance gets you to the top level topic, but the specific topic for configuration a live session is here.

    Hope this helps,

    Paul

    • Proposed as answer by Paul E Long Wednesday, November 11, 2015 2:44 PM
    • Marked as answer by Jedi_Administrator Wednesday, November 11, 2015 5:43 PM
    Wednesday, November 11, 2015 2:43 PM