TCP Analyzer x64 is failing

Jan 5, 2011 at 3:03 PM

I cannot run tcp analyzer  x64 with the current version of network monitor 3.4 x64. It simply reports that it quit working. in the downloads for the tcp analyzer it reported it needed network monitor 3.3. is that a mandatory requirement?

 

Todd

MCP

Coordinator
Mar 4, 2011 at 4:08 PM

Hi Todd,

Sorry for not getting back to you sooner.  I followed your request on to the team working on this Expert on Jan 7th, but still waiting for a response.  We don't directly own it, just point to it from our site.

Michael

Mar 9, 2011 at 12:11 AM
I'm running into the same issue with the tcp analyzer. with network monitor 3.4x64. Will there be a new release or must I uninstall network monitor 3.4 and install 3.3?

Thanks,

Michael

Apr 11, 2011 at 1:43 PM

Same issue here.

Is TCP Analyzer x64 working with NetMon 3.4 x64 for anybody?

     - If yes: can anyone kindly suggest how to do that?

     - If no: why was it posted for download without making sure that it works?

Cheers,

Radu

Coordinator
Apr 12, 2011 at 4:56 PM

Hi,

I was able to run the x64 TCP Analyzer using Network Monitor 3.4 and the latest parser release 3.4.2590 on my Windows 7 box.

Can anyone give a few more details as to what's going on and what type of configuration you have?

Thanks,
Michael

Apr 13, 2011 at 5:32 PM

I have the same configuration as you, Michael: Windows 7 Enterprise x64 with SP1, Network Monitor 3.4 and all my parsers are release 3.4.2590.0001

In NetMon, I have a single trace capture loaded.

I start the TCP Analyzer expert: The parser gets loaded and I see the progress bar loading the trace data. At the end of this activity (progress bar all the way to the end) I get a pop-up window stating "TcpAnalyzer has stopped working. ... Windows will close the program and notify you if a solution is available".

If I click on the [Close] button I do not get any other feedback.

If I click on the [Debug] button: I do not have source and symbols available, so I am not really able to debug.

While this popup windows is still on screen (until I decide to close it) I found a command line window from TcpAnalyzer.exe with two information messages:

1. successfully unserialized NPL parser. Loaded Npl sets.

2. Capture file <my file name> contains NNN frames. This is another indication that it completely loaded my capture file: NNN is indeed my total number of frames there.

It does not matter what capture file I try to analyze.

I also ran NetMon as an administrator but I got the same behaviour.

Thanks,

Radu

Coordinator
Apr 14, 2011 at 4:21 PM

Hi Radu,

Thanks for the info.  I've forwarded it on to the TCPAnalyzer team. 

The main developer's not going to be in the office for a couple of weeks, so it'll take a little longer than normal to get back to you.  I'll let you know when I hear back from his team.

Michael

Apr 14, 2011 at 4:39 PM

Thanks Michael!

Appreciate your help!

I wish more discussion groups would have such speedy follow-up as here.

Cheers,

Radu

From: MichaelHawker [email removed]
Sent: Thursday, April 14, 2011 12:21 PM
To: Popa, Radu
Subject: Re: TCP Analyzer x64 is failing [NMExperts:240584]

From: MichaelHawker

Hi Radu,

Thanks for the info. I've forwarded it on to the TCPAnalyzer team.

The main developer's not going to be in the office for a couple of weeks, so it'll take a little longer than normal to get back to you. I'll let you know when I hear back from his team.

Michael

Apr 28, 2011 at 9:19 PM

Any resolution or suggestions for this?  Same issue for me.

Thanks,

Eric

Apr 29, 2011 at 1:07 PM

I tested this in an x86 VM with Network Monitor 3.4 and got the same error message.

Coordinator
May 4, 2011 at 4:52 PM

Hi All,

Appreciate your patience on this.  Looks like we may have had a parser regression which is causing this expert to have issues now.  We're trying to track it down now, so I'll post any news when we know more.

Michael

May 11, 2011 at 2:02 AM

Hello Everyone,

I'm the author of the TCP Analyzer expert, and I could use some help in tracking down this problem several of you are seeing.

Unfortunately, this case is one of those where "it works on my machine" (and every other machine I've tested on).  While there are some known problems with the analyzer, they appear only with specific capture files, and not in all cases.  We have a suspicion that this issue is parser related, that a subtle change in the Network Monitor API is affecting some assumptions the analyzer makes, but we're not sure.  What Parser Profile are you folks using when you get this error?  And what version of the parsers do you have?  The "Parser Profiles" tab of the "Options" dialog box has this information.

