by Mai-Ing Cheng
This exciting feature allows you to choose the data columns that you want to display in the Analysis Grid viewer; a feature that was not available in Netmon. You can greatly enhance your data analysis perspectives by having access to a greater superset of data that is now available to you. The Message Analyzer Analysis Grid viewer has a default View Layout with 7 columns that provide a starting point for data analysis, however, the default layout offers a limited cross section of the more robust data sets that are available to you through use of the Column Chooser. With Column Chooser, you have the capability to specify additional columns that display the data of other fields, properties, and various entities associated with a particular protocol or module that you might need to examine. After you configure a useful column layout, you can save it as the default Column/View Layout or you can save it as an item in your local View Layout Library, from where you can manage it, which includes editing, deleting, and retrieving it, or sharing your custom View Layout with others. As a Library item that is accessible from the View Layout drop-down menu in the View Options group on the Ribbon of the Home tab, you can apply your new View Layout for data analysis at any time by simply selecting it.
There are several ways to add columns, which includes the use of the Column Chooser tool window and right-click context menus. However, this article shows you a simple and fast way to customize your column configuration by using right-click menu items to create an “HTTP Analysis Layout”. First, you will use the Web Proxy provider to capture HTTP traffic from Bing, and then you will configure several HTTP data columns to contain additional HTTP message data. Then, you will save your Column/View Layout so that you can retrieve it later.
1. Start Message Analyzer and then click Web Proxy under Quick Trace to start an HTTP trace.
2. While Message Analyzer is running, launch your web browser and navigate to the Bing web site.
3. At a suitable point, click the Stop button in the Message Analyzer Session group to stop the trace.
1. Click the first message row in the Analysis Grid viewer, which should contain an HTTP operation.
2. Locate the Details tool window in your Analysis Session.
3. Right click the Method field in the Details tool window and then click Add ‘Method’ As Summary Column in the context menu that displays.
A Method column displays in the Analysis Grid viewer and contains the name of HTTP operations for captured messages.
4. Using the method specified in step 3, add StatusCode and ContentType fields to your column layout from the Details tool window. Note that you can repeat step 3 to add as many columns as you want to the Analysis Grid viewer..
Also note that the StatusCode column contains important field values that are issued by a web server to indicate the status of an HTTP request; and that ContentType specifies the type of content that exists in the HTTP message payload.
5. Scroll to the right to display the ‘Method’, ‘StatusCode’, and ‘ContentType’ columns on the right hand side of grid.
6. Right click the Source column and select Remove to delete it from the Column Layout.
7. Drag and drop the Method column title to locate it to the left of the Summary column. Repeat this action for the ContentType and StatusCode columns. Dragging and dropping a column title allows you to re-arrange your Column Layout.
8. Click the Timestamp column title to sort HTTP traffic ascending by ‘Timestamp’. ‘Timestamp’ is the time when an HTTP Message is captured.
1. Use the following steps to save, load, or delete a Column Layout: Right-click any column header, select Save Column Layout As … in the context menu, enter “HTTP Analysis Layout ” as Name, and then click Save. The Save Column Layout As … command also saves other display configurations, for example, Grouping and sorting. For more information about the Grouping feature, see Pivoting On Trace Data Using Grouping, written by Paul Long.
2. To load the “HTTP Analysis Layout ” column layout, click the View Layout drop-down in the View Options group on the Ribbon of the Home tab, and then select “HTTP Analysis Layout ” in the My Column Layouts category to apply this View Layout whenever you want to use it.
3. To delete the “HTTP Analysis Layout” item from the My Column Layouts category of the View Layout Library, click the View Layout drop-down, right click “HTTP Analysis Layout”, and then select Delete to remove it.
You can also add more columns to the Analysis Grid viewer column layout by clicking Choose Columns in the View Options group on the Ribbon of the Home tab to display the Choose Columns tool window. This tool window displays the hierarchies for all the protocols and modules that Message Analyzer parses, in a tree format with expandable nodes. You can expand these nodes and navigate the message hierarchies to locate the fields, properties, flags, methods, annotations, and so on, for which you want to display data in Analysis Grid viewer columns. If you know the field name or even a partial field name, you can enter it in the search text box. Message Analyzer will then find all fields and other entities that contain the search phrase that you specified.
You can easily do the following:
Create and save as many Column Layouts as you need. For example, you might configure and save an SMB analysis layout. At this point, you should feel free to experiment with the Column Chooser tool window or use the context menu method to create and save additional Column Layouts as needed.
See the following topics in the Message Analyzer Operating Guide:
Is it possible to see current value of column directly in 'Column chooser'?
Would be much more easier to select right columns if I see current value for currently selected packet.
Now I have to add column, check if value is interesting and then remove column.
You can add the value directly from details, which does show you the values for the currently selected message, by right clicking and adding as Column. Do you think this solves your issue?