Hi,
> The Monitor sample included does not capture packets sent to/from ping.exe on windows server 2008 x64 but does on windows XP SP3!
Yes, it’s limitation for Vistaw2k8. Unfortunatly ICMP can’t be caught on tdi level for these platforms.
> On this subject, the PROTOCOL enumeration in nttdiapi.cs has only 23 members, however the GetProtocolName function in Monitor.cs lists every protocol.
PROTOCOL enumeration contains protocols defined in winsock2.h (ws2def.h). Example shows all the possible protocols.
> Given that PROTOCOL_ANY is 0 but the iana shows 0 is asigned to HOPOPT,
0 = HOPOPT (IPv6 Hop-by-Hop Option) for IPv6
0 = IP (Any IP protocol) for IPv4
Nttdiapi works for ipv4 only and doesn’t support ipv6.
> what are the valid values for m_Protocol in FILTER_INFO and what are the possible values returned in a LOG_INFO?
Valid protocol number for ipv4.
=Anton.