Chapter 2Fundamental Network

• Reviewing the core components of Microsoft TCP/IP and other network protocols

• Fundamental concepts of Networking:

TCP/IP

DNS

DHCP

WINS

Network Protocols

• NetBEUI• NWLink (IPX/SPX)• TCP/IP

Network configuration on W2K3

• Click Start > Control Panel > Network Connection

• Right-click the network interface• Select Properties (see your installed network

services and protocols listed)• Click the Install button to install additional

services and protocols.• See page 10

NetBEUI

• Enhance User Interface protocols• Windows 95/98• Small office/home office (SOHO) scenarios• It is not routable• Limiting its communication to a single

network subnet• It was not supported by XP,WinS2003

NWLink (IPX/SPX)

• Microsoft's implementation of Novell's IPX/SPX protocol

• Its packages data to be compatible with client/server services on NetWare Networks

• Be aware of some of the basic functionality of IPX/SPX

- Frame type

- Internal network number

- External network number

Frame Type

• In IPX network indicate the mean by which data is encapsulated in IPX packets

Frame type:- Ethernet II- 802.3- 802.2- SNAP- Arcnet

Problems

• Window System can only integrate with one frame type on an IPX network.

• Auto detection and first come first serve

Internal Network Number• It is unique number assigned to all NetWare server• It required on Windows servers in the following

situations:- Win servers with tow or more NICs- Win servers with a single NIC with 2 different IPX

frame type bound to it- Run File and Print Services for NetWare on the Win

server- If required by an IPX application on the Win server• It is made up of eight hexadecimal characters

(00000001 to FFFFFFFE)

External Network Number

• It used to provide a unique logical identifier to represent a single network segment.

• TCP/IP concepts:

- the INN = the host ID

- the ENN = the network ID

TCP/IP Basic

• Transmission Control Protocol/Internet Protocol• Protocol Suite

– Referred to as “IP” or “TCP/IP”– Subprotocols include TCP, IP, UDP, ARP

• Developed by US Department of Defense– ARPANET (1960s)

• Internet precursor

• Advantages of TCP/IP– Open nature

• Costs nothing to use– Flexible

• Runs on virtually any platform• Connects dissimilar operating systems and

devices– Routable

• Transmissions carry Network layer addressing information

• Suitable for large networks

The TCP/IP Model

• Four layers– Application layer– Transport layer– Internet layer– Network access layer (or Link layer)

The TCP/IP model compared with the OSI model

The TCP/IP Core Protocols

• TCP/IP suite subprotocols• Operate in Transport or Network layers of OSI

model• Provide basic services to protocols in other

layers• Most significant protocols in TCP/IP suite

– TCP– IP

TCP (Transmission Control Protocol)• Transport layer protocol• Provides reliable data delivery services

– Connection-oriented subprotocol• Establish connection before transmitting

• Uses sequencing and checksums• Provides flow control• TCP segment format

– Encapsulated by IP packet in Network layer• Becomes IP packet’s “data”

A TCP segment

• Three segments establish connection• Computer A issues message to Computer B

– Sends segment with SYN bit set• SYN field: Random synchronize sequence number

• Computer B receives message– Sends segment

• ACK field: sequence number Computer A sent plus 1

• SYN field: Computer B random number• Computer A responds

– Sends segment• ACK field: sequence number Computer B sent plus 1• SYN field: Computer B random number

• FIN flag indicates transmission end

Establishing a TCP connection

IP (Internet Protocol)• Network layer protocol

– How and where data delivered, including:• Data’s source and destination addresses

• Enables TCP/IP to internetwork– Traverse more than one LAN segment

• More than one network type through router• Network layer data formed into packets

– IP packet• Data envelope • Contains information for routers to transfer data

between different LAN segments

• Two versions– IPv4: unreliable, connectionless protocol– IPv6

• Newer version of IPv6– IP next generation–Released in 1998

• Advantages of IPv6–Provides billions of additional IP addresses–Better security and prioritization provisions

An IPv4 packet

An IPv6 packet header

IPv4 Addressing• Networks recognize two addresses

– Logical (Network layer)– Physical (MAC, hardware) addresses

• IP protocol handles logical addressing• Specific parameters

– Unique 32-bit number• Divided into four octets (sets of eight bits)

separated by periods• Example: 144.92.43.178

– Network class determined from first octet

Commonly used TCP/IP classes

• Class A devices– Share same first octet (bits 0-7)

• Network ID

– Host: second through fourth octets (bits 8-31)

• Class B devices– Share same first two octet (bits 0-15)– Host: second through fourth octets (bits 16-31)

• Class C devices– Share same first three octet (bits 0-23)– Host: second through fourth octets (bits 24-31)

IPv4 addresses and their classes

• Class D, Class E rarely used (never assign)– Class D: value between 224 and 239

• Multicasting– Class E: value between 240 and 254

• Experimental use

• Eight bits have 256 combinations– Networks use 1 through 254– 0: reserved as placeholder– 255: reserved for broadcast transmission

• Loop back address– First octet equals 127 (127.0.0.1)

• Loopback test– Attempting to connect to own machine– Powerful troubleshooting tool

• Windows XP, Vista– ipconfig command

• Unix, Linux– ifconfig command

Binary and Dotted Decimal Notation• Dotted decimal notation

– Common way of expressing IP addresses– Decimal number between 0 and 255 represents

each octet– Period (dot) separates each decimal

• Dotted decimal address has binary equivalent– Convert each octet– Remove decimal points

Decimal numbers to Binary1. Find the largest number in conversion chart that is less than

or equal to the number you are working with (128, 64, 32, 8, and so on) and place a 1 in its column.

