Click here to Skip to main content
11,411,494 members (63,968 online)
Rate this: bad
Please Sign up or sign in to vote.
I'm developing network sniffer, bacically to to monitor complete network traffic - no blocking, no modification, interested in data volume, failing connections. I have it on TDI level now. For Windows 8 I need WFP. I've spent couple of days on several WFP examples. Instead of answers I'm having more and more questions.

Microsoft's example Inspect is cloning net buffers, processes them in worker thread and injects them back. Is it really necessary? The example is tight to single IP, so there is no performance considerations about it. I'm intending to monitor complete traffic and I'd like to do it as fast as possible.

I'm considering also NDIS based on Pass Thru, but WFP seems to be the first choice for me just now.
Posted 3-Apr-13 1:55am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 223
1 Sergey Alexandrovich Kryukov 195
2 Sascha Lefévre 155
3 ProgramFOX 90
4 Dave Kreskowiak 90
0 Sergey Alexandrovich Kryukov 8,920
1 OriginalGriff 7,128
2 Maciej Los 3,440
3 Abhinav S 3,248
4 Peter Leow 3,059

Advertise | Privacy | Mobile
Web03 | 2.8.150414.5 | Last Updated 3 Apr 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100