Created Issue: NLB fix value for RemoveIPv6Count [12845]

March 3, 2013, 3:04 pm

≫ Next: Created Issue: Fix some parsing issues (strict parser) [12846]

≪ Previous: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (二月 23, 2013)

Hi, when testing my NLP parser I hit a error in Windows/nlb.npl ('.' before RemoveIPv6Count)

Funny thing that also in the same line, I found (probably) copy & paste bug, could you please review?

Attaching patch against https://nmparsers.svn.codeplex.com/svn/Develop_Branch/NPL
(not tested with Microsoft Network Monitor).

↧

Created Issue: Fix some parsing issues (strict parser) [12846]

March 3, 2013, 3:12 pm

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: Created Issue: NLB fix value for RemoveIPv6Count [12845]

Hi, I have been recently testing my NPL parser against NPL files found in https://nmparsers.svn.codeplex.com/svn/Develop_Branch/NPL, and I found some issues.

It's generally issues like: missing semicolon after field, or missing () around switch value, or not needed semicolon after switch declaration.

I know it's issue with my parser, and I should relax my grammar (btw. is there official NPL grammar published?), but I'd be happy if this patch gets accepted.

This patch was NOT tested with Windows Network Monitor.

Attaching patch against https://nmparsers.svn.codeplex.com/svn/Develop_Branch/NPL

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 15, 2013, 11:28 am

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: Created Issue: Fix some parsing issues (strict parser) [12846]

Hey Everyone,

I love using Microsoft NetMon, but I was wondering why it doesn't support Cisco proprietary protocols such as SCCP, MGCP, and EIGRP (Although EIGRP recently became Open Standard). I would love to see those added to the support of this program, but I'm not much of a coder :(.

Thanks!

John

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 18, 2013, 6:34 am

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

If you mean proprietary, there is no public documentation, then that would be a problem. And for Network Monitor, it's at the end of it's life as we are moving on to Message Analyzer (http://blogs.technet.com/MessageAnalyzer).

But I you know of detailed RFC or specification, we could put it on our list for Message Analyzer. Also perhaps you could add some justification here so we understand why it might be a priority for you. It would be nice to understand how you troubleshoot with these protocols and in what scenarios they are important for you.

Thanks,

Paul

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 18, 2013, 9:12 am

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

Hey Paul,

Thanks for the reply Paul. The protocols SCCP and MGCP are pretty well known protocols in Cisco VoIP. For example, SCCP is used for Cisco IP phones to register with the Cisco Unified Communications Manager (CallManager) and analyzing the transactions between the two can help determine issues with registration. MGCP is also a call-processing protocol. EIGRP as you may know is a Routing protocol. Unfortunately I cannot find RFCs or detailed specifications for SCCP, but there are for EIGRP and MGCP. Here is all the info I can gather on them:

SCCP = Skinny Call Control Protocol (Usually just referred to as Skinny)
Runs over TCP, on port 2000
Note: This shouldn't be confused with the Signalling Connection Control Part from SS7 Signalling Stack
http://en.wikipedia.org/wiki/Skinny_Call_Control_Protocol
http://wiki.wireshark.org/SKINNY

EIGRP = Enhanced Interior Gateway Routing Protocol
RFC = http://tools.ietf.org/html/draft-savage-eigrp-00

MGCP = Media Gateway Control Protocol
RFC = http://www.ietf.org/rfc/rfc2705.txt

By the way, thanks for letting me know that Message Analyzer was the new NetMon. I installed it already, although it does look a bit more confusing than Network Monitor. For example, it's not clear how to choose which Network Interface I want to monitor because the names are not the same as the connection names. Also when I open up a previous capture, I cannot separate the traffic based on which application it was using. I hope these will be addressed in the final release.

Thanks!

John

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 19, 2013, 9:13 am

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

Yes, thanks for the documentation pointers. That will help.

