Windows Vista Security Sample - IPsecPing

Download IPsecPingSample.exe .

Dependencies
You must have the Windows SDK for Windows Vista. If you do not install the SDK to the default location, which is listed below, you must update the Visual Studio Include and Library paths in the sample code accordingly. Download the Windows SDK for Windows Vista. The Windows Vista SDK installs to %ProgramFiles%\Microsoft SDKs\Windows\v6.0.

The following Visual Studio 2005 project is included in the download:

PingS

This project produces IPSecPing.exe, an IPsec debugging tool. This is a socket-based client application, adapted from an existing Windows SDK sample (securesocket), with the following primary extensions:

1. To facilitate the debugging of the IPsec policy existing between two computers, a more usable console display is now available. See the -v (verbose) flag. For example:

    >IPSecPing.exe -v  -4 peermachine2
   Create socket , return code=0
   TCP over IPsec connect to dest: peermachine2, addr 192.168.1.184:135...
   TCP over IPSec WSAConnect: success, 0.01s from 192.168.1.102:49359 to 192.168.1.184:135
   IKEMM: 3DES, SHA1, DH_2, Kerberos, 28800s, 192.168.1.102, 192.168.1.184, icookie=0x1a712494, rcookie=0xde0efd89
   IKEQM: transport, SHA1, 3DES, 100000kb, 3600s, 192.168.1.102, 192.168.1.184, idletime=300s
   Disconnecting, IKE MM and QM deleted
   

   The following is the tool output in IPv6 mode, connecting to the "securesocket" (stcpserver.exe) sample from the Windows SDK:

    >IPSecPing.exe -v  -6 -p 27015 peermachine2
   Create socket , return code=0
   TCP over IPsec connect to dest: peermachine2, addr [fe80::7449:86cb:9e9e:d6ab%8]:27015...
   TCP over IPSec WSAConnect: success, 0.11s from [fe80::fdf4:318:76ad:36dd%8]:49356 to [fe80::7449:86cb:9e9e:d6ab%8]:27015
   IKEMM: AES-128, SHA1, DH_ECP_256, Anonymous, Kerberos, 7200s, [0:2:0:1770c8:1d24:c8:1d14], [7681:7b1c:0:20:1770:c8:1d24], icookie=0x111023c9, rcookie=0x74210bda
   IKEQM: transport, SHA1, AES-128, 56320kb, 3600s, [0:2:0:1770c8:1374:c8:1364], [7681:7b1c:0:20:1770:c8:1374], idletime=300s
   Disconnecting, IKE MM and QM deleted
   

2. A separate server-side debugging tool is no longer required. Instead, the client attempts by default to connect to the server RPC end-point mapper.

3. Optionally, you can specify an alternate connect-to port at the command-line.

More Information and Errata

This sample was co-developed by William Dixon of V6 Security, Inc. (https://www.v6security.com) and Dan Griffin of JW Secure, Inc. For more information, please see the MSDN online article which accompanies this sample. We will publish bugs and errata at https://www.jwsecure.com/dan/index.html. Please report new bugs by contacting JW Secure at https://www.jwsecure.com/contact.html.

this is draft content and is subject to change