Microsoft Message Analyzer Operating Guide

https://technet.microsoft.com/en-us/library/jj649776.aspx

https://blogs.technet.microsoft.com/networking/

https://blogs.technet.microsoft.com/messageanalyzer/2012/09/17/meet-the-successor-to-microsoft-network-monitor/

https://blogs.technet.microsoft.com/messageanalyzer/

https://blogs.technet.microsoft.com/netmon/2007/01/26/part-2-tcp-performance-expert-and-general-trouble-shooting/

https://blogs.technet.microsoft.com/netmon/2006/10/17/intro-to-filtering-with-network-monitor-3-0/

https://blogs.technet.microsoft.com/netmon/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes/

https://blogs.technet.microsoft.com/netmon/2010/02/24/measuring-response-times/

https://blogs.technet.microsoft.com/netmon/2010/12/21/filtering-on-timestamps/

https://blogs.technet.microsoft.com/netmon/2010/12/01/new-videos-for-advanced-filtering-and-3-4-ui-features/

Network Monitor TCP Filtering

Data Fields:

Field

Description

Example
TCP.Port Filters on the Source or Destination port.  Used to find traffic based on port which is often associated with an application. TCP.Port==80
TCP.Flags.Reset Can be used to test and see if the reset flag is set. TCP.Flags.Reset==1
TCP.Window Window Size of the current TCP frame, but ignoring the scale factor. See Property.TCPWindowSize below. TCP.Window == 0

Properties:

Property Description Example
TCPRetransmit A property that is set when a TCP retransmit is found.  Retransmits are often an indication of a network infrastructure problem and network congestion. Property.TCPRetransmit == 1
TCPPayloadLength Represents the TCP Payload Size. TCPPayloadLength == 0
TCPCheckSumStatus This is a string that represents if the check sum is valid or not.  This could be "Good" or "Bad". TCPCheckSumStatus != "Good"
TCPDescription A property to show the TCP Description for the current frame as opposed to the top most protocol description.  This is useful as a frame summary column.  You can also use it to search for specific retransmitted frames by searching for the text in the TCP summary, as the example shows. TCPDescription.Contains("#472")
TCPAckNumber The current frame's Acknowledgement Number TCPAckNumber==1234
TCPSeqNumber The current frame's Sequence Number TCPSeqNumber==1234
TCPSeqeunceRange The TCP Sequence range, as a string, which is the current seq number to the current seq plus the length of the TCP payload. TCPSequenceRange.Contains("1234")
TCPShortAckNumber A WORD representation of the Ack number to make it easy to compare and remember. TCPShortAckNumber==1000
TCPShortSeqNumber A WORD representation of the Seq number to make it easy to compare and remember. TCPShortSeqNumber==1000
TCPFlags A string representation of the various TCP flags for the frame: CWR, ECE, Urgent, Ack, Push, Reset, Syn, Fin. TCPFlags.Contains("R")
TCPWindowSize The Window Size for the current frame including the scaling factor if the 3 way handshake is available in the same trace. TCPWindowSize==0

Return to the List of Top Level Protocols

netmon,messageanalyzer的更多相关文章

  1. WinPcap权威指南(一)

    WinPcap是一个开源的网络抓包模块,顾名思义,它只能工作在Windows下,但本文介绍的知识并不局限于任何操作系统和开发语言,因为网络协议本身是没有这些区别的.阅读本指南之前,请先下载WinPca ...

  2. 深入详解美团点评CAT跨语言服务监控(四)服务端消息分发

    这边首先介绍下大众点评CAT消息分发大概的架构如下: 图4 消息分发架构图 分析管理器的初始化 我们在第一章讲到服务器将接收到的消息交给解码器(MessageDecoder)去做解码最后交给具体的消费 ...

  3. Pyhton开源框架(加强版)

    info:Djangourl:https://www.oschina.net/p/djangodetail: Django 是 Python 编程语言驱动的一个开源模型-视图-控制器(MVC)风格的 ...

  4. MPlayer

    名称   mplayer − 电影播放器 mencoder − 电影编解码器 概要   mplayer [选项] [文件|URL|播放列表|−] mplayer [选项] 文件1 [指定选项] [文件 ...

