Regardless of the above minor drawbacks, using the core packet capture and analysis functions, I was able to successfully use MMA to troubleshoot the application issues that ended up introducing me to MMA.Many of us know Wireshark as a free and powerful protocol analyzer, allowing us to capture and analyze traffic when we need to and where we need to. Although Wireshark also has had stability issues, which have improved dramatically over the last few years, MMA has proven to be very unstable with my testing on Windows Server 2012 and Windows 7 where it crashed frequently.(On the other hand, pcap format is almost universally supported across many different packet capture and analysis tools, and across many different OSes too!) MMA’s mtap file format is not cross-compatible with Wireshark’s pcap or pcapng file formats.VoIP analysis, TCP/UDP stream following, Flow Graph, etc.) Since it’s still a relatively new product (2014), it doesn’t have 90%+ of the advanced protocol specific features that Wireshark has (e.g.Allows you to drill down into a packet within the main list of packets, and see details of multiple packets at a time (see screenshot below).Supports filters in the same manner as Wireshark.Has similar look-and-feel to Wireshark – so learning curve for existing Wireshark users is minimal.
Allows unencrypted HTTPS and IPSec capture (for HTTPS and IPSec traffic originating from local host).Allows capture on a per-process and per-application basis.May be able to install it in environments where Microsoft products are trusted more over third party products – especially products with ‘shark’ in the name! 🙂.Allows capture on multiple remote Windows systems (that have MMA installed, and of course appropriate access/authorization) – THIS IS MMA’s MOST USEFUL FEATURE!.WMA however can be really handy in certain scenarios. Of course, Wireshark is the king of protocol analysis – it’s certainly not getting dethroned. It turns out, WMA is very similar in form factor to Wireshark, with a lot less protocol specific features, but, a few unique features that make it a very compelling tool to keep in your back pocket. We decided to look at alternatives – and came across Microsoft’s own Windows Message Analyzer! (WMA). Despite my insistence, I wasn’t able to convince the administrator to install Wireshark. Being a good systems admin, the application owner was naturally suspicious of an application with ‘shark’ in it’s name. Have you ever heard of Microsoft Message Analyzer? While troubleshooting some networking issues with Windows Server 2012, I requested the application owner to install Wireshark.
0 kommentar(er)
