Manage multiple servers with PowerShell Server Manager

PowerShell Server Manager allows administrators to manage multiple servers, Windows roles and features -- all from a single console.

Administrators for large Microsoft environments that use Windows Server 2008 or higher likely have had to manage Windows roles. Windows Server has roles and features that allow admins to add, remove or modify features by clicking a checkbox. However, clicking checkboxes isn't the most automatic way to manage servers. This is where Windows PowerShellcomes into play.

Windows Server Manager is a graphical user interface (GUI) that creates a single area for managing server identities and system information. The interface allows admins to point and click on various tasks. While this works for environments that have a few one-off servers, it doesn't work for environments with mass deployment of servers. Shifting to the command line can simplify things.

PowerShell has a module calledServerManager that contains useful cmdlets to help the administrator manage roles and features (Figure 1).

PowerShell Server Manager module

In this example, there are two aliases and five actual cmdlets and functions. To be more concise, we will use the cmdlet/function names here. To start, determine all the roles and features available on a given system. To do so, use Get-WindowsFeature.

When you use the Get-WindowsFeature without parameters, it returns all roles and features on a system -- whether or not they are installed. Figure 2 shows a handful of the features available on the test system.

An example of some the Get-WindowsFeature options

To get only the features that are currently installed, use the Where-Objectcmdlet (Figure 3).

The Where-Object cmdlet calls up installed features

What do you do when installing a new Windows feature? You can use theInstall-WindowsFeature. For example, if I want to install the SNMP service on my local machine, I’d use the Install-WindowsFeature cmdlet with the Name parameter. The feature has been successfully installed (Figure 5).

The SNMP service is installed

When removing features, use the Remove-WindowsFeature cmdlet. You can remove features just as easily as you can install them using the same parameter name of Name (Figure 6).

Remove Windows features using the Remove-WindowsFeature cmdlet

The UI notes that you must restart the server to finish removing a feature. If you’re using this in a script, you might not want to do that manually. TheInstall-WindowsFeature and Remove-WindowsFeature have Remove parameters that you can use in case the server automatically restarts (if it needs to) after running each cmdlet.

This is fine if you have a single server, but manually keying this in for several servers would be similar to doing it through Server Manager. Using PowerShell's remoting feature, admins can use the ComputerName parameter to point the task at any remote computer (Figure 7).

Use the ComputerName parameter to point to the task at any remote computer.

What if you want to install a Windows feature on 100 servers? This isn't a problem if you have them in a text file. If you have a CSV file with a header of ServerName -- and all the names of the servers under that -- you can read this CSV file with PowerShell’s Import-Csv cmdlet and start any Windows feature cmdlet.

Import-Csv C:\Servers.csv | foreach { Install-WindowsFeature -Name 'SNMP-Service' -ComputerName $_.ServerName }

This command would read every server name from the CSV and install the SNMP service on each computer at once.

Courtesy: AdamBertram

Troubleshoot Windows Server file copy errors

Copying large files to a Windows Server file share can sometimes fail. Performance Monitor or PowerShell commands can help find and fix file copy errors.

Server Message Block file shares have existed for long enough that they are generally stable and reliable. However, some administrators have found that copying large files from a Windows 7 or Windows 8 client computer to a Windows Server file share can result in erratic -- and sometimes problematic -- behavior.

The first step in resolving file copy errors is to recognize what type of behavior occurs by design and what behavior indicates a problem. In Windows 7, it is usually easy to distinguish between normal file-copy behavior and problematic behavior. But due to the way the Windows 8 buffering process works, it can sometimes appear as though there are problems when none exist.

When copying a file to a remote file share, Windows 8 uses a memory buffer. It reads a portion of the file into memory, and then writes it to the file share. With smaller files, this technique results in very fast file copy operations. With larger files, the file copy process initially goes very quickly and then slows to a crawl (Figure A).

Figure A: When copying a large file in Windows 8 to a file share on the network, the transfer will start fast then slow significantly.

If the file being copied is not excessively large, then the behavior in Figure A will continue until the copy finishes. For larger files -- or computers with smaller buffers -- the copy operation will occur in spurts. Large chunks of data will be copied, with periods of little to no activity in between. These slowdowns occur as the operating system flushes and then repopulates the buffer (Figure B).

Figure B: In some cases, the file copy process may vary in speed.

