page contents

About the Post

Author Information

HOW TO: Using MessageAnalyzer to export files to Wireshark

Sometimes you may get a file (usually from an open source system, such as Linux) that has network data. If you try to use notepad to open it in Windows, you will see that it is in binary. The text will be unreadable and you may also think that this file provides no value. (As seen below)


 

These files may seem like they are corrupted, have no data in them or appears that your desktop is missing a program to open them. That is not the case and this article will assist you with capturing that data and will walk you through the process on how to use that file to assist networking professionals with being able to read this data. You will need to download MessageAnalyzer (successor to Microsoft Network Monitor) and install it. Then you can use this program to open those files.

Process to Open the File

In order to open this file, right click on it and select Open with


In Windows 8, it will bring up this dialog to associate the file to an installed program. Scroll to the bottom of this list and Look for another app on this PC:


It will open a Windows explorer that will allow you to browse to the file location (C:\Program Files\Microsoft Message Analyzer):


Now click on the executable MessageAnalyzer.exe:

The first time you open this file, it will ask you to update:


Now the file will be open:


Then save the file using the Save As option (so we can put it in a format that Wireshark can open)


Click on Export:


Now you are will allowed to save it as a .cap file:


Here it is as a .cap file:


Now to associate this file to open with WireShark, follow the steps from before, right click on it and select Open with


It will open a Windows explorer that will allow you to browse to the file location (C:\Program Files\Wireshark) and click on the executable Wireshark.exe:

Here it is opened in Wireshark:


Tomorrow, I will show you how to take this information to the next level by using netsh to perform a packet capture without installing software and then using MessageAnalyzer to help export the file to wireshark.

Tags: , , , , , ,

Trackbacks/Pingbacks

  1. HOW TO: Gather a packet capture without installing WireShark - SQL Server - SQL Server - Toad World - November 12, 2013

    […] yesterday’s article, I talked about using MessageAnalyzer (successor to Microsoft Network Monitor) to open network […]

Copy Protected by Chetan's WP-Copyprotect.