Message Analyzer is the successor of Network Monitor but does much more than a network sniffer or packet tracing tool.
Key capabilities include:
- Integrated “live” event and message capture at various system levels and endpoints
- Parsing and validation of protocol messages and sequences
- Automatic parsing of event messages described by ETW manifests
- Summarized grid display – top level is “operations”, (requests matched with responses)
- User controlled “on the fly” grouping by message attributes
- Ability to browse for logs of different types (.cap, .etl, .txt) and import them together
- Automatic re-assembly and ability to render payloads
- Ability to import text logs, parsing them into key element/value pairs
- Support for “Trace Scenarios” (one or more message providers, filters, and views)
Microsoft has released a beta and is working to a drive towards a mid-2013 RTM.
There is also a new blog here: http://blogs.technet.com/messageanalyzer.
(To capture at the NDIS and Firewall layers without running as admin, you must log off and back on after installation to pick up the necessary credentials. )
Sign up for the beta: https://connect.microsoft.com/site216