Regarding the Network Interface, it's certainly has changed. We now have Trace Scenarios because we are more than just a network sniffer, we can analyze many streams of data from different sources and formats. However, I see where we could make it easier to support the "Capture From Network Interface" scenario. At this point Link Layer captures all Network Interfaces by default. And you could take that as a start and create a scenario you would use most often and save it to the list. So perhaps that's a mitigation for now.

Regarding the previous capture and process info, we haven't implemented that yet. But it's on our radar and if we don't get it for v1, you won't have to wait too long for a refresh of some sort.

In terms of what you need to analyze this traffic, what do you use? Do you think that our visualizations could help? What types of diagnosis would help you see problems?

Thanks,

Paul

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 19, 2013, 12:27 pm

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

Hey Paul,

Other than Microsoft Network Monitor, I primarily use another network packet capture/analyzer called Wireshark, which is also a free program. It is pretty much the Gold Standard when it comes to network packet capture analysis. What it does is that it allows you to choose which network interface(s) on your machine that you want to analyze packets and it will capture all of them. When you click on an individual packet in a trace, it separates all of layers according to the Internet/OSI model (i.e. Physical Layer, Data-Link Layer, Network Layer, Transport Layer, and Application Layer). It recognizes pretty much every known protocol in the market today, and if it detects it, you can add a filter to show only packets from that protocol. What's even more impressive for me as a VoIP specialist, is that it has a "VoIP Calls" option which allows you to view all VoIP calls that passed through the interface, and it will show a graph of the message and media transactions between all nodes involved.

However, There are a couple of flaws with Wireshark. They are:

1) Does not support all interfaces types on a Windows Machine, ie. VPN connections, Some IPv6 Tunnel Broker client interfaces

2) Choosing a network interface to capture is not always entirely clear as it shows it's Device ID rather than what is named in Windows Network Connections
For example: In Network Connections, one interface is named "Wireless Network Connection". In Wireshark, it's shown as "Microsoft: \Device\NPF_{4C968491-1244-4B63-916D-62EAD36268DE}". Message Analyzer (and NetMon) also did this, and I would like to see at least some kind of clear-cut correlation of the two.

3) You cannot separate traffic via the application that used it in Wireshark. For example: In Microsoft Network Monitor, with my VoIP Phone client program, I was able to see all transactions between the VoIP client and the VoIP server. This cannot be done in Wireshark, and I have not seen it in Message Analyzer. This is a feature that should have been passed over from Network Monitor to Message Analyzer, so please bring it back!

4) Packet capture sizes can become quite large over small periods of time and you may not even be able to open a capture that you made if it becomes too big.

Overall, if Wireshark addressed these issues, it would be perfect. In my opinion, if you can model the network analysis portion of Message Analyzer to mirror Wireshark while addressing all of Wiresharks short-comings as mentioned above, there's no question I would use Message Analyzer. But for now, I'll continue to use the combination of Wireshark and Network Monitor for my packet analysis needs! I'll say this though, Network Monitor was on the right track, it just lacked the protocol support (ie. Skinny, MGCP, EIGRP) and didn't have the graph options or VoIP call options.

I hope this helps. Let me know if you need any more opinions. I am glad to help!

Thanks,

John

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 19, 2013, 3:36 pm

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

Hey Paul,

Up until I found out about Microsoft Network Monitor, I was using another network packet capture/analyzer called Wireshark, which is also a free program. It is pretty much the Gold Standard when it comes to network packet capture analysis. What it does is that it allows you to choose which network interface(s) on your machine that you want to analyze packets and it will capture all of them. When you click on an individual packet in a trace, it separates all of layers according to the Internet/OSI model (i.e. Physical Layer, Data-Link Layer, Network Layer, Transport Layer, and Application Layer). It recognizes pretty much every known protocol in the market today, and if it detects it, you can add a filter to show only packets from that protocol. What's even more impressive for me as a VoIP specialist, is that it has a "VoIP Calls" option which allows you to view all VoIP calls that passed through the interface, and it will show a graph of the message and media transactions between all nodes involved.