Neither of the conditions shown in Figure A and Figure B indicates a problem. This is normal behavior for Windows 8.1. However, in some cases, the file copy process may time out, resulting in an error message (Figure C).

Figure C: In some cases, the copy will fail when the time-out period expires.

This problem only seems to occur when copying very large -- 10 GB and larger -- files. The error message in Figure C is "Error 0x80070079: The semaphore timeout period has expired." This general error can be hard to diagnose. The error can occur with Windows 7, Windows 8 and possibly other versions of Windows. It can be caused by the Windows desktop, Windows Server or the network connecting the two.

Check the server logs

Begin the troubleshooting process by checking the server's event logs. While this error may not generate an event in the log, you may spot something else that could contribute to the time-out.

Next, check if the server or the workstation is causing the problem. Although the Performance Monitor can help, subjective tests are just as effective. Start a large file copy that is likely to produce an error, and then test the responsiveness of the server and the desktop. Can you play a video on the desktop? Can you write files from another desktop to the server while the file copy process is going on? In most cases, you will probably find that the desktop remains responsive, but that the server's performance decreases dramatically.

Use PowerShell for a further diagnosis

If you isolate the problem to the server, then you will need to work to find the exact cause of the problem. The issue is almost always related to a storage bottleneck or network bottleneck. These bottlenecks can be the result of a poorly designed configuration or a health problem. Run the following twoPowerShell commands on your file server:

Get-PhysicalDisk

Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object ReadErrorsTotal, WriteErrorsTotal, Temperature

These commands will show whether the disks in your server are healthy, and whether or not any read or write errors are occurring. Sometimes, the file-copy time-out error occurs because of an unhealthy disk that cannot keep pace with the I/O requests.

It is also a good idea to review how the server's physical network adapters are being used, especially if the file server is a virtual machine. Imagine that a host server has a single NIC team that it uses for all traffic. Virtualization-related operations, such as live migrations and replication operations, can steal bandwidth from user sessions and cause file copy operations to time out.

If you are not immediately able to solve the file copy errors, then you might be able to temporarily work around the issue by using a dedicated file-copy utility, such as Robocopy, rather than the operating system's built-in copy functionality.

Courtesy: Brien Posey

Use a PowerShell script to force logoff an RDP session

When end users remain logged in to an RDP session, it consumes valuable resources. Use this PowerShell script to force users to log off.

It's not a new problem: An end user logs in to a Windows server using Remote Desktop Protocol and then forgets to log off. When a session remains open, it continues to consume resources on the server unnecessarily. There's a PowerShell script you can use to force end users to log off and free up those resources.

To begin a force logoff of a user'sRemote Desktop Protocol (RDP) session, an admin must first query all the Remote Desktop Services' (RDS) server sessions on the machine and check their status. After detecting all disconnected services, the next step is the force logoff.

Download the free PowerShell module called PSTerminalServicesand ensure it's available in your PowerShell. All the installation instructions are on the PSTerminalServices site.

The first step I'll take with this module is to see if I can get all of the active sessions on my lab server -- HYPERV (Figure 1).

Get-TSSession -ComputerName HYPERV

Currently, I only have a couple sessions in a disconnected state. So, I'm seeing all of the sessions, but I only want to see those that are disconnected. To do that, I'll add the State parameter (Figure 2).

Get-TSSession -ComputerName HYPERV -State Disconnected

This is helpful, but there's still a problem. Session 0 is not an RDP session, and there’s no way to remove that from the result with Get-TSSession. I'll use Where-Object to remove that session as well (Figure 3).

Get-TSSession -ComputerName HYPERV -State Disconnected | where { $_.SessionID -ne 0 }

Now, I can view all of the sessions I want to stop. Next, I just need to kill these sessions. To do this, the PSTerminalServices module has a Stop-TSSession cmdlet. This cmdlet does exactly what you think it does -- it kills the session (Figure 4).

Get-TSSession -ComputerName HYPERV -State Disconnected | where {$_.SessionID -ne 0} | Stop-TSSession

The Stop-TSSession cmdlet forcefully logs off a session, which might cause end users to lose their work, so it prompts the admin. I could just hit "A" here and move on, but sometimes admins don't want to be prompted. If you plan to include this in a larger script, a prompt will break the script. The best bet is to remove that confirmation.

The Stop-TSSession cmdlet has a common PowerShell parameter, called –Force, which allows admins to perform the action without any confirmation.

