Brief introduction
With the addition of Windows Firewall to MICROSOFT®WINDOWS®XP Service Pack 2 and Windows server™2003 Service Pack 1, and Internet Protocol security (IPSEC) in public Division Intranet, Information Technology (IT) professionals need to understand the specific ways in which TCP/IP protocols and related components in Windows handle unicast Internet Protocol (IP) packets. The detailed knowledge of IP packet processing paths makes it easier for you to master configuration packet processing and filtering components, as well as specific ways to troubleshoot related issues.
The contents of this article are as follows:
• The basic architecture of the TCP/IP protocol for version 4 and other components for processing packets.
• Packet processing path for unicast traffic sent, received, and forwarded by windows-based computers
Note for the sake of brevity, this article will not discuss multicast, broadcast, staging, or tunneling packets.
The following components can handle IP packets:
IP forwards the next hop interface and address for packets sent or forwarded.
TCP/IP filtering allows you to specify the type of traffic that can be accepted for incoming local host traffic (packets destined for the host) by IP protocol, TCP port, or UDP port. You can configure TCP/IP filtering in the Network Connections folder, from the Options tab of the advanced properties of the Internet Protocol (TCP/IP) component.
• Filter Hook Driver This Windows component uses the filter hook API to filter incoming and outgoing IP packets. On a computer running Windows Server 2003, the filter hook driver is Ipfltdrv.sys and belongs to a component of Routing and Remote Access. When enabled, Routing and Remote Access allows users to configure separate inbound and outbound IP packet filters for each interface using the Routing and Remote Access snap-in. Ipfltdrv.sys will also check the local host and transit IP traffic (packets not destined for the host).