10. NT Protocols
The 4 layer model of TCP/IP is often called the Four Layer Model or the Department of Defense (DOD) Model.
The protocols that can run within TCP/IP include SNMP, WinSock, NetBIOS over TCP/IP (NetBT), TCP, UDP, ICMP and ARP.
Manual configuration of TCP/IP requires the IP Address, the Subnet Mask and the Default
Gateway for a routed network.
If a Dynamic Host Control Protocol (DHCP) server exists on the network, then the IP address, the subnet
mask and the default gateway can be requested by the client on bootup.
The following list details the TCP/IP utilities available:
- Ping (Packet InterNet Groper). First ping the loopback address 127.0.0.1 to test that
TCP/IP is installed correctly then the computer interface, then the default gateway and finally
the remote host.
- Remote copy Protocol (RCP)
- Remote Shell (RSH)
- Remote Execution (REXEC) - runs a process on a remote computer
- Finger - retrieves system information from a remote computer.
- Internet Explorer
- Ipconfig - This is Winipconfig in Win 95. If a duplicate IP address exists then
Ipconfig /all will return a subnet mask of 0.0.0.0.
- Nbstat - displays statistics and connections using NetBIOS over TCP/IP
- Netstat - displays TCP/IP statistics and connections
- Route - routing table which can be modified
- Hostname - RCP, REXEC and RSH use the computers hostname for authentication.
The IP services FTP, HTTP and Gopher are on the CD and are not automatically installed. The TFTP
and Telnet Servers are obtained from the Internet.
The following commands are used to discover the TCP/IP environment:
- arp -a < ip address > - displays the arp table.
- arp -d < ip address > - deletes the entry for the specified IP address.
- arp -N < server > - displays the arp table for the specified server.
- arp -s < ip address physical address > - adds an entry to the arp table.
- ipconfig /all - shows the TCP/IP options in detail.
- ipconfig /release
- ipconfig /renew - forces a DHCPREQUEST
- nbstat -a < name > - list the NetBIOS name table (HOSTS file) for the remote computer specified.
- nbstat -A < ip address > - as above but specified by IP address.
- nbstat -c - list names and IP addresses in the local NetBIOS cache.
- nbstat -n - list all the NetBIOS names for the local computer (those used by the various services).
- nbstat -r - NetBIOS statistics.
- nbstat -R - reloads the local NetBIOS cache.
- nbstat -s - lists currently open NetBIOS sessions by name.
- nbstat -S - lists currently open NetBIOS sessions by IP address.
- net start < service > - starts a network service such as FTP server, SNMP, HELPER etc.
- net stop < service > - stops a network service.
- netstat -a - displays list of active ports and connections.
- netstat -e - displays statistics for ethernet adapters.
- netstat -n - displays IP addresses rather than host names in statistics.
- netstat -p < protocol > - displays information for a specific protocol such as TCP, UDP or IP.
- netstat -r - displays the routing table and connections and ports.
- netstat -s - displays separate lists of statistics for each protocol.
- nslookup < hostname > - resolves the IP address to the host name.
- nslookup < IP address > - resolves the host name to the IP address.
- nslookup < server > - uses a specified DNS server instead of the default.
- ping -a - displays the host names rather than the IP address.
- ping -f - sends non-fragmented packets.
- ping -i < ttl > - specifies the Time to Live for the ping packets.
- ping -l < size > - specifies the size of the data buffer.
- ping -n < number > - specifies the number of packets to send.
- ping -r < number > - records the route for the specified number of hops.
- ping -s < number > - records time stamps for the specified number of hops.
- ping -t - continuous pings.
- ping -w < seconds > - specifies the timeout in milliseconds to await a reply.
- route add - add a route to the routing table in the form IP address and next hop.
- route change - change an existing entry.
- route delete - delete an entry.
- route print - display the routing table.
- route -f - flushes the routing table.
- route -p - adds a permanent route which is not lost in a reboot.
- tracert -d - displays the route without resolving IP addresses to host names.
- tracert -h < hops > - specifies the number of hops used to reach the destination.
