MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!   ]@.rsrc@@h(@0?H}`~x 98?P@hAFGLMRST(U@VXWpX        ( 8 H X h x           ( 8 H Xp Tt<%F+PvpRStnzru.4{$~@T   м .ZTpMUIƺ%\(_Ȼ@h"/ip! MUIen-US+Captures real-time diagnostic information. #Shows WFP configuration and state. Sets WFP diagnostic options. /Controlling the WFP-IPsec event trace session. (Starts an interactive capture session.  Usage: capture start [ [ cab = ] (ON | OFF) ] [ [ traceonly = ] (ON | OFF) ] [ [ keywords = ] (NONE | BCAST | MCAST | BCAST+MCAST) ] [ [ file = ] <path> ] Parameters: Tag Value cab - Can be ON or OFF. The default is ON. ON compiles the files in a single .cab file. OFF leaves the output files uncompressed. This is useful if doing your own troubleshooting, rather than collecting data for others. traceonly - Can be ON or OFF. The default is OFF. ON collects only event tracing data, which reduces the output file size. keywords - Can be NONE, BCAST, MCAST, or BCAST+MCAST. The default is BCAST+MCAST. Sets the net event keywords used for the session. BCAST includes broadcast events and MCAST includes multicast events. To reduce the file size for long- running captures, set to NONE. file - Output file name. The default is 'wfpdiag.cab'. If the cab option is ON, the file name should not include the extension since the .cab is automatically added to the output file. Remarks: Starts an interactive capture session. To stop capture, run 'capture stop'. &Stops an interactive capture session. Usage: capture stop Remarks: Stops an interactive capture session. Takes effect if previous command executed was 'capture start'. -Displays the current state of WFP and IPsec.  Usage: show state [ [ file = ] <path> | - ] Parameters: Tag Value file - Output file name. The default is 'wfpstate.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. Remarks: Displays the current state of WFP and IPsec. <Displays filters matching the specified traffic parameters. { Usage: show filters [ [ file = ] <path> | - ] [ [ protocol = ] <ipproto> ] [ [ localaddr = ] <ipaddr> ] [ [ remoteaddr = ] <ipaddr> ] [ [ localport = ] <port> ] [ [ remoteport = ] <port> ] [ [ appid = ] <path> ] [ [ userid = ] <user> ] [ [ dir = ] IN | OUT ] [ [ verbose = ] ON | OFF ] Parameters: Tag Value file - Output file name. The default is 'filters.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. protocol - The IP protocol. This must be an integer. localaddr - The IP addresses. 'localaddr' is the local IP address, remoteaddr and the 'remoteaddr' is the remote IP address. The addresses are either IPv4 or IPv6. If both local and remote addressses are specified, they both must belong to the same address family. localport - The ports. 'localport' is the local port remoteport and 'remoteport' is the remote port. They must be integers. appid - The application sending or receiving the traffic on the local host. This either an NT path such as '\device\harddiskvolume1\windows\system32\ftp.exe' or a DOS path such as 'c:\Windows\System32\ftp.exe' The supplied path must exist. userid - The user sending or receiving the traffic on the local host. The userid may be a SID (such as 'S-1-5-18') or a user name (such as 'nt authority\system'). dir - The direction of the connection. By default, filters for both inbound and outbound traffic are displayed. Use IN to display only filters for inbound traffic or OUT to display only filters for outbound traffic. verbose - Determines whether to display all filters. Can be ON or OFF. The default is OFF, which attempts to suppress matching filters that are unlikely to affect connectivity. ON does not suppress any filters. Remarks: Displays filters matching the specified traffic parameters. ,Displays the boot-time policy and filters.  Usage: show boottimepolicy [ [ file = ] <path> | - ] Parameters: Tag Value file - Output file name. The default is 'btpol.