Get-TSSession -ComputerName HYPERV -State Disconnected | where {$_.SessionID -ne 0} | Stop-TSSession -Force

If you receive no output, the session was logged off successfully.

Courtesy: Adam Bertram

Microsoft Scale-Out File Server definition

Microsoft Scale-Out File Server is an active-active clustered storage feature based on Server Message Block (SMB) 3.0 to provide continuous availability of file shares in Windows Server. 

Scale-Out File Server was introduced in Windows Server 2012 and is designed for use as a file share for server application data, such as Microsoft Hyper-V virtual machines (VMs) and SQL Server. The file shares are available at the same time on all nodes in the cluster. The active-active feature keeps data on the file share available despite downtime on a node either for maintenance or from a failure.

Scale-Out File Server uses the total bandwidth of the cluster nodes to deliver data. Administrators can boost bandwidth by adding more nodes to the cluster. Scale-Out File Server optimizes traffic by providing automatic rebalancing of connections to provide the fastest route to the file share.

 Courtesy: Margaret Rouse

How Windows Server 2012 can solve Windows failover cluster headaches

In Windows Server 2012, Microsoft tried to smooth out some major Active Directory bumps in failover clusters. Did it fix what's bothering you?

Like it or not, Active Directory is a vital component of Windows Failover Clusters and can adversely affect its stability. Have you ever experienced the dreaded NETLOGON event, indicating that no domain controllers could be contacted, so your cluster fails to start? How about being unable to create a cluster or virtual servers due to restrictive organizational unit permissions? Microsoft has recognized these and other common AD problems and made significant efforts to fix these shortcomings in Windows Server 2012.

Cluster startup without Active Directory

Perhaps one of the most catastrophic events a cluster can face is when it can't contact adomain controller (DC) during formation. A different scenario leading to this same problem occurs when you attempt to virtualize your DCs as virtual machines in a Windows failover cluster. The cluster must contact a DC to start, but the virtual DC can't start until the cluster does. This reliance on AD for a cluster to form has been eliminated in Windows Server 2012.

You'll need to create a Windows Server 2012 cluster by contacting a DC and storing its authentication data in AD, along with any cluster members, for this function to work. Then existing clusters can start up without having to first contact a DC for authentication. Prior to Windows Server 2012, cluster startup was supported, although not recommended, to run the AD Services role on cluster members to make them more resilient to AD connectivity issues. It is no longer necessary, nor is it supported to run domain controllers as cluster nodes as Microsoft documents in KB 281662.

Flexible OU administration

Another AD shortcoming that has been addressed in Windows Server 2012 is the ability to specify in which organizational units (OU) the computer objects for the cluster will be created. In the past, when a cluster was created, the Cluster Name Object (CNO) was created in the default Computers container in the OU where the cluster members reside. This prevented admins from delegating control to specific OUs for the purpose of managing Failover Clusters without going through painful prestaging efforts.

In Windows Server 2012, both the Create Cluster Wizard and the PowerShellcmdlet New-Cluster allow you to specify in which OU the CNO will be created. In addition, any Virtual Computer Objects (VCO) for the network names associated with highly available cluster roles will be created in the same OU. The user account that creates the cluster must have the Create Computer Objects permission in the specified OU. In turn, the newly created CNO must have Create Computer Objects permission to create VCOs. You can move all these computer objects to a different OU at any point -- without disrupting the cluster. Keep in mind the custom OU must be created before you create your cluster.

Unfortunately, the syntax for specifying a particular OU where the CNO should be created isn't intuitive in the Create Cluster Wizard or the corresponding PowerShell New-Cluster cmdlet. The Create Cluster Wizard will create appropriate syntax for specifying the distinguished name of the cluster, along with the OU where it will reside. In our example, the name of the cluster is Win2012Clus1, and its CNO will be created in theClusterServers OU in the fictitious Winners.com domain (Figure 1).

Using the Create Cluster Wizard to specify a custom OU for cluster AD computer objects.

Next, look at the syntax for creating a cluster using the PowerShell New-Cluster cmdlet. In this example, the command creates a cluster with the name Win2012Cluster1, placing the CNO in the ClusterServers OU in the fictitious domain using a static IP address of 192.168.0.252 (Figure 2).

Use the New-Cluster PowerShell cmdlet to create a cluster specifying a custom OU.

