Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
I'm developing network sniffer, bacically to to monitor complete network traffic - no blocking, no modification, interested in data volume, failing connections. I have it on TDI level now. For Windows 8 I need WFP. I've spent couple of days on several WFP examples. Instead of answers I'm having more and more questions.
 
Microsoft's example Inspect is cloning net buffers, processes them in worker thread and injects them back. Is it really necessary? The example is tight to single IP, so there is no performance considerations about it. I'm intending to monitor complete traffic and I'd like to do it as fast as possible.
 
I'm considering also NDIS based on Pass Thru, but WFP seems to be the first choice for me just now.
Posted 3-Apr-13 1:55am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web02 | 2.8.1411022.1 | Last Updated 3 Apr 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100