Using Microsoft-Windows-WFP/Pef-WFP-MessageProvider

Asked Jul 26 '16 at 13:13

Active Jul 26 '16 at 14:35

Viewed 243 times

I'd like to monitor network activity at transport level. No need for ethernet frames and other low level stuff. It looks that Microsoft-Windows-WFP and Microsoft-Pef-WFP-MessageProvider providers actually do the task. However I am not sure that PEF provider (part of MessageAnalyzer) is suitable for use by 3rd party software. Also, I couldn't neither find manifest for Microsoft-Windows-WFP provider nor get traffic from it.

The questions are:

Are these providers intended for public use?
Is it possible to use PEF provider directly without involving OPN and PEF infrastructure?
If the providers above are not intended for public use, are there any other ETW providers that log network traffic?

TIA.

edited Jul 26 '16 at 14:35

asked Jul 26 '16 at 13:13

user6639949

Hi, and welcome to Stack Overflow. Your question is very broad, which will discourage users from answering it, and may lead to its closure. Could you perhaps rewrite it to be a bit more specific? – J Brazier Jul 26 '16 at 13:30
1

@JBrazier Hope it looks better now. – user6639949 Jul 26 '16 at 14:37
look at my answer from this question: http://stackoverflow.com/a/38603621/1466046 – magicandre1981 Jul 27 '16 at 14:59

Using Microsoft-Windows-WFP/Pef-WFP-MessageProvider

0 Answers0