- tracert -j < hosts > - specifies a list of hosts to which to route along.
- tracert -w < timeout > - specifies a timeout (ms) to wait for a reply from each intermediate host.
You use the Services tab in the Network program to up date services and NT has the services
DHCP, DNS, WINS and Computer Browser. (Service Pack 3 contains revised DNS, DHCP and IIS 3.0).
The DHCP server must have it's own statically assigned IP address, mask and default gateway. If the
routers do not support RFC 1542, then a DHCP server is required on each subnet (IP Forwarding allows
DHCP/Bootp broadcasts to be sent across subnets, this often called a Relay Agent).
The DHCP Scope is the pool of addresses used to assign to stations running Win 95, 3.11,
LAN Manager and NT 3.5. The four phases are as follows:
- IP lease request - Discovery by the client.
- IP lease offers - Offer by the server.
- IP lease selection - The client selects the first IP address and Requests to use it.
- IP lease acknowledgement - The IP address is assigned and the server Acknowledges.
When selecting the DHCP server the computer has to be restarted. You create the scope by running
DHCP Manager in the Administrative Tools menu. You can create a start and end address
with a subnet mask as well as start and end addresses for excluded IP addresses. You can also
determine the time that the lease is available for. In addition, you can decide to Activate the scope
at a later time.
The subnet mask of the scope MUST be the same as that on the server. It is recommended to have
more than one DHCP server and to have separate parts of the scope on separate servers. You are
not allowed to have two scopes within one subnet. In the DHCP Options Global you can
set other settings such as the default gateway, addresses of DNSs and NetBIOS name servers.
On the client PCs you can use Ipconfig to release IP addresses back to the DHCP server.
Windows Internet Name Server (WINS) resolves NetBIOS names to IP addresses dynamically.
Alternatively, LAN Manager Host Files (LMHost) are a manual way of doing the same job.
You install WINS from the Services tab but you need to restart the computer for it to function.
WINS Manager in the Administrative Tools menu is used to configure the WINS server. The WINS
server requires a static IP address and it is recommended that it point to itself as the primary
and secondary WINS server in the domain.
WINS-enabled computers such as Win 95 or Win 3.11 use WINS directly. Clients that do not have
WINS enabled can resolve their names via WINS-enabled computers called Proxies. On bootup
the client registers its NetBIOS/IP mapping with the WINS, then any communication with
other NetBIOS clients is direct rather than broadcasted. If the WINS goes down then the clients
revert to b-node and broadcast NetBIOS queries.
Domain Name Service (DNS) is a tree structure providing a hierarchical naming system for
identifying hosts on the Internet. The Domain is NOT the NT Directory Services domain but
an Internet Domain which is unique and identifies an Internet site. A domain can contain
sub-domains provided that the name is uniques within the domain.
The root of the DNS tree is at the top and is represented by a dot . .
Each node from then on can have a name of up to 63 characters.
The domain name www.microsoft.com. has the root indicated by the end dot
(this is optional), the domain
name com represents the Company Domain, the sub-domain is microsoft
and the www is the server, which could be ftp or some other protocol. The dots
separate the node names.
The DNS server resolves the domain name to an IP address by following these steps:
- A resolver (client) queries the local DNS server to resolve a Fully qualified
Domain Name (FQDN).
- The local DNS server queries the DNS root server.
- The root server refers the query to a domain server e.g. for the COM
- The local DNS server queries the domain server.
- The domain server refers the query to the Universal name server which runs DNS and WINS.
WINS resolves the host name part of the FQDN (e.g. www) and send the IP address back to the
Universal Name Server which forwards it to the local DNS server and then on to the client.
The addition of Microsoft DNS Server is done in the Services tab of the Network
program, the computer will need to be restarted. DNS Manager in Administrative Tools is used
to configure DNS objects.
Objects that can be managed by DNS Manager are the following:
- DNS Resource Record which contains the actual information and the three properties
Owner (DNS domain or host), Class (mostly Internet class) and TTL.
- DNS Domain a node in the tree containing all the Resource Records.
