TDI Filter and Winsock - Can These Interfaces Capture LAN Packets?
- By Troy Truman
- Published 02/10/2010
- Tools and Resources
- Unrated
As programmers may well know, TDI filter has been edged out by a new kernel mode NPI, or network programming interface, that has been described as transport independent. This NPI is none other than Winsock Kernel, which is now a standard in Windows Vista and newer Windows Server platforms. Still, transport driver interface is supported in both Windows platforms to ensure retroactive compatibility. This is made possible through the use of a translation layer. However, in such a scenario, the performance of the TDI is less than optimal because clients can experience degradation. For this very reason, it is more advantageous to use WSK in the drivers whenever it can be allowed.
If indeed you choose to use WSK instead of TDI filter, you may find yourself in a situation where you would want to capture LAN packets. Well, this can be done in Windows 2000, but there could be some problems. First of all, capturing LAN packets requires that one has administrator privileges. Next, interfaces that use TCP offload engines can easily break up the filtering mechanism that allows the capturing of LAN packets. Also, capturing specific packets may require tremendo
us amounts of CPU power. If this happens, the user may not be able to filter packets quickly enough to ensure that the kernel does not use up all buffer space.
When trying to capture LAN packets, a workaround can be done by avoiding Winsock altogether and instead talking directly to NDIS or TDI filter layer. TDI is located right above NDIS. For this solution to work as intended, you do not need to write the filtering codes yourself. There are drivers that can allow packet capture in most Windows systems and you can take advantage of them. This type of drivers can help you in capturing LAN packets without experiencing many of Winsock's shortcomings. Then again, if you want to use packet capture drivers, you need to have administrator privileges during installation. While installing, you may opt to subsequently allow users with no administrator privileges to use the features. By choosing this option, even non-administrators can request LAN packet capture.
If at the end, you still do not want to use TDI filter or even Winsock, your next big option is to create a driver of your own. Well, this could be a difficult and tedious task. In order to make things easier, you can use helper libraries like TCP/IP library.
If indeed you choose to use WSK instead of TDI filter, you may find yourself in a situation where you would want to capture LAN packets. Well, this can be done in Windows 2000, but there could be some problems. First of all, capturing LAN packets requires that one has administrator privileges. Next, interfaces that use TCP offload engines can easily break up the filtering mechanism that allows the capturing of LAN packets. Also, capturing specific packets may require tremendo
When trying to capture LAN packets, a workaround can be done by avoiding Winsock altogether and instead talking directly to NDIS or TDI filter layer. TDI is located right above NDIS. For this solution to work as intended, you do not need to write the filtering codes yourself. There are drivers that can allow packet capture in most Windows systems and you can take advantage of them. This type of drivers can help you in capturing LAN packets without experiencing many of Winsock's shortcomings. Then again, if you want to use packet capture drivers, you need to have administrator privileges during installation. While installing, you may opt to subsequently allow users with no administrator privileges to use the features. By choosing this option, even non-administrators can request LAN packet capture.
If at the end, you still do not want to use TDI filter or even Winsock, your next big option is to create a driver of your own. Well, this could be a difficult and tedious task. In order to make things easier, you can use helper libraries like TCP/IP library.
Troy Truman
Troy Truman is an online publisher providing great tips on TDI filter and winsock. To learn more about this topic, visit http://www.Komodia.com today!
View all articles by Troy Truman