The following table can be used to determine the minimum TCP Receive Window size needed for given (1) downlink speed latency:

Winsock – networking API designed to facilitate communication among TCPIP apps and protocol stacks

NetBIOS Interface – most windows OS’s use IPC Inter-process Communications to allow for the use of

NetBIOS names

NetBIOS name resolution – broadcast queries to LAN using NB Name Server. WINS is MS version

Datagram Service – send and receive info via broadcasts and connectionless datagrams…unreliable

Session Service – 2 way communications is reliable once they setup connection

TDI – Transport Driver Interface is responsible for the communication between Session layer protocols and Transport layer components

Transport layer uses TCP and UDP (unreliable – best effort) to communicate

TCPIP must have a protocol port number to reference the location of app or process on another machine. Port is subset of Socket, which includes IP.

Sliding Window – describes the size of the sending and receiving TCP buffers. Reduce window for slow net, increase for large data transfers.
Each IP packet has:
Source and destination address
Protocol identifier
Checksum
TTL

IP then uses ANDing to determine if address is remote or local

ARP – resolves MAC addresses and runs with cache to determine if already knows where a particular machine is. Acts like WINS

DHCP Relay Agent – can be configured on NT or 95 to forward requests directly to a DHCP Server on another network.

Enabling IP routing allows a multihomed machine to send data from one net to another

PPTP used to send encrypted data across TCPIP networks

Only computers with the same NetBIOS Scope ID can speak to each other, unless left empty.

All hosts that share the same network ID must be located on the same physical network segment for info to reach them properly

Class A 1st Octet is Net ID 126 Nets 16,000,000 Hosts 1 – 126, 127 Loopback
Class B 2 Octets 16,000 Nets 65,000 Hosts 128 – 191
Class C 3 Octets 2,000,000 Nets 254 Hosts 192 – 223

Subnetting allows networks with different access methods to be interconnected.

CIDR – Classless Inter-Domain Routing is used to reduce the size of routing tables. Adjust subnet mask to treat similar Ips the same so that they can be organized on the web together like a group of Class C addresses for the same organization can be treated as a whole. Requires CIDR capable routers.

MPR and RIP allow NT 4 to use dynamic routing.

Static IP Routing
Routing Table Needs
Network Address – address of each known network with local and broadcast
Netmask – subnet mask for each network
Gateway – The IP of each router entry to each network
Interface – HWA, hardware address of network interface point (Router)
Metric – Number of hops to reach the network

Route command used to create and modify static IP tables

TCP/IP routing protocols are RIP and OSPF
RIP sends entire copies of table updates, distance vector determines number of hops
OSPF only sends updates, not supported by NT

System reboots destroy routing tables

ARP Cache holds the IP to HWA info, NT removes the oldest entries regardless of how often used, usually 10 min

ARP -s IP MAC – adds new HWA to cache

ARP -d IP MAC – removes

ARP -a – display the ARP cache

RARP – reverse ARP, gives an IP address from the HWA

HOSTS file located in winnt\system32\drivers\etc

B-Node resolution occurs when trying to resolve a NetBIOS name by broadcasting.

NetBIOS name is used as the host name by default

Host Name Resolution in order;
HOSTS file – can map IP to a single host name
DNS Server
NetBIOS Name Cache
WINS
Broadcast
LMHOSTS

MS DNS is Berkeley Internet Name Daemon (BIND) compatible. Normally a file on DNS server (Boot File) is used to configure DNS but MS does not need this file to load, but can use it if necessary.

Domain Name Space is the structure and data that create the distributed Domain Name System on the Internet. At Root level are the root name servers.

In DNS resolution process, the client requesting a name is called a resolver. The server providing name resolution is the Name Server.

Name Server Types
Primary Name Server – has authority for its zone and answers name resolution requests.

Secondary Name Server – has a copy of the zone info from Primary. Reduces load on Primary, provides redundancy.

Master Name Server – any server that provides a name list to a secondary name server. Copying the zone list is called a zone transfer.
Caching Only Name Server – Increases name resolution efficiency by storing entries in cache. Useful on other end of a slow WAN because they answer resolver requests but do not zone transfer.

Queries for Name Resolution
Recursive Queries – issued by resolvers as a direct request. If name server cannot resolve immediately, it responds with Destination Unknown.

Iterative Queries – Name Server uses info to resolve as much of the name as possible and calls on other servers until it can respond to client completely.

Inverse Queries – You have IP but you need the name. Special Domain in-addr.arpa maintains reverse sort list of IP addresses to Internet Names. IP must be in reverse order.

TTL on a name resolution allows for the older entries to die after given amount of time to keep old resolutions from conflicting.

By default the new file name of a domain is the domain name plus the extension .DNS

Configure the new domain into a zone and then you can create subdomains within zones.

Canonical name records allow aliases to allow more than one host name to be associated with an IP address.

DNS can be set to use WINS reverse lookup, use tab in in-addr.arpa properties to talk to DNS.

DNS Notify allows DNS master servers to inform secondary servers when changes have been made.

DNS Round Robin – use the same computer name (www.ms.com), give each a different IP address, and DNS will alternate the IP’s.