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. Remarks: Displays the boot-time policy and filters. "Displays the global WFP options. { Usage: show options [optionsfor = ] NETEVENTS | KEYWORDS | TXNWATCHDOG Parameters: Tag Value optionsfor - Can be either NETEVENTS, KEYWORDS, or TXNWATCHDOG. NETEVENTS shows whether network events are buffered for diagnostics. KEYWORDS shows which network events are buffered for diagnostics. TXNWATCHDOG shows the timeout in milliseconds for the transaction watchdog event. Remarks: Displays the current value set for the specified option. 5Displays the application ID for the specified file.  Usage: show appid [ file = ] <path> Parameters: Tag Value file - Specifies the DOS path for the application. Remarks: Displays the application NT path for the specified file. The supplied path must exist. Sets the global WFP options. w Usage: set options [ netevents = ON | OFF ] [ [ keywords = ] NONE | BCAST | MCAST| BCAST+MCAST ] [ [ txnwatchdog = ] <time in msec> ] Parameters: Tag Value netevents - Can be either ON or OFF. Sets the netevents option. keywords - Can be NONE, BCAST, MCAST, or BCAST+MCAST. Sets the keywords option. The default is NONE. txnwatchdog - Sets the timeout in milliseconds for the transaction watchdog event. This must be an integer. If no value is specified, the timeout is set to zero, and an event will be triggered for every transaction. Remarks: Sets the global WFP options. Only one option parameter can be set per execution. PA=Tells whether an interactive capture session is in progress. n Usage: capture status Remarks: Tells whether an interactive capture session is in progress. PAADisplays recent network events matching the traffic parameters. PA Usage: show netevents [ [ file = ] <path> | - ] [ [ protocol = ] <ipproto> ] [ [ localaddr = ] <ipaddr> ] [ [ remoteaddr = ] <ipaddr> ] [ [ localport = ] <port> ] [ [ remoteport = ] <port> ] [ [ appid = ] <path> ] [ [ userid = ] <user> ] [ [ timewindow = ] <seconds> ] Parameters: Tag Value file - Output file name. The default is 'netevents.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. protocol - The IP protocol. This must be an integer. localaddr - The IP addresses. 'localaddr' is the local IP address, remoteaddr and 'remoteaddr' is the remote IP address. The addresses are either IPv4 or IPv6. If both local and remote addresses are specified, they both must belong to the same address family. localport - The ports. 'localport' is the local port, and 'remoteport' is the remote port. remoteport They must be integers. appid - The application sending or receiving the traffic on the local host. This either an NT path such as '\device\harddiskvolume1\windows\system32\ftp.exe' or a DOS path such as 'c:\Windows\System32\ftp.exe' The supplied path must exist. userid - The user sending or receiving the traffic on the local host. The userid may be a SID (such as 'S-1-5-18') or a user name (such as 'nt authority\system'). timewindow - Limits the output to network events that occurred within a specified number of seconds. This must be an integer. Remarks: Displays recent network events matching the specified traffic parameters. -Displays the specified security descriptor.  Usage: show security [ type = ] CALLOUT|ENGINE|FILTER|IKESADB|IPSECSADB|LAYER|NETEVENTS |PROVIDER|PROVIDERCONTEXT|SUBLAYER [ [ guid = ] <guid> Parameters: Tag Value type - Specifies the object type to be retrieved. Can be CALLOUT, ENGINE, FILTER, IKESADB, IPSECSADB, LAYER, NETEVENTS, PROVIDER, PROVIDERCONTEXT, or SUBLAYER. guid - For object types that support per-object security descriptors, this is the GUID of the object. If not specified, it defaults to IID_NULL, which retrieves the security descriptor of the type container. The following types support per-object security descriptors: callout filter layer provider providercontext sublayer Remarks: Displays the specified security descriptor. HDisplays system ports used by the TCP/IP Stack and the RPC sub-system.  