After you create the Windows failover cluster, use Active Directory Users and Computers to view and manage the new CNO placed in the custom OU called ClusterServers (Figure 3). Any new cluster roles that are configured will create their VCO in the same OU.

Using Active Directory Users and Computers to view the Cluster Name Object (CNO).

Additional cluster and Active Directory enhancements

With Windows Server 2012, you can have a failover cluster located in a remote branch office or behind a DMZ with a Read-Only Domain Controller (RODC). While the CNO and VCOs must be created beforehand on a RWDC as described by Microsoft, the server supports the configuration.

Finally, AD Cluster computer objects are now created with the Protect Object from Accidental Deletion flag to ensure automated stale object scripts don't delete them. If the account that creates the cluster doesn't have this right for the OU, it will still create the object, but won't protect it from accidental deletion. A system event ID 1222 will be logged to alert you, and you can follow Microsoft KB 2770582 to fix the issue.

Microsoft has taken several steps in Windows Server 2012 to address the AD pitfalls that Windows failover clusters have endured over the years. Some of the top integration enhancements include booting clusters without AD, more flexible OU administration, support for clusters in Branch Offices and DMZs with RODCs and protecting cluster AD objects from deletion.

 Courtesy: Bruce Mackenzie-Low

Windows server 2008 active directory interview questions and answers

Here I am going to discuss some windows server 2008 active directory interview questions and answers. These questions are very common in interview session. I hope you will be benefited from this.

What is Active Directory?
An active directory (AD) is a centralized database system which performs variety of functions including organize different object like computers and users, allows administrator to apply different policy for those objects. Active directory is specially designed for distributed networking system.

What is domain controller?
A Domain controller is a server which performs active directory server roles in a network. The idea of domain is to manage access to resources in a network including applications, printers and share folders. Here user can access network resources using their assigned user name and password.

What is LDAP?
Lightweight Directory Access Protocol (LDAP) is a set of standard protocol to access directory information. It is useful for internet access.

What’s the major difference between FAT and NTFS on a local machine?
FAT and FAT32 does not provide security for local users. On the other hand, NTFS provides security for local user as well as for domain users. Moreover, NTFS provides file level security which is impossible in FAT32.

 What is domain?
A domain is a group of network resources like applications, printers and shared folders. To access those resources users need to use their assigned username and password. DNS is a server level service which we will have to install during active directory installation. It is very difficult for human being to remember different IP address but they can remember domain name easily. A Domain Name Service resolves domain name to IP and IP to domain name.

What is the replication folder?
The SYSVOL is called the replication folder. It keeps all the public files of any domain. It replicates all policy and users level data after an interval.

Where is the Active Directory database file located?
The Active Directory database file is stored in c:\windows\ntds\ntds.dit.

What is forest?
A group of single or multiple domain trees which follow trust relationship and common logical structure among them. A forest is a complete instance of AD. The first domain of any forest is called root domain and the other child domains follow the root domain. The root domain in a forest must be included in Global Catalogue. 

What’s the basic difference between guest accounts in Server 2008 R2 and other editions?
Guest accounts in Server 2008 R2 are more restrictive than any other editions

 Why it is not possible to restore a DC backed up 4 months ago?
Because of the lifetime of backed up file is either 60 or 120 days.

What is GPO?
Group Policy Object.

What is Site?
A site represents physical network structure of Active Directory. It is an object in AD which represents geographic location that hosts networks. Moreover, it comprises of one or more subnets that are connect together with sufficient internet speed.

 What is the use of SYSVOL folder?
The SYSVOL folder stores the server’s copy of the domain’s public files. It is used to deliver the policy and logon scripts to domain members. Moreover, it replicates file-based data among domain controllers. The Sysvol folder is shared on an NTFS volume on all the domain controllers in a particular domain. All active directory data base security related information store in SYSVOL folder and it’s only created on NTFS partition.

What is the Global Catalog?
The Global Catalog is a server that contains all of the information pertaining to objects within all domains in the Active Directory environment. It is something that each domain has, and it is used for authenticating the user on the network, on windows 2000 network logon’s were protected from failures by assigning a Global Catalog to every site. Global Catalog is a database which maintains the information about multiple domains with trust relationship agreement.

What is the use of Group Policy?
Group Policy is a feature of the Microsoft Windows NT family which gives you administrative control over users and computers in your network. It provides the working environment for server users and computers. In addition, it gives us the central management and configuration for windows operating systems and settings.

