IT Interview Questions: Looking at IPSec-encrypt

Interview Questions

IT Interview Questions: Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?

Information Technology (IT) Interview Questions and Answers

IT Interview Questions: Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?

Mirrored Packet you can see
What can you do with NETSH?
What can we do with Netsh.exe? With Netsh.exe you can view your TCP/IP settings. Type the following command in a Command Prompt window (CMD.EXE):
netsh interface ip show config You can configure your computer's IP address and other TCP/IP related settings. For example: The following command configures the interface named Local Area Connection with the static IP address 192.168.0.100, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1: netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0 192.168.0.1 1 (The above line is one long line, watch for word wrap. Copy paste it as one line) Netsh.exe can be useful in certain situations when you have a portable computer that needs to be relocated between 2 or more office locations, while still maintaining a specific and static IP address configuration. With Netsh.exe, you can save and restore the appropriate network configuration all from the command prompt. Connect your portable computer to location #1, and then manually configure the required network settings.

Now, you need to export your current IP settings to a text file. Use the following command:
netsh -c interface dump > c:\location1.txt
When you reach location #2, do the same thing, only keep the new settings to a different file:
netsh -c interface dump > c:\location2.txt
You can go on with as many other location you may need. Now, whenever you need to travel between locations, you can enter the following command in a Command Prompt window (CMD.EXE):
netsh -f c:\location1.txt
or
netsh -f c:\location2.txt
Netsh.exe can also be used to configure your NIC to automatically obtain an IP address from a DHCP server:
netsh interface ip set address "Local Area Connection" dhcp
You can use this command to setup WINS:
netsh interface ip set wins "Local Area Connection" static 192.168.0.200
Or, if you want, you can configure your NIC to dynamically obtain it's DNS settings:
netsh interface ip set dns "Local Area Connection" dhcp
Netsh is very customizable and very useful.
How do I look at the open ports on my machine?

Shell to "Netstat" and save the result as a string and rip it line by line Code: Call Shell("command.com /c netstat -an -o > " & sfile, vbNormal) 2. Use GetTcpTable() and GetUdpTable(), as mike said or you can use the undocumented AllocateAndGetTCPExTableFromStack API to get the same list but with the PID (work only with XP). 3. Use the Native API, not documented, NtQuerySystemInformation(). To know the processes with open ports. With this API you will access the TDI level (Transport Driver Interface) located in the system library NTDLL.DLL

(Continued on next question...)