Retail Products:

Winsock LSP vs TDI

Before we start, you can read: What is LSP and What is TDI.

The similarity between LSP and TDI is that they both operate on the Winsock functions and process the traffic as streams and not as packets. The main difference between LSP and TDI is that LSP is running at user level and in the workspace of the process it intercepts while TDI runs in Kernel mode, this main difference has number of effects:

At Komodia we use Winsock LSP because on almost all of the targets the SDK is going to be installed on there will already by an Antivirus or Firewall that uses TDI, and we don’t want to have a conflict, also because Winsock LSP is at user mode it allows us to do extra manipulation which is not possible with TDI such as: DNS interception, SSL interception. And last but not least, TDI is not going to be supported soon.