For example, in the Microsoft-Windows-NDIS-PacketCapture provider configuration, you can specify ETW Core provider settings, interface selection, and advanced filtering configurations when capturing traffic on local or remote hosts, virtual machine (VM) adapters, and Hyper-V-Switches, as described in Using the Advanced Settings - Microsoft-Windows-NDIS-PacketCapture Dialog. Message Analyzer provides several built-in Trace Scenarios that use the Microsoft-Windows-NDIS-PacketCapture provider, in which there are special features that enable you to create unique capture configurations.
#Microsoft remote ndis driver windows 10 keygen#
Message Analyzer uses Windows Management Instrumentation (WMI) remoting facilities for capturing data on remote computers. Because the Microsoft-Windows-NDIS-PacketCapture filter driver works with this infrastructure, it can deliver the frames it captures at the Data Link Layer as ETW events. The Microsoft-Windows-NDIS-PacketCapture is also instrumented to work with the ETW infrastructure, which provides the mechanisms for controlling ETW Sessions, buffering captured data, and delivering events. However, you cannot successfully target any computer for remote capture if it is running a down-level operating system such as Windows 7, Windows 8, or Windows Server 2012. You can even target local and remote traffic at the same time, as long as you specify the local host and target remote computer names in the Target Computers list in the New Session dialog during Live Trace Session configuration. This means that you can use any Trace Scenario that includes this provider to target the capture of traffic from any local or remote host, as long as they are running one of these operating systems.
The Microsoft-Windows-NDIS-PacketCapture provider is instrumented to support these capture scenarios on computers running the Windows 8.1, Windows Server 2012 R2, Windows 10, or later operating system. The Microsoft-Windows-NDIS-PacketCapture provider works with several Trace Scenarios that are optimized to capture traffic on either a local or remote computer.