Archive for the ‘WFP’ Category

WFP Filter

Wednesday, November 30th, 2011

WFP Filter can be used to intercept traffic as a packet or stream level, and is used by Microsoft to replace existing technologies such as NDIS, TDI, LSP.

How to intercept HTTP traffic

Thursday, April 15th, 2010

How to intercept HTTP traffic can be done using a number of technologies, I always recommend going for stream based technologies which are: Winsock LSP, TDI or WFP. Each has advantages and disadvantages like everything in life.


How to intercept data on Internet

Friday, April 9th, 2010

How to intercept data on Internet? This can be done using number of technologies:

  • Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
  • TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
  • NDIS – Kernel driver that inspects packets and has total control over the network.
  • WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.


Network traffic monitor Windows

Thursday, April 1st, 2010

Network traffic monitor Windows can be done with various methods and technologies like: Winsock LSP, NDIS Passthru or NDIS IM, TDI Filter or TDI Driver, WFP and more.


Windows Filtering Platform (WFP)

Thursday, March 18th, 2010

Windows Filtering Platform is a relativly new technology from Microsoft that was built to replace all existing technologies: Winsock LSP, TDI, NDIS.

First step would we TDI as Microsoft announced it will not be supported anymore on the next OS, but it seems that NDIS and LSP are supported.

I had a prospect ask me why I don’t WFP, well WFP the main reason not to use WFP for me is the lack of support for Windows XP (many of my clients also want to support Windows 2000), and until Windows XP will become obsolete, WFP will not gain momentum.


Firewall application layer Winsock2

Sunday, March 14th, 2010

There are several ways to implement a firewall:

  • Winsock LSP – Can be used for an application layer firewall, but it’s mostly not used for various reasons.
  • TDI Driver – Mostly used for personal firewalls, according to Microsoft it will be phased out in the next OS.
  • Ndis IM – Mostly used for gateway firewalls.
  • WFP – The new plaform Microsoft is promoting, in my opinion that until XP is retired this will not gain momentum.