  5. python 爬取腾讯微博并生成词云

    本文以延参法师的腾讯微博为例进行爬取并分析 ,话不多说 直接附上源代码.其中有比较详细的注释. 需要用到的包有 BeautifulSoup WordCloud jieba # coding:utf-8 ...

  6. 面经 cisco

    1. 优先级反转问题及解决方法 (1)什么是优先级反转 简单从字面上来说,就是低优先级的任务先于高优先级的任务执行了,优先级搞反了.那在什么情况下会生这种情况呢? 假设三个任务准备执行,A,B,C,优 ...

  7. linux驱动(续)

    网络通信 --> IO多路复用之select.poll.epoll详解 IO多路复用之select.poll.epoll详解      目前支持I/O多路复用的系统调用有 select,psel ...

  8. HttpServletRequest对象(一)

    javaweb学习总结(十)——HttpServletRequest对象(一) 一.HttpServletRequest介绍 HttpServletRequest对象代表客户端的请求,当客户端通过HT ...

  9. Microsoft Message Analyzer (微软消息分析器,“网络抓包工具 - Network Monitor”的替代品)官方正式版现已发布

    来自官方日志的喜悦 被誉为全新开始的消息分析器时代,由MMA为您开启,博客原文写的很激动,大家可以点击这里浏览:http://blogs.technet.com/b/messageanalyzer/a ...

随机推荐

  1. Delphi 使用之连接数据库

    DELPHI 中的数据库开发有很多种类的,可以连接Access数据库.MS SQL Server 数据库.Oracle 数据库.MySQL数据库等等,一般连接有两种方式:BDE和ADO两种方式, 都是 ...

  2. MFC编程入门之十七(对话框:文件对话框)

    上一讲介绍的是消息对话框,本节讲解文件对话框.文件对话框也是很常用的一类对话框. 文件对话框的分类 文件对话框分为打开文件对话框和保存文件对话框,相信大家在Windows系统中经常见到这两种文件对话框 ...

  3. Java 序列化 反序列化 历史版本处理

    直接引用  http://www.cnblogs.com/xdp-gacl/p/3777987.html

  4. C++成员变量内存对齐问题,ndk下非对齐的内存访问导致BUS_ADRALN

    同样的代码,在vs下运行正常,在android ndk下却崩溃: signal 7(SIGBUS),code 1 (BUS_ADRALN),fault addr 0xe6b82793 Func(sho ...

  5. web字体详解@font-face

    一:字体的下载(http://www.dafont.com/new.php) 二:选择需要的字体并下载( Download ) 三:下载后并解压 四:获取@font-face所需要字体的格式.eot, ...

  6. linux性能测试命令-----top

    Top命令显示了实际CPU使用情况,默认情况下,它显示了服务器上占用CPU的任务信息,并且每5秒钟刷新一次.它会显示CPU使用量.内存使用量.交换内存.缓存大小.缓冲区大小.流程PID.用户.命令等. ...

  7. postgres 查询数据库所有表名

    select relname as TABLE_NAME ,col_description(c.oid, 0) as COMMENTS from pg_class cwhere relkind = ' ...

  8. BZOJ2095 [Poi2010]Bridges

    首先二分答案...然后这张图变成了有一些有向边,有一些无向边 然后就是混合图欧拉回路的判断 我们知道如果是有向图,它存在欧拉回路的等价条件是所有点的出度等于入度 对于混合图...先不管有向边,把无向边 ...

  9. visual studio 远程服务器返回了意外响应:(417)expectation failed

    解决方法: 修改devenv.exe.config文件,添加 <servicePointManager expect100Continue="false" /> C:\ ...

  10. iOS开发UI篇—推荐两个好用的Xcode插件(提供下载链接)

    iOS开发UI篇—推荐两个好用的Xcode插件(提供下载链接) 这里推荐两款好用的Xcode插件,并提供下载链接. 一.插件和使用如下: 1.两款插件 对项目中图片提供自动提示功能的插件:KSImag ...