Courtesy: http://hubpages.com/technology/Windows-server-2008-active-directory-interview-questions-and-answers

Technical Interview Questions – Networking (Part-3)

Part 1

Part 2

1. Describe the differences between WINS push and pull replications.

Ans: To replicate database entries between a pair of WINS servers, you must configure each WINS server as a pull partner, a push partner, or both with the other WINS server.

* A push partner is a WINS server that sends a message to its pull partners, notifying them that it has new WINS database entries. When a WINS server’s pull partner responds to the message with a replication request, the WINS server sends (pushes) copies of its new WINS database entries (also known as replicas) to the requesting pull partner.
* A pull partner is a WINS server that pulls WINS database entries from its push partners by requesting any new WINS database entries that the push partners have. The pull partner requests the new WINS database entries that have a higher version number than the last entry the pull
partner received during the most recent replication. 

2. What is the difference between tombstoning a WINS record and simply deleting it?

Ans: Simple deletion removes the records that are selected in the WINS console only from the local WINS server you are currently managing. If the WINS records deleted in this way exist in WINS data replicated to other WINS servers on your network, these additional records are not fully removed.
Also, records that are simply deleted on only one server can reappear after replication between the WINS server where simple deletion was used and any of its replication partners. Tombstoning marks the selected records as tombstoned, that is, marked locally as extinct and immediately released from active use by the local WINS server. This method allows the tombstoned records to remain present in the server database for purposes of subsequent replication of these records to other servers. When the tombstoned records are replicated, the tombstone status is updated and applied by other WINS servers that store replicated copies of these records. Each replicating WINS server then updates and tombstones.

3. Name the NetBIOS names you might expect from a Windows 2003 DC that is registered in WINS.

Ans:

4. Describe the role of the routing table on a host and on a router.

Ans: During the process of routing, decisions of hosts and routers are aided by a database of routes known as the routing table. The routing table is not exclusive to a router. Depending on the routable protocol, hosts may also have a routing table that may be used to decide the best router for the packet to be forwarded. Host-based routing tables are optional for the Internet Protocol, as well as obsolete routable protocols such as IPX.

5. What are routing protocols? Why do we need them? Name a few.

Ans: A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network, the choice of the route being done by routing algorithms. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network. For a discussion of the concepts behind routing protocols, see: Routing.
The term routing protocol may refer specifically to one operating at layer three of the OSI model, which similarly disseminates topology information between routers. Many routing protocols used in the public Internet are defined in documents called RFCs. Although there are many types of routing protocols, two major classes are in widespread use in the Internet: link-state routing protocols, such as OSPF and IS-IS; and path vector or distance vector protocols, such as BGP, RIP and EIGRP.

6. What are router interfaces? What types can they be?

Ans: Routers can have many different types of connectors; from Ethernet, Fast Ethernet, and Token Ring to Serial and ISDN ports.  Some of the available configurable items are logical addresses (IP,  IPX), media types, bandwidth, and administrative commands.  Interfaces are configured in interface mode which you get to from global configuration mode after logging in.
The media type is Ethernet, FastEthernet, GigabitEthernet, Serial, Token-ring, or other media types. You must keep in mind that a 10Mb Ethernet interface is the only kind of Ethernet interface called Ethernet. A 100Mb Ethernet interface is called a FastEthernet interface and a 1000Mb Ethernet interface is called a GigabitEthernet interface.

7. What is NAT?

Ans: Windows Server 2003 provides network address translation (NAT) functionality as a part of the Routing and Remote Access service. NAT enables computers on small- to medium-sized organizations with private networks to access resources on the Internet or other public network. The computers on a private network are configured with reusable private Internet Protocol version 4 (IPv4) addresses; the computers on a public network are configured with globally unique IPv4 (or, rarely at present, Internet Protocol version 6 [IPv6]) addresses. A typical deployment is a small office or home office (SOHO), or a medium-sized business that uses Routing and Remote Access NAT technology to enable computers on the internal corporate network to connect to resources on the Internet without having to deploy a proxy server.

8. What is the real difference between NAT and PAT?

Ans: Take NAT (Network Address Translation) and PAT (Port Address Translation). NAT allows you to translate or map one IP address onto another single ip address. PAT on the other hand is what is most commonly referred to as NAT. In a PAT system you have a single or group of public IP addresses that are translated to multiple internal ip addresses by mapping the TCP/UDP ports to different ports. This means that by using some “magic” on a router or server you can get around problems that you might have with two web browsers sending a request out the same port.

