Rediger

Del via


Winsock Catalog Change Tracing Details

Note

Layered Service Providers are deprecated. Starting with Windows 8 and Windows Server 2012, use Windows Filtering Platform.

 

Winsock Catalog Change event tracing for layered Service providers (LSPs) is related to LSP installation, LSP removal, LSP disable, and Winsock catalog reset operations. All of the following events are written to the Microsoft-Windows-Winsock-WS2HELP/Operational channel which is different from the other Winsock network event tracing logged on Windows Vista and later.

The following details each of the Winsock LSP events that can be traced and describes which parameters and information are logged.

LSP Install

Event ID = 1

Level = 4 (Information)

The following Winsock LSP events are traced for an LSP install operation:

  • A protocol entry is installed into the Winsock catalog.

The following parameters are logged for a LSP install event:

Parameter Description
LSP Name
The name of the LSP as obtained from the szProtocol member of the WSAPROTOCOL_INFO structure for the LSP being installed.
Catalog
The Winsock catalog (32-bit or 64-bit) where the LSP is being installed. This is an integer value that is either 32 or 64.
Installer
The module filename of the application making the LSP install call.
GUID
The GUID value of the Winsock transport provider that the LSP is being installed under.
Category
The dwCatalogEntryId member of the WSAPROTOCOL_INFO structure for the LSP being installed.

 

LSP Uninstall

Event ID = 2

Level = 4 (Information)

The following Winsock LSP events are traced for an LSP uninstall operation:

  • A protocol entry is removed from the Winsock catalog.

The following parameters are logged for a LSP uninstall event:

Parameter Description
LSP Name
The name of the LSP as obtained from the szProtocol member of the WSAPROTOCOL_INFO structure for the LSP being removed.
Catalog
The Winsock catalog (32-bit or 64-bit) where the LSP is being removed. This is an integer value that is either 32 or 64.
Installer
The module filename of the application making the LSP remove call.
GUID
The GUID value of the Winsock transport provider that the LSP is removed from.
Category
The dwCatalogEntryId member of the WSAPROTOCOL_INFO structure for the LSP being removed.

 

LSP Disable

Event ID = 3

Level = 4 (Information)

The following Winsock LSP events are traced for an LSP disable operation:

  • A protocol entry is disabled in the Winsock catalog.

The following parameters are logged for a LSP disable event:

Parameter Description
LSP Name
The name of the LSP as obtained from the szProtocol member of the WSAPROTOCOL_INFO structure for the LSP being disabled.
Catalog
The Winsock catalog (32-bit or 64-bit) where the LSP is being disabled. This is an integer value that is either 32 or 64.
Installer
The module filename of the application making the LSP disable call.
GUID
The GUID value of the Winsock transport provider where the LSP is being disabled.
Category
The dwCatalogEntryId member of the WSAPROTOCOL_INFO structure for the LSP being disabled.

 

Winsock Catalog Reset

Event ID = 4

Level = 4 (Information)

The following Winsock LSP events are traced for a Winsock catalog reset operation:

  • The Winsock catalog is reset.

The following parameters are logged for a Winsock catalog reset event:

Parameter Description
Catalog
The Winsock catalog (32-bit or 64-bit) that is being reset. This is an integer value that is either 32 or 64.

 

Control of Winsock Tracing

Winsock Tracing

Winsock Tracing Levels

Winsock Network Event Tracing Details