However, There are a couple of flaws with Wireshark. They are:

1) Does not support all interfaces types on a Windows Machine, ie. VPN connections, Some IPv6 Tunnel Broker client interfaces

2) Choosing a network interface to capture is not always entirely clear as it shows it's Device ID rather than what is named in Windows Network Connections
For example: In Network Connections, one interface is named "Wireless Network Connection". In Wireshark, it's shown as "Microsoft: \Device\NPF_{4C968491-1244-4B63-916D-62EAD36268DE}". Message Analyzer (and NetMon) also did this, and I would like to see at least some kind of clear-cut correlation of the two.

3) You cannot separate traffic via the application that used it in Wireshark. For example: In Microsoft Network Monitor, with my VoIP Phone client program, I was able to see all transactions between the VoIP client and the VoIP server. This cannot be done in Wireshark, and I have not seen it in Message Analyzer. This is a feature that should have been passed over from Network Monitor to Message Analyzer, so please bring it back!

4) Packet capture sizes can become quite large over small periods of time and you may not even be able to open a capture that you made if it becomes too big.

Overall, if Wireshark addressed these issues, it would be perfect. In my opinion, if you can model the network analysis portion of Message Analyzer to mirror Wireshark while addressing all of Wiresharks short-comings as mentioned above, there's no question I would use Message Analyzer. But for now, I'll continue to use the combination of Wireshark and Network Monitor for my packet analysis needs! I'll say this though, Network Monitor was on the right track, it just lacked the protocol support (ie. Skinny, MGCP, EIGRP) and didn't have the graph options or VoIP call options.

I hope this helps. Let me know if you need any more opinions. I am glad to help!

Thanks,

John

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 20, 2013, 8:46 am

≫ Next: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

↧

New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

March 20, 2013, 9:32 am

≫ Next: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (abr 05, 2013)

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

↧

Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (abr 05, 2013)

April 5, 2013, 1:58 pm

≫ Next: Released: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

≪ Previous: New Post: SCCP, MGCP and EIGRP (Cisco Protocols) not supported in Microsoft NetMon

Rated 4 Stars (out of 5) - test for our network and check the performance

↧

Released: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

November 16, 2012, 1:11 am

≫ Next: Updated Release: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

≪ Previous: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (abr 05, 2013)

The Network Monitor Parsers packages have moved to Microsoft Connect as of release 3.4.2978. They contain parsers for more than 400 network protocols, including RFC based public protocols and protocols for Microsoft products defined in the Microsoft Open Specifications for Windows and SQL Server. NetworkMonitor_Parsers.msi is the base parser package which defines parsers for commonly used public protocols and protocols for Microsoft Windows.

In this release, NetowrkMonitor_Parsers.msi continues to improve quality and fix bugs. It has included the following new and update parsers:

New: BGP.npl, CAPR.npl, FCIADS.npl, GPCAP.npl, KKDCP.npl, RAA.npl, RDPEECO.npl, RDPEGFX.npl, RDPEGT.npl, RDPEI.npl, RDPEUDP.npl, RDPNSC.npl, RDPRFX.npl, WDSMA.npl, WDSMSI.npl, WDSMT.npl, WSTEP.npl

Updates: ADTS.npl, DRSR.npl, etlusbhub.events.npl, etlusbHub3.npl, etlusbport.events.npl, etlusbUcx.npl, etl_usbXhci.npl, FRS2.npl, FSRM.npl, IKEE.npl, LSAD.npl, NLB.npl, NSPI.npl, PAC.npl, PCHC.npl, PKCA.npl, RDPBCGR.npl, RDPEA.npl, RDPEDYC.npl, RDPEGDI.npl, RDPEUSB.npl, RDPEV.npl, RDPEVOR.npl, RDWR.npl, RPCE.npl, RPRN.npl, TDS.npl, TSGU.npl, WCCE.npl, WDSC.npl, WKST.npl, WSP.npl, XCEP.npl

Parser Package Compatibility
This NetworkMonitor_Parsers.msi Version 3.4.2978 is compatible with the latest released add-on parser packages Office and SharePoint Products Network Monitor Parser 1.5, Lync Network Monitor Parsers 3.6, and Network Monitor Parsers for SQL Server 3.4.2978 in the same release.

