查看Microsoft Message Analyzer中非默认端口上的协议 [英] Looking at protocols on non default ports in Microsoft Message Analyzer
问题描述
我以前一直在使用Microsoft网络监视器。我想迁移到Microsoft Message Analyzer但我无法找到如何将网络流量视为特定协议(在我的情况下,TDS,SQL Server使用的协议),除非它具有默认端口。
对于TDS,默认TCP端口是1433但是我需要能够查看来自不同TCP端口的TDS流量。
有可能做到这在网络监视器中通过编辑TCP解析器中的switch语句来添加我需要的端口以及1433,然后重建解析器。在wireshark中,它甚至更简单,因为您只需选择所需的流量并说"查看
作为TDS"。但是wireshark的TDS解析不如微软那么好,我们需要解析尽可能准确。
有人知道如何解析流量作为特定协议不在消息分析器的默认端口上?
$
非常感谢
Rob
I have previously been using Microsoft Network Monitor. I'd like to migrate to Microsoft Message Analyzer but I cannot find out how to view network traffic as a certain protocol (in my case TDS, the protocol SQL Server uses) unless it has the default port.
For TDS the default TCP port is 1433 however I need to be able to look at TDS traffic coming on different TCP ports.
It was possible to do this in Network Monitor by editing the switch statement in the TCP parser to add the ports I required along with 1433 and then rebuilding the parsers. In wireshark it's even simpler as you just select the traffic you want and say "View
as TDS" however wireshark's TDS parsing is not as good as Microsoft's and we need the parsing to be as accurate as possible.
Does anyone know how to parse traffic as particular protocols if they are not on the default port in Message Analyzer?
Many thanks
Rob
推荐答案
使用Message Analyzer和备用端口,您必须采用与网络监视器相同的解决方法。我们计划在将来更容易使用,特别是考虑到备用端口的使用增加,但是现在更改OPN(消息分析器的NPL
),你可以解析它。
With Message Analyzer and alternate Ports, you have to do much the same workaround we did with Network Monitor. We do plan to make it easier in the future, especially given the increased use of alternate ports, but for now changing the OPN (which is NPL for Message Analyzer), you can make it parse.
您可以在C中更改TDS.OPN:\ Users \YOURLOGINNAME \ AppData \ Local @\\Microsoft\MessageAnalyzer \OPNAndConfiguration \ OPNs \ Mysoftoft \ Microsoft OfficeCommon \ 。TDS.OPN 你可以找到这样定义的actor:
You can make the change to TDS.OPN in C:\Users\YOURLOGINNAME\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OPNs\Microsoft\MicrosoftCommon\TDS.OPN. You can find the actor that is defined like this:
autostart actor TDSOverTCP(ReassembledTCP.Server服务器)
autostart actor TDSOverTCP(ReassembledTCP.Server server)
这些"行为"作为寻找来自TCP的消息的端点。 您需要找到定义TDS.Port的每个位置并添加您的端口。 例如,在第一个流程规则中,您已更改:
These "act" as a the endpoint looking to match messages from TCP. You'll need to find each location where TDS.Port is defined and add your port. So for instance in the first process rule, you'd changed:
进程服务器接受s:ReassembledTCP.VirtualDataSegment
其中s.DestinationPort == Port.TDS&& ((inboundCache!= null&& inboundCache.Buffer!= null&& inboundCache.Buffer.Count> 0)|| IsTDSHeader(s.Payload))
process server accepts s:ReassembledTCP.VirtualDataSegment
where s.DestinationPort == Port.TDS && ((inboundCache != null && inboundCache.Buffer != null && inboundCache.Buffer.Count > 0) || IsTDSHeader(s.Payload))
to
进程服务器接受s:ReassembledTCP.VirtualDataSegment
where(s.DestinationPort == Port.TDS || s.DestinationPort == 5555)&&& ((inboundCache!= null&& inboundCache.Buffer!= null&& inboundCache.Buffer.Count> 0)|| IsTDSHeader(s.Payload))
process server accepts s:ReassembledTCP.VirtualDataSegment
where (s.DestinationPort == Port.TDS || s.DestinationPort == 5555) && ((inboundCache != null && inboundCache.Buffer != null && inboundCache.Buffer.Count > 0) || IsTDSHeader(s.Payload))
如果你需要更多帮助,请告诉我。 请记住,当您进行OPN更改时,我们必须重建和缓存内容。 这可能会首先降低用户界面的速度,但是在您重新缓存后通常会触摸的所有内容之后,它会再次快速。
If you need more help, please let me know. Keep in mind when you make an OPN change, we have to rebuild and cache things. This might slow down the UI at first, but after everything you normally touch as been re-cached, it will be fast again.
Paul
这篇关于查看Microsoft Message Analyzer中非默认端口上的协议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
