locked
Can LSP used to track SMB connection RRS feed

  • Question

  • Hi,

    As SMB connection is carried out by system process, I am not sure if LSP will able to track it.
    Dose any one know this for sure?

    Thanks,
    Nilesh Samant.
    Tuesday, May 20, 2008 9:59 PM

Answers

  • that's correct -- you will need either a TDI or WFP or NDIS filter drive to inspect SMB traffic. WFP is the preferred technology for kernel mode filtering.

     

    You could intercept SMB traffic using WFP from user-mode, but the action is limted to either allow or block the SBM session.

     

    Thanks,

    Biao.W.

     

    Thursday, May 22, 2008 5:55 AM

All replies

  • Yes that's correct.

     

    Biao.W.

     

    Wednesday, May 21, 2008 3:26 AM
  • Do you mean that it is NOT possible to track SMB using LSP?

    Thanks,
    Nilesh
    Wednesday, May 21, 2008 1:42 PM
  • that's correct -- you will need either a TDI or WFP or NDIS filter drive to inspect SMB traffic. WFP is the preferred technology for kernel mode filtering.

     

    You could intercept SMB traffic using WFP from user-mode, but the action is limted to either allow or block the SBM session.

     

    Thanks,

    Biao.W.

     

    Thursday, May 22, 2008 5:55 AM
  • Biao,

    Will it not work if LSP is layered(installed) over NetBios, TCP and UDP ? I blv SMB 2.0 also runs SMB traffic using Netbios over TCP, so layering over all this should help.

    I just want to know that it IS possible, although other better alternatives are there.

    please confirm.

     

    Tuesday, July 1, 2008 4:06 PM