Usage: show sysports [ [ file = ] <path> | - ] Parameters: Tag Value file - Output file name. The default is 'sysports.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. Remarks: Displays system ports used by the TCP/IP stack and the RPC sub-system. PA.Initializing data collection -- please wait. 'Only event tracing will be collected. KInitialization complete. Reproduce the scenario, then run 'capture stop'. +Data collection successful; output = %1!s! 0Data collection successful; output = %t%1 %t%2+Finalizing data collection -- please wait. Success. @At least one netevent was not captured during the ETW session. PA(Unable to connect to BFE; error = %1!s! 2Unable to start an ETW trace session; error=%1!s! ;Unable to open the XML file with Write access; error=%1!s! ;Unable to subscribe to change notifications; error = %1!s! 6Unable to write output to the XML file; error = %1!s! 1Unable to collect run-time events; error = %1!s! /Unable to format the trace file; error = %1!s! #Unable to create the cabinet file. /Unable to load the XML document; error = %1!s! ;Import file parsing terminated at line %1!u!, column %2!u! 4Unexpected element '%1' at line %2!u!, column %3!u! =Unexpected text in element '%1' at line %2!u!, column %3!u!. :Invalid text in element '%1' at line %2!u!, column %3!u!. 3Unable to read the boot-time policy; error = %1!s! 6Unable to enumerate the network events; error = %1!s! PA5Unable to open the data collector set; error = %1!s! 'Unable to add an object; error = %1!s! *Unable to delete an object; error = %1!s! 2The object is defined at line %1!u!, column %2!u! Capture is already in progress. No capture is in progress. KThe IKEEXT log file does not exist. Ensure that IKEEXT tracing is enabled. )Unable to query lost netevents from ETW. PA0Deletes all IPsec DoS Protection configuration. N reset Deletes all IPsec DoS Protection configuration. Parameters: none )Adds IPsec DoS Protection configuration. 3Adds IPsec DoS Protection interface configuration.  add interface [name=]<string> [type=]public|internal Adds IPsec DoS Protection interface configuration. Parameters: Tag Value name - Friendly name of the interface. type - Interface type. public: Interface faces public network. internal: Interface faces internal network. Examples: add interface "Local Area Connection" public add interface name="Local Area Connection" type=public 7Adds IPsec DoS Protection keying module configuration. y add allowedkeyingmodule [name=]ikev1|ikev2|authip [[internalprefix=]<IPv6 address>[/<integer>]] Adds IPsec DoS Protection allowed keying module configuration. Parameters: Tag Value name - Name of an IPsec keying module to allow. ikev1: The IKEv1 keying module. ikev2: The IKEv2 keying module. authip: The AuthIP keying module. internalprefix - Internal host IPv6 address or subnet for which the keying module needs to be allowed (optional). If not specified, it will be allowed for all internal IPv6 addresses. Remarks: AuthIP is present in the list of allowed keying modules by default. Examples: add allowedkeyingmodule ikev1 add allowedkeyingmodule name=ikev1 add allowedkeyingmodule ikev1 3ffe:401d:1f00:baa::1 5Adds IPsec DoS Protection IPv6 filter configuration. ? add filter [[publicprefix=]<IPv6 address>[/<integer>]] [[internalprefix=]<IPv6 address>[/<integer>]] [action=]exempt|block Adds IPsec DoS Protection IPv6 filter configuration. Parameters: Tag Value publicprefix - Public host IPv6 address or subnet (optional). If not specified, the filter will match all public IPv6 addresses. internalprefix - Internal host IPv6 address or subnet (optional). If not specified, the filter will match all internal IPv6 addresses. action - Action to take for any traffic that matches the filter. exempt: Don't require matching traffic to be IPsec protected. block: Block matching traffic. Examples: add filter publicprefix=3ffe:401d:1f00::/64 action=block ,Deletes IPsec DoS Protection configuration. 