none
Listening to TCP/UDP port with WFP RRS feed

  • Question

  • Hi everyone,

    I want to develop an application that requires to listen to specific port and count the number of packets that goes through one or another port of my computer, uplink. Actually I am only interested in the packets that are sent from the computer, the packets that arrive are not my concern, but I think the easiest way would be to listen to every packet that go through the computer in one way or another. I tried to do so with the .net framework of C# but the kind of sniffer I made was lame and was not detecting every packets the computer was sending. I was wondering if the WFP would allow me do fulfill such a task, and what operations I should see first. I find out that this tool was very multiskilled but this very purpose I am interested in : I was not able to find out. Thank you for your answer.

    Wednesday, July 24, 2019 12:45 AM

Answers

  • Hello Pepsimong,

    For developing WFP application you need familiar with C/C++ development, networking concepts and design of systems using user-mode and kernel-mode components.

    For getting started you can refer to this official sample: wfp - msnfilter .

    This maybe what you need:

    FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE:

    "This filtering layer is located in the send path after the framing layer processing has occurred but before the frame is processed by the MAC (Native 802.11) layer. It is the first layer after the Miniport delivers the frame to NDIS." 

    Refer to "Filtering Layer Identifiers".

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, July 24, 2019 2:09 AM

All replies

  • Hello Pepsimong,

    For developing WFP application you need familiar with C/C++ development, networking concepts and design of systems using user-mode and kernel-mode components.

    For getting started you can refer to this official sample: wfp - msnfilter .

    This maybe what you need:

    FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE:

    "This filtering layer is located in the send path after the framing layer processing has occurred but before the frame is processed by the MAC (Native 802.11) layer. It is the first layer after the Miniport delivers the frame to NDIS." 

    Refer to "Filtering Layer Identifiers".

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, July 24, 2019 2:09 AM
  • Hello Rita Han

    Many thanks for the detailed answer, I am somewhat familiar with these concepts even though only superficially. I think it will be enough to get my nose into it and start practising, thanks to the help you provided.

    Have a great day !

    Pepsimong

    Thursday, July 25, 2019 2:37 AM