PCAUSA TDIScope
Transport Data Interface (TDI) Operation Monitor
V1.0.0.3 - November, 2004
Background
There is no doubt that the SysInternals TDI
Monitor (TDIMon) written by Mark Russinovich and Bryce Cogswell is one of the
key tools for understanding how TDI works. No one would disagree with their own
description of TDIMon:
"TDIMon is an application that
lets you monitor TCP and UDP activity on your local system. It is the most
powerful tool available for tracking down network-related configuration problems
and analyzing application network usage."
The free version of TDIMon can be downloaded
from their website at this URL:
http://www.sysinternals.com/ntw2k/freeware/tdimon.shtml
In addition, Mark and Bryce license tools
with some additional capabilities as part of their Administrator's Pak. See the
URL:
http://www.winternals.com/products/repairandrecovery/
Changes to Windows TCP/IP TDI Provider
Introduced with Windows 2000
In Windows 2000 and later Windows versions
Microsoft began an effort to manage and detect the "connection state" of network
interfaces. One aspect of the detection scheme involves making
IRP_TDI_QUERY_INFORMATION_EX calls continuously at a high rate. Unfortunately,
the logging display of the TDIMon free version is quickly filled with these
uninteresting records. It becomes difficult to even locate records of interest
because of the mass of uninteresting records.
The version of TDIMon that comes with the
Winternals Administrator's Pak includes a filtering capability that is not
provided with the free version. Probably with the paid version it is
possible to selectively filter out the uninteresting IRP_TDI_QUERY_INFORMATION_EX records.
Resurrecting an Old PCAUSA TDI Monitoring
Project
During updates to the PCAUSA TDI driver
samples in 2002 we started development of a TDI monitoring tool called
TDIScope. This work was never completed
because of other commitments.
However, I recently needed to use TDIMon for
some research and encountered the IRP_TDI_QUERY_INFORMATION_EX nuisance. So, I
decided to make a few essential fixes to the old TDIScope application to
sort this out.
Since this issue may be a problem for some of
you I decided to post TDIScope as-is for your use if needed.
TDIScope is NOT intended to be a "competitor" to the great TDIMon tool
from SysInternals.
It is not a polished application (e.g.,
printing is terribly broken...) and it is not fit for any use except research.
The only redeeming virtue of the
PCAUSA TDIScope is that is displays less information than TDIMon...
In some cases less information is better
information.
About TDIScope
TDIScope
is an application that lets you monitor TCP and UDP activity on your local
system. It consists of a MFC 7.1 application (TDIScope.exe
and a companion TDI filter driver (PCATdiFilter.sys).
Here is a screenshot of TDIScope:
Operation is fairly simple:
Suggestions
Please let us know if you encounter difficulties using
these programs or if you have
suggestions for improvement.
We will consider incorporating your
suggestions into future versions and posting them here.
The PCAUSA TDIScope software is
provided "as is", without any guarantee made as to its suitability or fitness
for any particular use. It may contain bugs, so use these tools at your own risk. PCAUSA takes no responsibly for
any damage that may unintentionally be caused through its use.
You may NOT
redistribute PCAUSA TDIScope executables or any of the
PCAUSA NDIS Developer Tools components
that you downloaded without express written permission of PCAUSA.
If someone wants these items, then they must download them from the PCAUSA
website.
Download TDIScope
(Executables Only...)
The PCAUSA TDIScope is made available for download in two formats:
ZIP File:
tdiscope.zip
37.8 KB (38,801 bytes)
NOTE 1.): Please copy the PCATdiFilter.sys file to your
System32\drivers folder.
Note 2.) The TDIScope Tool is a Microsoft Foundation Class (MFC
7.1)
application. If you don't have the MFC 7.1 redistributable components
(from Microsoft Visual Studio .NET 2003) already
installed on your system, the application will fail to load. The Windows
Installer version automatically installs these components if they are not
already installed on your system.
Windows Installer:
tdiscopewi.exe
3.45 MB (3,620,082 bytes)
.