6Deletes IPsec DoS Protection interface configuration.  delete interface [name=]<string> Deletes IPsec DoS Protection interface configuration. Parameters: Tag Value name - Friendly name of the interface. Examples: delete interface "Local Area Connection" delete interface name="Local Area Connection" BDeletes IPsec DoS Protection allowed keying module configuration. @ delete allowedkeyingmodule [name=]ikev1|ikev2|authip [[internalprefix=]<IPv6 address>[/<integer>]] Deletes IPsec DoS Protection allowed keying module configuration. Parameters: Tag Value name - Name of an IPsec keying module to disallow. ikev1: The IKEv1 keying module. ikev2: The IKEv2 keying module. authip: The AuthIP keying module. internalprefix - Internal host IPv6 address or subnet for which the keying module should be disallowed (optional). If not specified, it will be disallowed for all internal IPv6 addresses. Examples: delete allowedkeyingmodule ikev1 delete allowedkeyingmodule name=ikev1 delete allowedkeyingmodule ikev1 3ffe:401d:1f00:baa::1 PA8Deletes IPsec DoS Protection IPv6 filter configuration.  delete filter [[publicprefix=]<IPv6 address>[/<integer>]] [[internalprefix=]<IPv6 address>[/<integer>]] Deletes IPsec DoS Protection IPv6 filter configuration. Parameters: Tag Value publicprefix - Public host IPv6 address or subnet (optional). This must be same as the publicprefix specified with the corresponding add command. internalprefix - Internal host IPv6 address or subnet (optional). This must be same as the internalprefix specified with the corresponding add command. Examples: delete filter 3ffe:401d:1f00::/64 delete filter publicprefix=3ffe:401d:1f00::/64 PA'Sets IPsec DoS Protection information. 6Sets IPsec DoS Protection DSCP marking configuration.  set dscp [type=]ipsecauthenticated|ipsecunauthenticated|icmpv6|filtered|default [value=]<integer>|disable Sets IPsec DoS Protection DSCP marking configuration. Parameters: Tag Value type - Type of inbound traffic for which the DSCP marking is being specified. ipsecauthenticated: Authenticated IPv6 IPsec traffic. ipsecunauthenticated: Unauthenticated IPv6 IPsec traffic. icmpv6: ICMPv6 traffic. filtered: Filter exempted IPv6 traffic. default: Default-block exempted traffic. value - DCSP value to mark in the top 6 bits of the traffic class or TOS field in the IP header of corresponding traffic. <integer>: Must be <= 63. disable: Disable this marking. Remarks: By default DSCP marking for all traffic types is disabled. Examples: set dscp ipsecunauthenticated 10 set dscp type=ipsecunauthenticated value=10 set dscp ipsecauthenticated DISABLE 7Sets IPsec DoS Protection miscellaneous configuration.  set miscellaneous [[stateidletimeout=]<integer>] [[peripratelimitidletimeout=]<integer>] [[maxentries=]<integer>] [[maxperipratelimitqueues=]<integer>] [[defaultblock=]enable|disable] Sets IPsec DoS Protection miscellaneous configuration. Parameters: Tag Value stateidletimeout - State inactivity timeout in seconds (optional). <integer>: Must be > 0 and <= 4294967295. Default value is 360. peripratelimitidletimeout - Per internal IP address rate limit queue inactivity timeout in seconds (optional). <integer>: Must be > 0 and <= 4294967295. Default value is 360. maxentries - Maximum number of state entries (optional). <integer>: Must be > 0 and <= 4294967295. Default value is 75000. maxperipratelimitqueues - Maximum number of per internal IP address rate limit queues (optional). <integer>: Must be > 0 and <= 4294967295. Default value is 50000. defaultblock - Value of the default block setting (optional). enable: IPsec DoS Protection will drop all IPv4 traffic & all non-IPsec IPv6 traffic that is forwarded between a public interface and an internal interface, except ICMPv6 (default). disable: IPsec DoS Protection will permit all IPv4 traffic & all non-IPsec IPv6 