DNS Clients – in DNS Service Search Order setup the machines you would like to contact to resolve computer name.

DNS NSLookup – Interactive will run multiple queries, Non-Inter will run one computer name query.

HOSTS resolves Internet Names.

CACHE.DNS file is used to point your name server to the root servers of InterNIC

Enable a DNS server to call a WINS server by adding a WINS resource record to the zone and enable WINS, must also have

WINS Resolution checkbox and IP address of WINS server as well.

DNS call to WINS for inverse name resolution uses WINS-R record file.

NetBIOS names are setup during loading of TCPIP and will not work if a name is already registered. Can broadcast its name over network at boot, or can directly contact WINS server to register. Usually released when logging off.

NetBIOS name resolution order,
NetBIOS name cache
WINS

B-Node Broadcast – broadcasts a request to the local net segment for all NB names
LMHOSTS – #PRE sets NetBIOS name cache and will hold until purged, place at end of file
HOSTS –
DNS –

Enhanced B-Node – default node config for machines that do not access WINS.

P-Node – Directly contacts Name Cache or WINS, reduces traffic but not fault tolerance if WINS goes down.

M-Node – Name Cache First, then B-Node Broadcast, then WINS

H-Node – By default a machine configured with WINS will do Name Cache then WINS, then Broadcast (Preferred)

To determine problem of name resolution, first try to map network drive, UNC name should work, then try pinging the WINS server, check to see if LMHOSTS file contains the IP of the machine you are trying to connect to, then see if the IP changed.

Check to see if multiple occurrences of name in LMHOSTS because it will only read THE FIRST ONE. Check to see if it is in the correct location.

NBTSTAT – R is the switch to reload the name cache, then NBTSTAT –c to see what is newly loaded into the cache.

DHCP – to load an IP address on a client;
Lease Request
Lease Offer
Lease Selection
Lease Acknowledgement

Router must be able to forward BOOTP broadcasts if DHCP server and client are on different subnets.

Client reservations must have MAC address of the NIC for the client.

JETPACK utility can be used to compact the DHCP database.

You must provide an alternate name resolution method for non-WINS clients such as HOSTS, DNS, or WINS Proxy.

One WINS server can serve 10,000 clients. Only NT can be a WINS server.
Scavenging is automatically done by WINS to remove entries that have expired.

Pull partner requests DB changes based on time – recommended for either side of a slow WAN.

Push partner requests DB changes based on # of changes, push with propagation send changes to all of the other partners.

Backups to WINS done every 24 hours through WINS manager.

Stop WINS service before compacting the DB.

Dynamic NetBIOS name resolution.

With DHCP, add options 44 WINS/NBNS and 46 WINS/NBT to resolve using WINS.

If UDP port 137 and 138 are enabled, WINS proxy agents are not required because the routers can forward requests.

2 Utilities monitor the state of TCPIP.
NETSTAT – a tells all connections being used
NBTSTAT – R purges NetBIOS cache, -c displays freshly loaded cache entries.

LPD – Line Printer Daemon – LPR client send print jobs to Unix systems. LPQ is used to display the status of a queue to see if running ok.

RSH and REXEC can run a command on a remote system.
RCP is like FTP.

SNMP – network management protocol. Uses Protocol Data Units (PDU) and there are 5 types;
One is the trap
2 are used to get terminal info
2 used to set terminal info.

There are some major security loopholes, and info is limited in today’s demand for network analysis.

Software component on client is the agent which collects info and responds to queries. First checks to see if it is in the same “Community” or it will not read it, default community name is public, and is often not changed and is a severe security problem. If so it consults Management Info Base (MIB) most objects of which are read-only. MIB is a data file containing object values and managed object descriptions. Their language is Abstract Syntax Notation (ASN) and is like a compiled C program. ASN structures the data. Each object is known by a unique label known as the “object identifier”.

The “manager” or “mgmt console” requests info, usually uses unreliable UDP protocol.

SNMP Agent can perform GET and Send Trap transactions.

If Accept SNMP Packets from Any Host is checked, no packets are rejected, and your network is wide open.

Troubleshoot SNMP problem through Event Viewer.

TCPIP is slowed significantly due to necessity for Acks before the next packet can be sent over network. Can control this using the Sliding Window, but TCPIP default is to require ack after each packet.

Increase the window size and less acks are required (Change Registry), but if one is lost, it handles the non-receipt differently by immediately notifying that one was lost because they arrive out of order.

Managing NetBIOS traffic can be done by setting a Scope so that machines will only talk to machines with the same Scope ID.

Scope is NOT RECOMMENDED, and can be set in the WINS tab of TCPIP properties. Is done using NBT to support Scopes.

If an IP is a duplicate, then the subnet mask will be displayed as 0.0.0.0
PPTP – a secure way to send packets through the “tunnel” which has an internal protocol that is protected. Is critical in the future of Virtual Private Networks that can use X.25, ISDN, or Public Switched

Telephone Network (PSTN).

RIP routers must have the Enable IP Forwarding checked in order to share RIP packets with other routers. Without RIP you must use the ROUTE ADD [Dest Mask ID] MASK [NetMask] [Gateway Mask]