Traffic Monitoring via Raw Sockets
This monitoring method works on a limited set of Windows Server Editions.
(Early Windows Server 2008 editions are not supported, but it works on Windows Server 2008 R2 and later.)
Additionally, it may not work if there are third-party firewalls or anti-viruses installed
The advantage of this method is that it does not require any additional software, such as
NPcap, to be installed.
The disadvantage of this method is that it may result in high CPU usage on heavily loaded servers.
Therefore, we recommend using WinPcap/NPcap instead.
The following dialog allows you to configure the Raw Sockets monitoring method.
Raw Sockets Configuration
Addresses to monitor
Monitor All IP Addresses
RdpGuard listens on the protocol-specific ports for each IP address associated with the machine.
It is important to note that monitoring all IP addresses can affect server performance,
especially if there are a high number of IP addresses associated with the machine.
Monitor selected IP Addresses
To avoid a decrease in performance, it is recommended to limit the number of IP addresses your
server software is listening on. This can be done by configuring the server software settings or firewall rules.
After you have completed the server software configuration, you can update the addresses to monitor in RdpGuard.