WFP Filter can be used to intercept traffic as a packet or stream level, and is used by Microsoft to replace existing technologies such as NDIS, TDI, LSP.
Category Archives: WFP
How to intercept HTTP traffic
How to intercept HTTP trafficÂ can be done using a number of technologies, I always recommend going for stream based technologies which are: Winsock LSP, TDIÂ or WFP. Each has advantages and disadvantages like everything in life.
How to intercept data on Internet
How to intercept data on Internet? This can be done using number of technologies:
- Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
- TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
- NDIS – Kernel driver that inspects packets and has total control over the network.
- WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.
Network traffic monitor Windows
Network traffic monitor WindowsÂ can be done with various methods and technologies like: Winsock LSP, NDIS Passthru or NDIS IM, TDI Filter or TDI Driver, WFPÂ and more.
Windows Filtering Platform (WFP)
Windows Filtering PlatformÂ is a relativly new technology from Microsoft that was built to replace all existing technologies: Winsock LSP, TDI, NDIS.
First step would we TDI as Microsoft announced it will not be supported anymore on the next OS, but it seems that NDIS and LSP are supported.
I had a prospect ask me why I don’t WFP, well WFP the main reason not to use WFP for me is the lack of support for Windows XP (many of my clients also want to support Windows 2000), and until Windows XP will become obsolete, WFP will not gain momentum.
Firewall application layer Winsock2
There are several ways to implement a firewall:
- Winsock LSPÂ – Can be used for an application layer firewall, but it’s mostly not used for various reasons.
- TDI Driver – Mostly used for personal firewalls, according to Microsoft it will be phased out in the next OS.
- Ndis IM – Mostly used for gateway firewalls.
- WFP – The new plaform Microsoft is promoting, in my opinion that until XP is retired this will not gain momentum.