traffic that is forwarded between a public interface and an internal interface. Examples: set miscellaneous 480 100000 set miscellaneous stateidletimeout=480 maxentries=100000 set miscellaneous defaultblock=disable PA4Sets IPsec DoS Protection rate limit configuration. G set ratelimit [type=]ipsecauthenticated|ipsecunauthenticated|ipsecunauthenticatedperip| icmpv6|filtered|default [value=]<integer>|disable Sets IPsec DoS Protection rate limit configuration. Parameters: Tag Value type - Type of inbound traffic for which the rate limit is being specified. ipsecauthenticated: Authenticated IPv6 IPsec traffic. Rate limit disabled by default. ipsecunauthenticated: Unauthenticated IPv6 IPsec traffic. Default rate limit is 102400 bytes/sec. ipsecunauthenticatedperip: Per internal IP address rate limit for unauthenticated IPv6 IPsec traffic. Default rate limit is 10240 bytes/sec. icmpv6: ICMPv6 traffic. Default rate limit for this traffic type is 10240 bytes/sec. filtered: Filter exempted IPv6 traffic. Default rate limit is 102400 bytes/sec. default: Default-block exempted traffic. Default rate limit is 102400 bytes/sec. value - Value of the rate limit in bytes/sec. <integer>: Must be > 0 and <= 4294967295. disable: Disable this rate limit. Examples: set ratelimit ipsecunauthenticated 2048 set ratelimit type=ipsecunauthenticated value=2048 set ratelimit filtered disable PA+Displays IPsec DoS Protection information. 7Displays IPsec DoS Protection interface configuration. } show interface [[type=]public|internal] Displays IPsec DoS Protection interface configuration. Parameters: Tag Value type - Interface type (optional). public: Show interfaces facing public network. internal: Show interfaces facing internal network. Examples: show interface show interface public show interface type=public Public interfaces: Internal interfaces: PA;Displays IPsec DoS Protection keying module configuration. t show allowedkeyingmodule Displays IPsec DoS Protection allowed keying module configuration. Parameters: none >Allowed keying modules (internalprefix - keying module list): :Displays IPsec DoS Protection DSCP marking configuration.  show dscp [[type=]ipsecauthenticated|ipsecunauthenticated|icmpv6|filtered|default] Displays IPsec DoS Protection DSCP marking configuration. Parameters: Tag Value type - Type of inbound traffic for which the DSCP marking should be displayed (optional). If not specified, all types will be displayed. ipsecauthenticated: Authenticated IPv6 IPsec traffic. ipsecunauthenticated: Unauthenticated IPv6 IPsec traffic. icmpv6: ICMPv6 traffic. filtered: Filter exempted IPv6 traffic. default: Default-block exempted traffic. Examples: show dscp show dscp ipsecunauthenticated show dscp type=ipsecunauthenticated %Authenticated IPv6 IPsec dscp: %1!s! 'Unauthenticated IPv6 IPsec dscp: %1!s! PAICMPv6 dscp: %1!s! !IPv6 filter exempted dscp: %1!s! #Default-block exempted dscp: %1!s! ;Displays IPsec DoS Protection miscellaneous configuration. f show miscellaneous Displays IPsec DoS Protection miscellaneous configuration. Parameters: none $State idle timeout (seconds): %1!u! >Per IP address rate limit queue idle timeout (seconds): %1!u! 'Maximum number of state entries: %1!u! :Maximum number of per IP address rate limit queues: %1!u! Default block: %1!s! 8Displays IPsec DoS Protection rate limit configuration.  