It has also been tested and approved compatible with the Network Monitor 3.4 RTW release.

For encrypted data, you can use the Network Monitor SSL decryption expert to decrypt the data first, then view the data using the parsers.

Release Details
Release Date: November 16, 2012
Version: 3.4.2978
Corresponding CodePlex Source Code Change Set: N/A
Network Monitor Version Compatibility: Network Monitor v3.4.2350 (3.4 RTW)

↧

Updated Release: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

November 16, 2012, 1:11 am

≫ Next: Released: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

≪ Previous: Released: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

↧

Released: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

November 16, 2012, 1:11 am

≫ Next: Updated Release: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

≪ Previous: Updated Release: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

↧

Updated Release: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

November 16, 2012, 1:11 am

≫ Next: Reviewed: Network Monitor Parsers 3.4.2774 (May 02, 2013)

≪ Previous: Released: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

↧

Reviewed: Network Monitor Parsers 3.4.2774 (May 02, 2013)

May 2, 2013, 12:00 am

≫ Next: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (jul 04, 2013)

≪ Previous: Updated Release: Network Monitor Parsers 3.4.2978 in MS Connect (Nov 16, 2012)

Rated 1 Stars (out of 5) - Can not download

↧

Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (jul 04, 2013)

July 4, 2013, 9:12 am

≫ Next: Reviewed: Network Monitor Parsers 3.4.2890 in MS Connect (ноя 22, 2013)

≪ Previous: Reviewed: Network Monitor Parsers 3.4.2774 (May 02, 2013)

Rated 4 Stars (out of 5) - test for our network and check the performance

↧

Reviewed: Network Monitor Parsers 3.4.2890 in MS Connect (ноя 22, 2013)

November 22, 2013, 4:04 am

≫ Next: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (11 26, 2013)

≪ Previous: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (jul 04, 2013)

Rated 2 Stars (out of 5) - 124hytyuh 6y56 y657657

↧

Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (11 26, 2013)

November 26, 2013, 8:56 pm

≫ Next: Updated Wiki: Home

≪ Previous: Reviewed: Network Monitor Parsers 3.4.2890 in MS Connect (ноя 22, 2013)

Rated 3 Stars (out of 5) - network forensic

↧

Updated Wiki: Home

December 6, 2013, 1:21 pm

≫ Next: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (oct 16, 2014)

≪ Previous: Reviewed: Network Monitor Parsers 3.4.2978 in MS Connect (11 26, 2013)

This project is no longer active and was put into the Outercurve Project Archive on 28-03-2013. The last release of the software is still available athttps://connect.microsoft.com/site216/Network%20Monitor%20Parsers and the software repositories are still readable athttps://nmparsers.codeplex.com/SourceControl/latest, but further work has been suspended at this time. Please contact the Outercurve Foundation atinfo@outercurve.org if you require more information.

Welcome to the Network Monitor Parsers Project!

This project contains the latest updates for the Network Monitor parsers for open standard protocols, as well as the Windows and SQL Server protocols described in theMSDN Open Specifications. All parser development for those products has been done through this CodePlex site since November 2008. As a result, parser developers, enthusiasts, and the like can have access to the latest parser changes immediately. We welcome your parser submissions and input as well as your parser bug reports.

The Network Monitor Parsers project is now part of the Systems Infrastructure & Integration Gallery of theOutercurve Foundation. This is a milestone for the project, since the community can now direct the development through an independent Open Source foundation, with Microsoft a participating community member. We look forward to enlarging the parser usage community and attracting more protocol developers to contribute additional protocol parsers to enable interoperability among a wide range of technologies!

