NDIS: Unveiling the Network Driver Interface Specification

Last Edited



, ,

The Network Driver Interface Specification (NDIS) is an application programming interface (API) for network interface cards (NICs). It was developed by Microsoft and 3Com in the 1980s to standardize the interface between network card drivers and the operating system in Windows. NDIS plays a crucial role in the networking architecture of Windows operating systems, ensuring that network hardware and software can communicate effectively, regardless of the specific hardware in use.

Table of Contents:

  1. What is Network Driver Interface Specification?
  2. How NDIS Works
  3. The History of NDIS
  4. Examples of NDIS Use
  5. References
This image the essence of NDIS (Network Driver Interface Specification) as a crucial bridge for communication between network hardware and the Windows operating system, emphasizing its key role in ensuring seamless data transmission and interoperability.

1. What is Network Driver Interface Specification?

The Network Driver Interface Specification (NDIS) is a pivotal technology framework that facilitates the communication between network hardware and software within the Windows operating system. Developed to standardize the network driver architecture, NDIS provides a consistent programming interface that enables network interface cards (NICs) to communicate with network protocols like TCP/IP. This abstraction layer ensures that hardware manufacturers and software developers can create compatible products without needing detailed knowledge of each other’s work, significantly enhancing interoperability and flexibility in network configurations.

Network Driver Interface Specification  (NDIS)
NDIS Architecture in Windows NT/2000

2. How NDIS Works

In recent versions of Windows operating systems, NDIS continues to evolve, incorporating advanced features to support modern networking needs. The operation of NDIS in these environments can be detailed through its key components and mechanisms:

Miniport Drivers

These drivers are specific to the network interface card (NIC) and manage the hardware details of sending and receiving data. Windows communicates with these drivers through the NDIS interface, allowing the system to interact with various hardware without needing hardware-specific code.

Protocol Drivers

These are higher-level drivers that implement network protocols such as TCP/IP. Protocol drivers process the data being sent or received over the network, working atop the miniport drivers to ensure that data packets are correctly formatted and addressed according to the network protocol in use.

Intermediate Drivers

Serving a dual role, intermediate drivers can act as both protocol and miniport drivers. They insert themselves into the driver stack, facilitating additional processing or layering of protocols. This is particularly useful for features like packet filtering, network traffic encryption, or load balancing.

NDIS Library

A key component of the NDIS architecture is the NDIS library, which provides various services and utilities to support the operation of miniport, protocol, and intermediate drivers. These services include buffer management, event handling, and direct memory access (DMA) operations, among others.

Offloading and Scalability Features

Recent versions of NDIS implement offload features, allowing certain network processing tasks to be offloaded to network hardware (when supported), reducing CPU load and improving overall system performance. Scalability features, such as Receive Side Scaling (RSS), distribute network processing across multiple CPU cores, enhancing performance for high-speed networks.

NDIS Light Weight Filter (LWF) Drivers

These drivers provide a mechanism to implement filtering and modification of network packets at various layers in the network stack. LWF drivers are critical for security applications, network monitoring tools, and virtual network interfaces.

NDIS Network Interface Architecture

NDIS provides a set of services to support network interfaces and interface stacks. In the WDK, this set of services is referred to as NDIS network interface (NDISIF) services.

The following figure shows the NDISIF architecture for NDIS 6.0 and later.

The NDISIF components of the architecture include:

  • NDIS IF Services
    An NDIS component that handles registration of interface providers and interfaces, implements OID query and set services for interface providers, and supplies other NDISIF services.
  • NDIS IF provider interface
    An interface that the NDIS IF Services component supplies to enable NDIS drivers to implement interface providers.
  • NDIS proxy interface provider
    An NDIS component that implements the NDISIF provider services on behalf of NDIS miniport drivers (for each miniport adapter) and filter drivers (for each filter module).
  • Interface provider
    An NDIS driver that provides the NDISIF provider services for interfaces that the NDIS proxy interface provider component cannot serve. For example, a MUX intermediate driver can have internal interfaces between its virtual miniports and underlying adapters.

The NDIS proxy interface provider uses the standard NDIS miniport driver and NDIS filter driver interfaces to provide NDISIF services for miniport adapters and filter modules. Therefore, miniport drivers and filter drivers are not required to register as interface providers.

