Sniffing Disk I/O

asked 2020-04-19 18:04:13 +0000

P Rao gravatar image

updated 2020-04-19 18:06:05 +0000

I have a special requirement to sniff the data being copied to hard disk. To use wire shark here I have 2 options. Use a USB based hard disk or network shared folder. This is having issues. The application that writes to disk is at very high throughput and speed. Hence anything other than SATA SSD or M.2 SSD will lose data. Also USB and network adds protocol overhead to the bytes being written to disk.

Can you please suggest if there is a solution to this. I need the raw bytes to be sniffed from the I/O in the same Windows 10 PC. Soon I would need the same solution on Linux as well. Looking forward to the response.

edit retag flag offensive close merge delete


I don't think try to push this "high throughput" traffic over a network and capturing it via Wireshark will be successful. A more suitable solution, for Windows at least, might be a filesystem filter driver, not trivial though.

grahamb gravatar imagegrahamb ( 2020-04-19 20:04:11 +0000 )edit


Some examples or a pointer to a detailed usage/API documentation would be a great help.

Regards Prashanth

P Rao gravatar imageP Rao ( 2020-05-14 18:24:13 +0000 )edit