News

11/16/2012 - We are pleased to announce the November release of Network Monitor Parsers packages 3.4.2978 for both the NetworkMonitor_Parsers.msi and NetworkMonitor_Parsers_forSQLServer.msi. In this release, we have added 17 new parsers (BGP.npl, CAPR.npl, FCIADS.npl, GPCAP.npl, KKDCP.npl, RAA.npl, RDPEECO.npl, RDPEGFX.npl, RDPEGT.npl, RDPEI.npl, RDPEUDP.npl, RDPNSC.npl, RDPRFX.npl, WDSMA.npl, WDSMSI.npl, WDSMT.npl, WSTEP.npl) and updated 33 parsers including ADTS.npl, DRSR.npl, etl_usbhub.events.npl, etl_usbHub3.npl, etl_usbport.events.npl, etl_usbUcx.npl, etl_usbXhci.npl, FRS2.npl, FSRM.npl, IKEE.npl, LSAD.npl, NLB.npl, NSPI.npl, PAC.npl, PCHC.npl, PKCA.npl, RDPBCGR.npl, RDPEA.npl, RDPEDYC.npl, RDPEGDI.npl, RDPEUSB.npl, RDPEV.npl, RDPEVOR.npl, RDWR.npl, RPCE.npl, RPRN.npl, TDS.npl, TSGU.npl, WCCE.npl, WDSC.npl, WKST.npl, WSP.npl, XCEP.npl. This NetworkMonitor_Parsers.msi release is compatible with the latest released add-on packages Office and SharePoint Products Network Monitor Parser 1.5 and Lync Network Monitor Parsers 3.6.
10/11/2012 - The Network Monitor Open Source Parsers have moved to the Microsoft Connect site as of release 3.4.2890. Please download the packages there from now on.
12/19/2011 - We are pleased to announce the December release of Network Monitor Parsers packages 3.4.2774 for both the NetworkMonitor_Parsers.msi and NetworkMonitor_Parsers_forSQLServer.msi. In this release, we have added three new parsers (erf.npl, srtcp.npl and WSEventing.npl) and updated 16 parsers including dhcp.npl, dsml.npl, frame.npl, mqds.npl, pgm.npl, rsvp.npl, rtcp.npl, smb.npl, smtp.npl, ssl.npl, stp.npl, tls.npl, trail.npl, udp.npl, wireless.npl, wsmv.npl. This NetworkMonitor_Parsers.msi release is compatible with the latest released add-on packages Office and SharePoint Products Network Monitor Parser 1.5 and Lync Network Monitor Parsers 3.6.
10/28/2011 - Here comes the new October release of Network Monitor Parsers packages 3.4.2748 for both the NetworkMonitor_Parsers.msi and NetworkMonitor_Parsers_forSQLServer.msi. In this release, we have added one new parser ebcdic_struct.npl and updated 28 parsers including major updates for POP3 and IMAP protocols, RDP protocol family, SSL, NFS, and WIRELESS.
08/08/2011 - We are pleased to announce the new release of Network Monitor Parsers packages 3.4.2683 for both the NetworkMonitor_Parsers.msi and NetworkMonitor_Parsers_forSQLServer.msi. In this release, we have added one new parser for Internet Printing Protocol (IPP) and had major update for RDPBCGR parser to support Remote Desktop protocol family. The NetworkMonitor_Parsers.msi is compatible with the latest released add-on packages Office and SharePoint Products Network Monitor Parser 1.5 and Lync Network Monitor Parsers 3.6.
06/29/2011 - We are pleased to announce the new release of Network Monitor Parsers package 3.4.2654. In this release, we have updated a few parsers to support the Office and SharePoint Products Network Monitor Parsers Version 1.5 release in July. This Network Monitor Parsers 3.4.2654 is compatible with the latest released add-on packages Office and SharePoint Products Network Monitor Parser 1.4 , Lync Network Monitor Parsers 3.6 and Network Monitor Parsers for SQL Server 3.4.2590.
05/13/2011 - We are pleased to announce the new release of Network Monitor Parsers package 3.4.2611. We have added one new parser for protocol MS-RDPEUSB, and updated a few parsers to support the Lync Network Monitor Parsers Version 3.6 release.This Network Monitor Parsers 3.4.2611 is compatible with the add-on packages Office and SharePoint Products Network Monitor Parser 1.4, Lync Network Monitor Parsers 3.6 and Network Monitor Parsers for SQL Server 3.4.2590.
04/08/2011 - We are pleased to announce the new release of Network Monitor Parsers package 3.4.2590 and Network Monitor Parsers for SQL Server 3.4.2590. The base Network Monitor Parsers package 3.4.2590 is compatible with all the latest released add-on parser packages. We have added 10 new protocol parsers, refactored 9 NFS ancillary protocol parsers and updated 44 existing parsers.