show ratelimit [[type=]ipsecauthenticated|ipsecunauthenticated|ipsecunauthenticatedperip| icmpv6|filtered|default] Displays IPsec DoS Protection rate limit configuration. Parameters: Tag Value type - Type of traffic for which the rate limit should be displayed (optional). If not specified, all types will be displayed. ipsecauthenticated: Authenticated IPv6 IPsec traffic. ipsecunauthenticated: Unauthenticated IPv6 IPsec traffic. ipsecunauthenticatedperip: Per internal IP address rate limit for unauthenticated IPv6 IPsec traffic. icmpv6: ICMPv6 traffic. filtered: Filter exempted IPv6 traffic. default: Default-block exempted traffic. Examples: show ratelimit show ratelimit ipsecunauthenticated show ratelimit type=ipsecunauthenticated 7Authenticated IPv6 IPsec rate limit (bytes/sec): %1!s! 9Unauthenticated IPv6 IPsec rate limit (bytes/sec): %1!s! HUnauthenticated IPv6 IPsec per IP address rate limit (bytes/sec): %1!s! %ICMPv6 rate limit (bytes/sec): %1!s! 3IPv6 filter exempted rate limit (bytes/sec): %1!s! 5Default-block exempted rate limit (bytes/sec): %1!s! -Displays IPsec DoS Protection state entries.  show state [[publicprefix=]<IPv6 address>[/<integer>]] [[internalprefix=]<IPv6 address>[/<integer>]] Displays all state entries inside IPsec DoS Protection that match specified criteria. Parameters: Tag Value publicprefix - Public host IPv6 address or subnet (optional). If not specified, all public IPv6 addresses will be matched. internalprefix - Internal host IPv6 address or subnet (optional). If not specified, all internal IPv6 addresses will be matched. Examples: Show state Show state publicprefix=3ffe::/16 Show state internalprefix=3ffe:401d:1f00:baa::1 IPsec DoS Protection state entries (There are %1!u! entries) ---------------------------------------------------------------------------- Public host IPv6 address: %1!s! "Internal host IPv6 address: %1!s! ATotal inbound IPv6 IPsec packets allowed on this state: %1!I64u! PABTotal outbound IPv6 IPsec packets allowed on this state: %1!I64u! 3Time elapsed since state creation (seconds): %1!u! *Displays IPsec DoS Protection statistics. R show statistics Displays IPsec DoS Protection statistics. Parameters: none &Total state entries created: %1!I64u! Current state entries: %1!I64u! 3Current per IP address rate limit queues: %1!I64u! CTotal inbound allowed unauthenticated IPv6 IPsec packets: %1!I64u! WTotal inbound unauthenticated IPv6 IPsec packets discarded due to rate limit: %1!I64u! fTotal inbound unauthenticated IPv6 IPsec packets discarded due to per IP address rate limit: %1!I64u! ZTotal inbound unauthenticated IPv6 IPsec packets discarded due to other reasons: %1!I64u! ATotal inbound allowed authenticated IPv6 IPsec packets: %1!I64u! UTotal inbound authenticated IPv6 IPsec packets discarded due to rate limit: %1!I64u! XTotal inbound authenticated IPv6 IPsec packets discarded due to other reasons: %1!I64u! /Total inbound allowed ICMPv6 packets: %1!I64u! CTotal inbound ICMPv6 packets discarded due to rate limit: %1!I64u! =Total inbound allowed filter exempted IPv6 packets: %1!I64u! QTotal inbound filter exempted IPv6 packets discarded due to rate limit: %1!I64u! 4Total inbound filter blocked IPv6 packets: %1!I64u! ?Total inbound allowed default-block exempted packets: %1!I64u! STotal inbound default-block exempted packets discarded due to rate limit: %1!I64u! 8Total inbound default-block discarded packets: %1!I64u! 9Displays IPsec DoS Protection IPv6 filter configuration. ] show filter Displays IPsec DoS Protection IPv6 filter configuration. Parameters: none 9IPv6 filters (publicprefix <-> internalprefix - action): PAKDisplays IPsec DoS Protection configuration, statistics and state entries. l show all Displays IPsec DoS Protection configuration, statistics and state entries. Parameters: none | IPsec DoS Protection configuration parameters ---------------------------------------------------------------------------- n IPsec DoS Protection statistics ---------------------------------------------------------------------------- <empty>4VS_VERSION_INFO@%@%?"StringFileInfo040904B0LCompanyNameMicrosoft Corporationx(FileDescriptionWindows Filtering Platform Netsh Helperr)FileVersion6.3.9600.16384 (winblue_rtm.130821-1623)6 InternalNamenshwfp.dll.LegalCopyright Microsoft Corporation. All rights reserved.FOriginalFilenamenshwfp.dll.muij%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.16384DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX