[SDP3][519b22f2-ce19-47b1-8b88-f97131eddabe] Time Travel Trace and Network Capture Diagnostic

Applies to: Windows 8Windows 7 EnterpriseWindows Server 2008 R2 Enterprise

Summary


This diagnostic can be used to collect traces that will be analyzed by Microsoft Support for troubleshooting purposes. It can collect:
  • Network capture.
  • Time travel traces of given processes.
  • System Information.
  • Event logs (System, Application, Security).

It is designed to upload trace files up to 2GB in size once compressed.
This article provides details on the data collected by the Time Travel Trace and Network Capture diagnostic.


More Information


NOTE : The diagnostic described in this article can be used on the following versions of Microsoft Windows.


Windows 8, Windows Server 2012

Windows 7, Windows Server 2008 R2

Windows Vista, Windows Server 2008

Windows XP

Sufficent privileges are required for time travel tracing. It is sometimes necessary to start a user application process with Run As Administrator before collecting its time travel trace. The background tracing option might also be of consideration.

When you run the Time Travel Trace and Network Capture diagnostic, it allows to choose one or more of the following data collection options:
  • Network capture (output of nmcap utility from Network Monitor).
  • Time travel tracing (iDNA).
  • System Information (MSInfo32).
  • Event logs for System and Application.
  • Event logs for Security.
Upon running this diagnostic, the collected traces will be automatically compressed and then uploaded to Microsoft Support. A total size of up to 2GB can be uploaded.
If the results files are larger than 2GB after compression, some of the files will not be uploaded and will be left on your system. In this case, you must contact the support professional to ask for an alternative way to upload the remaining collected information.

Information Collected


The following data may be collected by the Time Travel Trace and Network Capture diagnostic run by the Microsoft Support Diagnostic Tool.

The files are typically large, and as a result the diagnostic may take several minutes to complete.
Network Capture Output
DescriptionFile Name
Network capture trace data from nmcap.exe output.
{Computername}_netcap.cap
Time Travel Tracing (iDNA) Output
The time trace tracing output is described in KB 2716889 Time Travel Tracing Diagnostic.

http://support.microsoft.com/kb/2716889

General system information
DescriptionFile Name
Basic System Information including machine name,
operating system name and service pack, computer model,
processor architecture and speed.
resultreport.xml
System Information - MSInfo32 tool output.
{Computername}_msinfo32.nfo
{Computername}_msinfo32.txt
Application Event log
DescriptionFile Name
Export of the Application event log in .csv format.
{Computername}_evt_Application.csv
Export of the Application event log in .evtx format.
Use Event Viewer to read.
{Computername}_evt_Application.evtx
Export of the Application event log in .txt format.
{Computername}_evt_Application.txt
System Event log
DescriptionFile Name
Export of the System event log in .csv format.
{Computername}_evt_System.csv
Export of the System event log in .evtx format.
Use Event Viewer to read.
{Computername}_evt_System.evtx
Export of the System event log in .txt format.
{Computername}_evt_System.txt
Security Event log
DescriptionFile Name
Export of the Security event log in .csv format.
{Computername}_evt_Security.csv
Export of the Security event log in .evtx format.
Use Event Viewer to read.
{Computername}_evt_Security.evtx
Export of the Security event log in .txt format.
{Computername}_evt_Security.txt

References

KB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7
http://support.microsoft.com/kb/973559
For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please open the following Microsoft Knowledge Base article:
KB 2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform