使用哪些标注/过滤器来计算流量 [英] Which callouts/filters to use to count traffic

问题描述

我要制作流量统计应用程序/驱动程序.我需要记录的数据是:进行连接的应用名称，本地和远程地址，发送的字节，接收的字节，时间戳.流量本身不会以任何方式被监视/过滤/更改/阻止.哪一个 过滤器，标注和其他我应进行处理以实现此目标的步骤?有太多的东西让我迷失了. TIA.

I want to make traffic accounting application/driver. The data I need to log is: App name that does connection, local and remote address, bytes sent, bytes received, timestamp. The traffic itself is not monitored/filtered/altered/blocked in any way. Which filters, callouts and other should I process to achieve this goal? There's so many of them that I lost in it. TIA.

推荐答案

最好使用ALE_AUTH_CONNECT，ALE_FLOW_ESTABLISHED和INBOUND/OUTBOUND_TRANSPORT.

You would probably be best served to use ALE_AUTH_CONNECT, ALE_FLOW_ESTABLISHED and INBOUND / OUTBOUND_TRANSPORT.

您将希望在这些层上查看元数据以及可分类的数据.

you will want to look at the Metadata at these layers, as well as the classifiable data.

http://msdn.microsoft.com/en-us/library/ff559179(VS.85).aspx
http://msdn.microsoft.com/en-us/library/ff549939 (v = VS.85).aspx

您可能需要解析标头才能获取所需的一些信息.

You will likely need to parse the headers in order to get some of the info you are seeking.

希望这会有所帮助.

 

这篇关于使用哪些标注/过滤器来计算流量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！