Why Use Winsock LSP?

June 9th, 2010

It is true that there are enormous benefits for using Winsock LSP.  The ability to manage all of your information packets is a huge tool.  The value of Winsock LSP is enormous.

However, many of the common LSP applications include things that can also be accomplished using other means.  For instance, it is great to use Winsock LSP to scan your emails or redirect web pages or even block certain websites…  But there are other non-LSP applications that do all of these things as well.

If I can accomplish the same task without using LSP, it begs the question:  Why use Winsock LSP at all?

I am not advocating that you do not use Winsock LSP.  I am not necessarily advocating that you do either (although I will always be leaning in that direction in these posts).  I am merely saying that you should certainly ask yourself this question when it is is applicable – and certainly answer it for yourself every time.


Winsock, LSP, & API

June 8th, 2010

Windows Sockets = Winsock

Layered Service Provider = LSP

Application Program Interface = API

Winsock is the highest tier in every Windows Network.  Winsock LSP is just a code that gives your application the ability to place itself within the communication stack of the API.  Winsock LSP is able to intercept, read, and modify any and all network traffic.

Winsock APIs simply facilitate communication amongst the application network calls and Windows Operating System kernel.  So all the messages sent via this network are turned into application calls.  These application calls are then fed to the Winsock API. Winsock then routes these messages through the kernel and into the waiting ports.

Since Winsock LSP is merely a code and can be placed  between the applications and the Winsock API, any network message can be intercepted and scanned.  With this data, there are many actions that may be taken and the obvios benefit to the user is clear.


Troubleshooting LSP

June 6th, 2010

There are going to be times when you will want to know exactly what LSP-enabled programs are on your system.  When you want to know eactly what LSP program is running on your windows system, you simply need to enter “netsh winsock show catalog | more” into a command line window.

If you are like me and you want this information saved to a txt file, then simply open that command line window again and enter “netsh winsock show catalog >my_lsp.txt” instead.

It is true that any search engine query into “LSP Troubleshooting” will return more options; however, when faced with an actual concern about LSP malware, just go straight to your favorite anti-malware software.  Anti-malware programs are going to be more suited to fighting hacker infestations.


The Good and Bad of Winsock LSP

June 4th, 2010


Your security is enhanced by Winsock LSP as it disables malicious network commands.  Also  URL content sniffers, Quality of Service, stream-based,  stream based network sniffers, and data logging, is all possible with LSP. 


Unscrupulous individuals can use LSP too.  Adware and/or spyware programs using LSP can intercept private Internet communication.  Stolen information can be stolen and collected by Hackers.  They can also steal financial information and SPAM authors use LSP to collect data for their SPAM campaigns. 

Without malice though, you can still have LSP problems.  Your Winsock catalog and your Windows registry can be damaged by improperly installed LSP programs or even LSP programs that do not register correctly. 


A Very Brief Introduction to Winsock LSP

June 2nd, 2010

Windows Socket Layered Service Provider (or Winsock LSP) is included in the Service Provider Interface.  One of the least understood aspects of Winsock2, the Service Provider Interface can be greatly confusing.  There is just not a lot of good information regarding Winsock LSP on the Internet.

When a program uses LSP, it will use both the Winsock API and the Windows DLL file to place itself within a host computer’s communication stream.  Once there, it will have the ability to modify and intercept all of the network communication coming to and from the computer.

There are clearly many far reaching uses for this type of software.  (The Winsock LSP works only within a Microsoft operating system.)  Unfortunately, not every use will be correct – there is just as much room for mis-use as there is for use.