[__Genius__]

Hi guys,
I have no idea about monitoring tcp/ip protocol stack activities from kernel driver, I should implement this feature in my application, it should monitor active outbound connections in real-time and don't know how to implement such a feature .
Any help would be appreciated .
thanks Km guys .

[Cr4sh]

You mean socket-layer monitoring?
1. Windows Filtering Platform (Vista+ only): http://www.microsoft.com/whdc/device/network/wfp.mspx
2. TDI filtering (simple open-source TDI firewall: http://tdifw.sourceforge.net/).

If you need just monitoring of raw TCP/IP packets, see sources of WinPCAP and DDK samples in network/ndis/ndisprot and network/ndis/ndisprot/passthru.

[__Genius__]

Thank you Cr4sh,
the first solution you mentioned do not beneficial for me, because the application should work on Xp, I will check the second solution, What I want to do is like as what Sysinternal TCPView is doing, I should implement exact the same .

[Cr4sh]

Thank you Cr4sh,
the first solution you mentioned do not beneficial for me, because the application should work on Xp, I will check the second solution, What I want to do is like as what Sysinternal TCPView is doing, I should implement exact the same .

As I know, TCPView uses kernel driver only for non-primary functionality, and monitoring of network activity implemented in user-mode, with IP Helper API.

[__Genius__]

Do you mean there's no need to any implementation in kernel driver ?
is it reliable?

[Cr4sh]

Do you mean there's no need to any implementation in kernel driver ?
is it reliable?

Yes, you need just IPHelp API ->GetTcpTable() function
http://msdn.microsoft.com/en-us/library ... S.85).aspx

[__Genius__]

Thank you, this is what I want to do, I should implement it in GUI .
btw, Great method.

[EP_X0FF]

You maybe also interested in looking on this request. Example source included.