Oh, and just to set expectations appropriately, the TCP Analyzer expert was written as part of a research project and was released externally in the hopes that people might find it useful.  It's not a supported product, or even a product at all.  I try to answer questions about it and look into any reported problems, but I can't make any promises.  Someday when I get some free time I'd like to make a new release that fixes the known issues and improves the UI, but I don't have anything even remotely resembling a schedule for this.  Which is a long-winded way of saying I can't guarantee anything will be done about this issue.  But I'll try.

Thanks,

--Brian

Jun 30, 2011 at 6:06 PM

Hi Brian,

Here is a screenshot of my parser profiles (basically, all are version 03.04.2590.0001 – the most recent at the time I used them):

Hope it helps.

Thanks for a great work!

It was very helpful for me when it worked so, I can see the potential.

Cheers,

Radu

From: BrianZill [email removed]
Sent: Tuesday, May 10, 2011 10:03 PM
To: Popa, Radu
Subject: Re: TCP Analyzer x64 is failing [NMExperts:240584]

From: BrianZill

Hello Everyone,

I'm the author of the TCP Analyzer expert, and I could use some help in tracking down this problem several of you are seeing.

Unfortunately, this case is one of those where "it works on my machine" (and every other machine I've tested on). While there are some known problems with the analyzer, they appear only with specific capture files, and not in all cases. We have a suspicion that this issue is parser related, that a subtle change in the Network Monitor API is affecting some assumptions the analyzer makes, but we're not sure. What Parser Profile are you folks using when you get this error? And what version of the parsers do you have? The "Parser Profiles" tab of the "Options" dialog box has this information.

Oh, and just to set expectations appropriately, the TCP Analyzer expert was written as part of a research project and was released externally in the hopes that people might find it useful. It's not a supported product, or even a product at all. I try to answer questions about it and look into any reported problems, but I can't make any promises. Someday when I get some free time I'd like to make a new release that fixes the known issues and improves the UI, but I don't have anything even remotely resembling a schedule for this. Which is a long-winded way of saying I can't guarantee anything will be done about this issue. But I'll try.

Thanks,

--Brian

Coordinator
Jun 30, 2011 at 6:15 PM

Radu, the image you sent didnt' seem to come through.  Is there any text that you can type in to understand the issue?  Did you select a TCP conversation in the UI before running the expert?  Can you give the steps you used?

Thanks,

Paul

Jun 30, 2011 at 6:39 PM

Hi Paul,

To clarify:

1. My message was in reply to Brian’s request for info and the image was merely a screenshot of the "Parser Profiles" tab of the "Options" dialog box. I already mentioned the more valuable piece of info: the fact that I was using version 03.04.2590.0001

2. In terms of what steps I was using in the past, when I encountered the issue, they are already in this thread – please see my comments (as popasuc) back in April 2011.

Best regards,

Radu

Coordinator
Jun 30, 2011 at 7:32 PM

Any chance you could share the trace with me?  Perhaps you could use skydrive to upload the trace.  If there's a concern with privacy you limit access to me via my LiveID.

Paul

Jun 30, 2011 at 8:41 PM

Sorry Paul, those were production traces.

I’ll see if I can reproduce the same with less sensitive data.

Radu

Jun 30, 2011 at 8:51 PM
Hi Radu,

Can you clarify? Do you see the problem on all traces, or only specific ones?

Thanks,
--Brian

Sent from my Windows Phone

From: popasuc
Sent: Thursday, 30 June, 2011 13:41
To: brianzill@hotmail.com
Subject: Re: TCP Analyzer x64 is failing [NMExperts:240584]



> From: popasuc
>
> Sorry Paul, those were production traces.I’ll see if I can reproduce the same with less sensitive data.Radu
>
>
Jun 30, 2011 at 8:55 PM

Hi Brian,

I saw it on some, not all traces. It seemed to be related to size. Size of the cap files ranged from 2 to 40 MB.

All this was back in April. I’d have to get back in context to refresh my memory …

Cheers,

Radu

Aug 24, 2011 at 2:08 PM

Hope this can help. I also encounter similar problem. I also have problem for expert NMTopUser and NMTopProtocols32. For the later two, it will complain about NMAPI.dll and mentioned about NM3.3. So I went back to install NM3.3. Now I have no problem to run the TCP Analyzer. But I have a different problem for NMTopProtocals32 and NMTopUser: now they complain load fail. I uninstalled everything and re-installed NM34. Magically everything start to work. For all above, I was trying to process same captured file. Hope this can help others.