[Microsoft Learn, NDIS Network Interfaces]

3. The History of NDIS

The development of the Network Driver Interface Specification (NDIS) marks a significant milestone in the evolution of network computing. Jointly developed by Microsoft and 3Com in 1989, NDIS was introduced to address the growing need for a standardized interface that could support the interoperability of network hardware and software. This need was driven by the diversification of network equipment and the expansion of computer networking into everyday business operations and personal computing.

Over the years, NDIS has undergone a series of revisions, each aimed at enhancing its functionality, supporting emerging networking technologies, and improving performance and security. The table below outlines key milestones in the evolution of NDIS:

NDIS Versions

VersionPlatform16-bit or 32-bitFeatures
1Initial release, basic framework (1989)
2Windows for Workgroups and OS/216Real mode; each NIC must have its own driver.
3Windows NT 3.5 x32Unlimited number of NICs can be bound to an unlimited number of protocols.
3.1Windows 9532A superset of NDIS 3 with plug and play functionality and support for minidrivers. Windows 95 supports up to four NICs in a computer.
4Windows NT 432Unlimited number of NICs can be bound to an unlimited number of protocols. Also allows capturing of all frames on local network segment without the need to switch the NIC to promiscuous mode.
5Windows 98 and Windows 200032Adds support for connection-oriented networks such as Integrated Services Digital Network (ISDN) or Asynchronous Transfer Mode (ATM), including support for multiple virtual circuits on one network adapter.
6.86Windows 1132/64
See: All NDIS versions (Microsoft Learn)

These revisions have expanded NDIS’s capabilities, allowing for more sophisticated network configurations. Modern versions support scenarios where one NIC can be bound to multiple protocols—ideal for operating in heterogeneous network environments. Additionally, NDIS facilitates configurations where one protocol can run over multiple NICs, a feature that enhances network bandwidth and resilience for servers handling heavy traffic.

As networking technology continues to evolve, with increasing demands for speed, reliability, and security, NDIS’s role as a foundational component of the Windows networking stack remains unequivocally vital. Its history reflects a journey of adaptation and innovation, ensuring that Windows-based systems can keep pace with the ever-changing landscape of network computing.

4. Examples of NDIS Use

The Network Driver Interface Specification (NDIS) is instrumental in various networking scenarios, enabling diverse and efficient network configurations across Windows operating systems. Here are some practical examples of how NDIS is utilized:

  1. Network Interface Card (NIC) Drivers: Manufacturers of NICs leverage NDIS to create miniport drivers that allow their hardware to communicate seamlessly with Windows OS. This ensures that any NIC, regardless of its manufacturer, can be easily installed and used on Windows systems.
  2. Virtual Private Networks (VPNs): VPN software often uses NDIS intermediate drivers to insert a virtual network adapter into the Windows networking stack. This adapter then encrypts and routes internet traffic through a secure tunnel to the VPN server, ensuring secure and private internet access.
  3. Network Monitoring and Analysis Tools: Tools designed for network traffic analysis utilize NDIS to capture network packets directly from the NIC before they reach the protocol stack. This allows for real-time monitoring and analysis of network traffic for security, troubleshooting, and performance optimization.
  4. Firewall and Antivirus Software: Security applications use NDIS filter drivers to examine incoming and outgoing packets at various layers of the network stack. This enables them to block malicious traffic, preventing malware and attacks from compromising the system.
  5. Load Balancing: In environments with multiple NICs, NDIS can manage the distribution of network traffic across the NICs. This load balancing enhances the network’s capacity and reliability, ensuring optimal performance and redundancy.
  6. Wireless Networking: Wireless LAN (WLAN) adapters utilize NDIS to interface with the Windows wireless stack, enabling users to connect to Wi-Fi networks. NDIS handles the complexities of wireless communication, including authentication and encryption, providing a seamless user experience.

5. References



  • RFC 1180: A TCP/IP Tutorial – This RFC, while not specifically about NDIS, offers foundational knowledge on TCP/IP protocols, understanding which is crucial when working with NDIS.
  • RFC 2460: Internet Protocol, Version 6 (IPv6) Specification – As NDIS supports IPv6, this RFC is essential for understanding the IPv6 protocol.

Online Resources:

  • Microsoft Documentation on NDIS: Microsoft’s official documentation provides comprehensive information on NDIS, including development guides, reference materials, and sample code.


Network Encyclopedia: