Hi all, I am building a network filter using MS WFP. I am able to capture all transport in/outbound traffic using the fwp transport v4 in/outbound layers. I cannot find and would like to know which field in the data structures passed to the classify functions identifies if the packet is a syn, syn-ack, ack, rst, and where is the list of possible values for this field, I only need this for logging purposes, i also implemented the ALE layers bur prefer the transport as it shows the tcp handshake in the way that i have always understood, thanks.
There is no flag passed to your classifyFn which identifies this. You’ll need to pull this from the packet data itself.
J