Posts Tagged ‘TDI’

TDI Modify Packets

Thursday, May 27th, 2010

Microsoft developed TDI (Transport Driver Interface) for the purpose of giving additional functionality combined with flexibility (compared to the existing interfaces). Windows 2000 (and later versions) has the transport providers directly interface with the TDI (Transport Driver Interface).  This allows the TDI (Transport Driver Interface) to offer a more consistent interface with the (NTP) network transport protocols.

Komodia offers a free TDI guide for all your TDI modify packets questions.

Chris

Hook Winsock API

Sunday, May 2nd, 2010

Hook Winsock API, can be done in various ways including: Winsock LSP, TDI, NDIS, Hooks, WFP. Which one is correct for you? it depends on what you plan to do, so it’s recommended you read about the technologies.

Barak

How to intercept data on Internet

Friday, April 9th, 2010

How to intercept data on Internet? This can be done using number of technologies:

  • Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
  • TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
  • NDIS – Kernel driver that inspects packets and has total control over the network.
  • WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.

Barak

TDI Driver

Saturday, March 20th, 2010

TDI Driver is mostly used today for personal AV products. I know there are number of parental control, spam filters products that use it as well.

I’m not a fan of TDI, although it has its place in doing networking filtering, it’s time is up and in one and a half year it will be phased out, so I don’t see any reason to start a project using TDI.

You can read this nice article about the difference between LSP and TDI.

Barak

NDIS Filter

Thursday, March 18th, 2010

NDIS Filter is used to perform packet filtering, modification and inspection, unlike other technologies like LSP and TDI which operate on streams.

NDIS Filter is actually a NDIS IM driver which receives packets (to send or receive), can perform processing on them and then send them to the next layer or drop them, that’s why NDIS IM drivers are used for: Firewalls, corporate firewalls, custom network solutions and more.

When stream operations is requires, NDIS IM is sometimes a bad choice because it imposes additional work to convert packets to streams, which can be avoided if using TDI or LSP.

Barak

Firewall application layer Winsock2

Sunday, March 14th, 2010

There are several ways to implement a firewall:

  • Winsock LSP – Can be used for an application layer firewall, but it’s mostly not used for various reasons.
  • TDI Driver – Mostly used for personal firewalls, according to Microsoft it will be phased out in the next OS.
  • Ndis IM – Mostly used for gateway firewalls.
  • WFP – The new plaform Microsoft is promoting, in my opinion that until XP is retired this will not gain momentum.

Barak

TDI firewall source code

Wednesday, March 10th, 2010

We have wrote a bit on what is TDI. Basically most personal firewall are using TDI for various reasons:

  1. It’s a driver so it has the false sense it’s hard to remove.
  2. It’s been with us since 1995 on Win95.
  3. It has the ability to view traffic as stream or packets.

TDI is being phased out by Microsoft, and according to their documentation the next Windows version might not support it anymore so investing in TDI can be quite risky.

Barak