WFP Filter can be used to intercept traffic as a packet or stream level, and is used by Microsoft to replace existing technologies such as NDIS, TDI, LSP.
How to intercept data on Internet? This can be done using number of technologies:
- Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
- TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
- NDIS – Kernel driver that inspects packets and has total control over the network.
- WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.
Windows Filtering PlatformÂ is a relativly new technology from Microsoft that was built to replace all existing technologies: Winsock LSP, TDI, NDIS.
First step would we TDI as Microsoft announced it will not be supported anymore on the next OS, but it seems that NDIS and LSP are supported.
I had a prospect ask me why I don’t WFP, well WFP the main reason not to use WFP for me is the lack of support for Windows XP (many of my clients also want to support Windows 2000), and until Windows XP will become obsolete, WFP will not gain momentum.
There are several ways to implement a firewall:
- Winsock LSPÂ – Can be used for an application layer firewall, but it’s mostly not used for various reasons.
- TDI Driver – Mostly used for personal firewalls, according to Microsoft it will be phased out in the next OS.
- Ndis IM – Mostly used for gateway firewalls.
- WFP – The new plaform Microsoft is promoting, in my opinion that until XP is retired this will not gain momentum.