Winsock2
Applies To: Windows Server 2008
Winsock enables programmers to create advanced user-mode or kernel-mode Internet, intranet, and other network-capable applications to transmit application data across the wire, independent of the network protocol being used.
User-mode applications are created by using the Winsock2 application programming interface (API). In Windows Vista and Windows Server 2008, kernel-mode applications are created by using a new transport-independent kernel-mode Network Programming Interface (NPI) called Winsock Kernel (WSK). WSK NPI replaces the Winsock Kernel API used to create kernel-mode applications in earlier versions of the Windows operating system.
By using the WSK NPI, kernel-mode software modules can perform network communication by using socket-like programming instructions similar to those supported in the user-mode Winsock2 API. Although the WSK NPI supports most of the same socket programming concepts as user-mode Winsock2, such as socket creation, bind, connect, accept, send and receive, it is a completely new programming interface with unique characteristics, such as asynchronous input/output (I/O), that uses input/output request packets (IRPs) and event callbacks to enhance performance for kernel drivers.
Aspects
The following is a list of all aspects that are part of this managed entity:
| Name | Description |
|---|---|
Winsock does not log events unless Event Tracing for Windows (ETW) is enabled for Microsoft-Windows-Winsock-AFD, which is disabled by default. After ETW is enabled, an event is logged whenever a Winsock-based application uses one of the core Winsock operations, such as creating a socket. To verify that tracing for Winsock is enabled:
Note: Alternatively, tracing can be enabled or disabled by using Event Viewer. |