Network traffic monitor Windows can be done with various methods and technologies like: Winsock LSP, NDIS Passthru or NDIS IM, TDI Filter or TDI Driver, WFP and more.
Barak
Network traffic monitor Windows can be done with various methods and technologies like: Winsock LSP, NDIS Passthru or NDIS IM, TDI Filter or TDI Driver, WFP and more.
Barak
NDIS Miniport is a synonym for NDIS IM which is used when you need to change packets at Kernel level, this includes modifying the header and body, dropping or adding packets.
At Komodia we use a NDIS IM driver for our new NAT server interception.
Barak
NDIS Filter is used to perform packet filtering, modification and inspection, unlike other technologies like LSP and TDI which operate on streams.
NDIS Filter is actually a NDIS IM driver which receives packets (to send or receive), can perform processing on them and then send them to the next layer or drop them, that’s why NDIS IM drivers are used for: Firewalls, corporate firewalls, custom network solutions and more.
When stream operations is requires, NDIS IM is sometimes a bad choice because it imposes additional work to convert packets to streams, which can be avoided if using TDI or LSP.
Barak