9. How do you configure NAT on Windows 2008/2012?

Ans:

10. How do you allow inbound traffic for specific hosts on Windows 2008/2012

             NAT?

Ans:

11. What is VPN? What types of VPN does Windows 2008/2012 and beyond work with natively?

Ans:

12. What is IAS? In what scenarios do we use it?

Ans: IAS is called as Internet Authentication Service. It’s used by for configuring centralized authentication using RADIUS server.

13. What’s the difference between Mixed mode and Native mode in AD when dealing with RRAS?

Ans: When you are in Mixed mode certain options in the dial-in tab of the user properties are disabled. And some of the RRAS policies are also disabled. So if you want high level security with all the advanced feature then change the AD to Native mode.

14. What is the “RAS and IAS” group in AD?

Ans: Used for managing security and allowing administration for the respective roles of the server.

15. What are Conditions and Profile in RRAS Policies?

Ans: The conditions and profiles are used to set some restrictions based on the media type, connection method, group membership and lot more. So if used matches those conditions mentioned in the profile then he can allowed /denied access to RAS / VPN server.

16. What types or authentication can a Windows 2008/ 2012 based RRAS work     with?
17. How does SSL work?

Ans: Internet communication typically runs through multiple program layers on a server before getting to the requested data such as a web page or cgi scripts. The outer layer is the first to be hit by the request. This is the high level protocols such as HTTP (web server), IMAP (mail server), and FTP (file transfer). Determining which outer layer protocol will handle the request depends on the type of request made by the client. This high level protocol then processes the request through the Secure Sockets Layer. If the request is for a non-secure connection it passes through to the TCP/IP layer and the server application or data. If the client requested a secure connection the ssl layer initiates a handshake to begin the secure communication process. Depending on the SSL setup on the server, it may require that a secure connection be made before allowing communication to pass through to the TCP/IP layer in which case a non-secure request will send back an error asking for them to retry securely (or simply deny the non-secure connection).

18. How does IPSec work?

Ans: IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit.

19. How do I deploy IPSec for a large number of computers?

Ans: Just use this program Server and Domain Isolation Using IPsec and Group Policy.

20. What types of authentication can IPSec use?

Ans:

21. What is PFS (Perfect Forward Secrecy) in IPSec?

Ans: In an authenticated key-agreement protocol that uses public key cryptography; perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future. Forward secrecy has been used as a synonym for perfect forward secrecy, since the term perfect has been controversial in this context. However, at least one reference distinguishes perfect forward secrecy from forward secrecy with the additional property that an agreed key will not be compromised even if agreed keys derived from the same long-term keying material in a subsequent run are compromised.

22. How do I monitor IPSec?

Ans: To test the IPSec policies, use IPSec Monitor. IPSec Monitor (Ipsecmon.exe) provides information about which IPSec policy is active and whether a secure channel between computers is established.

23. Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?

Ans: You can see the packages to pass, but you cannot see its contents IPSec Packet Types
IPSec packet types include the authentication header (AH) for data integrity and the encapsulating security payload (ESP) for data confidentiality and integrity. The authentication header (AH) protocol creates an envelope that provides integrity, data origin identification and protection against replay attacks. It authenticates every packet as a defense against session-stealing attacks. Although the IP header itself is outside the AH header, AH also provides limited verification of it by not allowing changes to the IP header after packet creation (note that this usually precludes the use of AH in NAT environments, which modify packet headers at the point of NAT). AH packets use IP protocol 51. The encapsulating security payload (ESP) protocol provides the features of AH (except for IP header authentication), plus encryption. It can also be used in a null encryption mode that provides the AH protection against replay attacks and other such attacks, without encryption or IP header authentication. This can allow for achieving some of the benefits of IPSec in a NAT environment that would not ordinarily work well with IPSec. ESP packets use IP protocol 50.

24. What can you do with NETSH?

Ans: Netsh is a command-line scripting utility that allows you to, either locally or remotely, display, modify or script the network configuration of a computer that is currently running.

25. How do I look at the open ports on my machine?

Ans: Windows: Open a command prompt (Start button -> Run-> type
“cmd”), and type:
netstat -a

Linux: Open an SSH session and type:
netstat -an

Courtesy: 

1) Syed Jahanzaib

2) DanielPetri

Part 1

Part 2