locked
WFP IP payload filter RRS feed

  • Question

  • hi everyone, I want to use WFP in Win7, 8 etc. to filter IP packets through the first or second bytes in the IP payload. 

    "Filtering Conditions" cannot meet my need, because it just base on the IP address or the port.

    I want it firstly inspect the IP packets, and then filter the packets according to the first and second bytes in the payload(actually in the TCP payload).

    Thanks.

    Saturday, July 22, 2017 11:32 AM

All replies

  • You need deep packet inspection. It needs a callout driver and filter condition for all the packets which will get all the packets at IP layer.

    Monday, July 24, 2017 4:50 AM