02/28/2011 - We are pleased to announce the new release of Network Monitor Parsers packages. We have added 4 new protocol parsers (Kpasswd.npl, Mount.npl, nlm.npl and nsm.npl) and updated 79 existing parsers in the NetworkMonitor_Parsers.msi. This Network Monitor Parsers 3.4.2554 is compatible with the add-on parser packages Office and SharePoint Products Network Monitor Parser 1.3, Office Communications Server Netmon Parsers 3.5 and Network Monitor Parsers for SQL Server 3.4.2455.
10/25/2010 - We are pleased to announce the new release of Network Monitor Parsers packages. We have added new protocol parsers and updated some existing parsers in the NetworkMonitor_Parsers.msi. The supported platforms are x86, x64 and itanium. The Office and SharePoint Products Network Monitor Parser 1.2 version is only compatible with current 3.4.2455 version of NetworkMonitor_Parsers.msi.
6/25/2010 - We have finally transitioned to the Codeplex Foundation build process under the new BSD License. Please download the 3.4.2351 Network Monitor Parser packages from theDownloads page. In this release, more protocol parsers have been updated and some of them are only compatible with the newly released Network Monitor 3.4 RTW engine. If you are running on the old Network Monitor 3.3 RTW engine, please update to the 3.4 release before downloading the parser packages.
3/17/2010 - The Network Monitor Parsers project is now part of the Systems Infrastructure & Integration Gallery of the Codeplex Foundation. The Codeplex Foundation will be responsible for further development and is using the newBSD license, which is an OSI approved license. This is a milestone for the project, since the community will now direct the development through an independent Open Source foundation, with Microsoft a participating community member. We look forward to enlarging the parser usage community. You can find more on the Codeplex Foundation News and Announcements.
12/16/2009 - Great news for NPL users! We have created a NPL Parser Reference Map to help you browsing through the list of the protocol parsers defined in the Network Monitor Parser packages and identifying the references for each of these protocol parsers without necessity of downloading the parser packages.
11/04/2009 - We are pleased to announce the release of a new parser package, Microsoft_SQL.msi. This package contains parsers for theMicrosoft SQL Server Protocols published in the MSDN Open Specifications. It depends on the Microsoft_Parsers.msi. So in order to use the SQL parsers correctly, you must first install Microsoft_Parsers.msi, then the Microsoft_SQL.msi.
01/05/2009 - A tutorial has been posted for writing parsers. It demonstrates a basic introduction to parser development through a guided example parser. Please feel free to download the PDF here:Tutorial, Writing a Parser from Wire to Window.
12/05/2008 - We have branched our source code repository on CodePlex. There are now two main directories which both contain full parser sets. TheDevelop Branch contains the latest changes from the parser developers; however, it may not be completely stable. TheVerified Build Branch is a copy of the latest development branch which has passed a set of tests, it should be fairly stable.

Links
For more information about Network Monitor, the Open Protocols Initiative, or downloading Network Monitor please see the following links:

Download the latest released Microsoft Network Monitor 3.4 RTW here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=983b941d-06cb-4658-b7f6-3088333d062f
Download the latest Network Monitor SSL decryption expert here: http://nmdecrypt.codeplex.com/
For support and beta information for Network Monitor visit Microsoft Connect here:https://connect.microsoft.com/site/sitehome.aspx?SiteID=216
For general help and tips about using Network Monitor see our blog here: http://blogs.technet.com/netmon/default.aspx
For general information about the Microsoft Open Protocols Initiative see: http://www.microsoft.com/openspecifications/en/us/default.aspx

↧