Windows Vista Security Sample - IPsecPing
Download IPsecPingSample.exe .
Dependencies
You must have the Windows SDK for Windows Vista. If you do not install the SDK to the default location, which is listed below, you must update the Visual Studio Include and Library paths in the sample code accordingly. Download the Windows SDK for Windows Vista. The Windows Vista SDK installs to %ProgramFiles%\Microsoft SDKs\Windows\v6.0.
The following Visual Studio 2005 project is included in the download:
PingS
This project produces IPSecPing.exe, an IPsec debugging tool. This is a socket-based client application, adapted from an existing Windows SDK sample (securesocket), with the following primary extensions:
To facilitate the debugging of the IPsec policy existing between two computers, a more usable console display is now available. See the -v (verbose) flag. For example:
>IPSecPing.exe -v -4 peermachine2 Create socket , return code=0 TCP over IPsec connect to dest: peermachine2, addr 192.168.1.184:135... TCP over IPSec WSAConnect: success, 0.01s from 192.168.1.102:49359 to 192.168.1.184:135 IKEMM: 3DES, SHA1, DH_2, Kerberos, 28800s, 192.168.1.102, 192.168.1.184, icookie=0x1a712494, rcookie=0xde0efd89 IKEQM: transport, SHA1, 3DES, 100000kb, 3600s, 192.168.1.102, 192.168.1.184, idletime=300s Disconnecting, IKE MM and QM deleted
The following is the tool output in IPv6 mode, connecting to the "securesocket" (stcpserver.exe) sample from the Windows SDK:
>IPSecPing.exe -v -6 -p 27015 peermachine2 Create socket , return code=0 TCP over IPsec connect to dest: peermachine2, addr [fe80::7449:86cb:9e9e:d6ab%8]:27015... TCP over IPSec WSAConnect: success, 0.11s from [fe80::fdf4:318:76ad:36dd%8]:49356 to [fe80::7449:86cb:9e9e:d6ab%8]:27015 IKEMM: AES-128, SHA1, DH_ECP_256, Anonymous, Kerberos, 7200s, [0:2:0:1770c8:1d24:c8:1d14], [7681:7b1c:0:20:1770:c8:1d24], icookie=0x111023c9, rcookie=0x74210bda IKEQM: transport, SHA1, AES-128, 56320kb, 3600s, [0:2:0:1770c8:1374:c8:1364], [7681:7b1c:0:20:1770:c8:1374], idletime=300s Disconnecting, IKE MM and QM deleted
A separate server-side debugging tool is no longer required. Instead, the client attempts by default to connect to the server RPC end-point mapper.
Optionally, you can specify an alternate connect-to port at the command-line.
More Information and Errata
This sample was co-developed by William Dixon of V6 Security, Inc. (https://www.v6security.com) and Dan Griffin of JW Secure, Inc. For more information, please see the MSDN online article which accompanies this sample. We will publish bugs and errata at https://www.jwsecure.com/dan/index.html. Please report new bugs by contacting JW Secure at https://www.jwsecure.com/contact.html.
this is draft content and is subject to change