Click here to Skip to main content
15,860,943 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I'm developing network sniffer, bacically to to monitor complete network traffic - no blocking, no modification, interested in data volume, failing connections. I have it on TDI level now. For Windows 8 I need WFP. I've spent couple of days on several WFP examples. Instead of answers I'm having more and more questions.

Microsoft's example Inspect is cloning net buffers, processes them in worker thread and injects them back. Is it really necessary? The example is tight to single IP, so there is no performance considerations about it. I'm intending to monitor complete traffic and I'd like to do it as fast as possible.

I'm considering also NDIS based on Pass Thru, but WFP seems to be the first choice for me just now.
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900