- DNS Zone a subtree that may contain one domain or a domain with subdomains.
- DNS Server
- Server List - DNS servers that can be managed with DNS Manager.
The DNS tab on the client machine is used to insert the domain name for the client and
IP addresses in their search order, for the DNS servers.
The DNS Servers option in DHCP manager can be used to provide Internet name resolution
for DHCP clients.
Microsoft DNS and WINS can integrate. In DNS Manager use the WINS Lookup tab
and click Use WINS Resolution.
The Computer Browser Service is the way in which NT displays a list of the resources available.
This Browser list is maintained centrally by a specific computer assigned to the task, this
saves all computers having to compile the list and saves on network bandwidth. The browser service
can operate on any layer 3 protocol.
The roles of the computers are:
- Domain Master Browser - this is the PDC and distributes the master list to the master browsers
on each subnet in a domain.
- Master Browser - collects the list of resources, shares it with the Domain Master Browser
and the Backup Browser.
- Backup Browser - recieves the browse list from the Master Browser and distributes the list
to the Browser Clients when requested.
- Non-Browser - configured not to maintain a browse list.
Master Browsers talk to one another under TCP/IP and can be NT Workstation.
The Browser Service operates thus:
- Computers running the server service announce themselves to the Master Browser.
- The first time a client tries to find resources, it queries the Master Browser for a list
of Backup Browsers in the domain subnet.
- The client requests a server list from any Backup Browser that responds.
- The Backup Browser responds with the list.
- A session is setup with the appropriate resource.
There is only ever one Master Browser in a domain. The Election Packet is broadcast
whenever a Master Browser is not available. When a Browser receives the Election packet
it compares the election criteria with its own, if its own criteria are higher, then it
sends its own election packet and so on until the one with the highest criteria is elected
as the Master Browser. The criteria include things like the Operating System, the version number,
alphabetical order of computer name and the 'configured role'. The PDC overrides all.
A network resource is announced every 12 minutes. If the Master Browser does not hear an announcement
for 3 x 12 = 36 minutes then the resource is dropped. The Master Browser sends out the resource
list to the Backup Browsers every 15 minutes. It is conceivable that a resource could be down
for 36 + 15 = 51 minutes before it is finally removed from the resource list and no longer
displayed in Explorer.
The registry setting:
can be used to configure an NT computer to be a browser, to not be a browser or be a Potential Browser
NWLink supports NetBIOS over IPX, WinSock and RPCs. Used for clients wishing to access client/server
applications running on a Netware or NT server.
File and Print Services for Netware is required on an NT server to allow Netware clients access
to file and print services on an NT network.
NWLink is configured through NWLink IPX/SPX Properties and requires a frame type to be configured. The
default frame type for Netware 2.2 and 3.11 is 802.3 whereas Netware 3.12 onwards uses 802.2. Other
frame types supported are Ethernet II and Sub Network Access Protocol (SNAP). Token Ring uses
802.5 and SNAP and FDDI uses 802.2 and SNAP.
Automatic frame detection is fine for 802.2 other frame types may be missed. Manual frame detection
allows NT to use multiple frame types simultaneously.
The command ipxroute config displays the network number, the frame type and the device. If
FPNW is configured the IPX network number can be set, otherwise it can be set in the registry using
the network number and the packet type as follows:
- 0 - Ethernet II
- 1 - Ethernet 802.3
- 2 - 802.2
- 3 - SNAP
- 4 - ArcNet
- FF - Auto-detect (default)
The registry location is HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet\Services\NwLnkipx\NetConfig\adapter name
The default internal network number of 00000000 needs to be set to a unique value if FPNW is installed using
multiple adapters or frame types, or SAP is being used for applications such as SQL.
Enabling RIP allows the NT box to act as a router.
NetBeui uses 30% more bandwidth than TCP/IP and is not routable, it is designed for networks of
20-200 computers. It is dependent on broadcasts for name discovery and name registration.
Binding protocols can be done in different orders, the most used protocols should be first.
For instance routable protocols could be bound to the server whilst all the protocols
could be bound to the workstations.