Click here to Skip to main content
11,705,119 members (45,474 online)
Rate this: bad
Please Sign up or sign in to vote.
I'm developing network sniffer, bacically to to monitor complete network traffic - no blocking, no modification, interested in data volume, failing connections. I have it on TDI level now. For Windows 8 I need WFP. I've spent couple of days on several WFP examples. Instead of answers I'm having more and more questions.

Microsoft's example Inspect is cloning net buffers, processes them in worker thread and injects them back. Is it really necessary? The example is tight to single IP, so there is no performance considerations about it. I'm intending to monitor complete traffic and I'd like to do it as fast as possible.

I'm considering also NDIS based on Pass Thru, but WFP seems to be the first choice for me just now.
Posted 3-Apr-13 0:55am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 595
1 OriginalGriff 289
2 Andy Lanng 175
3 CPallini 162
4 ppolymorphe 126
0 OriginalGriff 8,958
1 Sergey Alexandrovich Kryukov 8,276
2 CPallini 5,189
3 Maciej Los 4,726
4 Mika Wendelius 3,606

Advertise | Privacy | Mobile
Web03 | 2.8.150819.1 | Last Updated 3 Apr 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100