2. Subtract the number from the marked column from the number you started with.

3. Find the largest number in the conversion chart that is less than or equal to the number that you were left with after step1, and place a 1 in its column.

4. Subtract the number from the marked column from the number you were left with after step 2.

5. Repeat steps 3 and 4 until you reach 0; then place a 0 in all column that do not have a 1. That is your binary number.

Subnet Mask

• 32-bit number identifying a device’s subnet• Combines with device IP address• Informs network about segment, network

where device attached• Four octets (32 bits)

– Expressed in binary or dotted decimal notation

• Assigned same way as IP addresses– Manually or automatically (via DHCP)

Default subnet masks

IPv6 Addressing• Composed of 128 bits• Eight 16-bit fields• Typically represented in hexadecimal numbers

– Separated by a colon– Example:

FE22:00FF:002D:0000:0000:0000:3012:CCE3• Abbreviations for multiple fields with zero values

– 00FF can be abbreviated FF– 0000 can be abbreviated 0

• Multicast address– Used for transmitting data to many different

devices simultaneously

• Anycast address– Represents any one interface from a group of

interfaces

• Modern devices and operating systems can use both IPv4 and IPv6

Assigning IP Addresses• Government-sponsored organizations

– Dole out IP addresses– IANA, ICANN, RIRs

• Companies, individuals– Obtain IP addresses from ISPs

• Every network node must have unique IP address– Error message otherwise

• Static IP address– Manually assigned– To change: modify client workstation TCP/IP

properties– Human error causes duplicates

• Dynamic IP address– Assigned automatically– Most common method

• Dynamic Host Configuration Protocol (DHCP)

IP Address Structure• It divided into 2 parts

- Host ID

- Network ID

Example: Network ID Host ID

10.8.32.8 = 00001010|00001000.00100000.00000110

255.0.0.0 = 11111111|00000000.00000000.00000000

Network ID = 10.0.0

Host ID = x.8.32.6

= 10.8.32.6

Nonroutable IP Address

• Internal Network Address:

10.0.0.0 to 10.255.255.255

169.254.0.0 to 169.254.255.255

172.16.0.0 to 172.31.255.255

192.168.0.0 to 192.168.255.255

TCP/IP in a Routed Environment

• Using Router to connect to the Internet• Router has its own IP address and subnet mask• Router is used to sent IP packets• Router uses its routing table

routing table is a cross-reference table that stores information on how to get to IP

networks

• Default Gateway

- the same network ID and subnet mask

- send data beyond their local subnet

- Any computer its default gateway is where it sends all packets that don’t have the

network ID of their local subnet.

- where it goes, where do I sent it?

NetBIOS Name V.S. FQDNs• Both give you the ability to associate a

friendly name with a network object• Difference is how you see the name written• NetBIOS name is a simple name used to

represent a system but is limited in size to 15 characters.

• FQDN is typically <computer name>.<domain name>.<domain extension>

NetBOIS Naming Rules

• The names can’t begin with a number• The names can be no larger than 15 characters• The name can use the characters A-Z, a-z, 0-9,

hyphens, and is not case sensitive• The name can have spaces (a space counts as

on character)

FQDN Naming Rules• The name can begin with anumber• The name can be no larger than 255 characters

(domain controllers are limited to 155 characters)

• The name can us the characters A-Z, a-z, 0-9, hyphens, and is not case sensitive

• The names cannot have spaces• Portions of the name are separated by periods

(www.microsoft.com)

Name Resolution MethodsThere are several ways on a network for a name to become associated with an IP address• Domain Name Service – The server that resolves

FQDNs to IP address• Windows Internet Naming Service – The server that

resolves NetBIOS names to IP address• LMHosts file – The file stored locally on every

computer that maps IP addresses to NetBIOS names• Broadcast – A way for your computer to shout out to

the network. (It only work on the subnet connected to the system)

Name Resolution with DNS• DNS is a TCP/IP service that is used to map IP

address to FQDNs or vice versa• Win 2K and newer systems try to resolve the name to

an IP address in the following order:

1. Resolver cache and Hosts file

2. DNS

3. NetBIOS cache

4. WINS

5. Broadcast

6. LMHosts

1. Resolver cache and Hosts file• Its own resolver cache which is where the

local computer stores its previously queried FQDN to IP address mappings

• Run ipconfig/displaydns to display• Run ipconfig/flushdns to clear• Wins system cache positive entries for the

Time to Live (TTL)value provided to them by the authoritative DNS server that answered the request, but never longer than 24 hours

• Negative entries are cached for 5 minutes• Both entries values can be changed by editing

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters Registry key

• Change the maximum lifetime for positively cached entries by create the DWORD value MaxCacheEntryTtlLimit and set its value to the desired maximum second

• Change the duration that negatively cached queries ar e kept in the cache, create the DWORD value NegativeCacheTime and set its value to the number of seconds that your system to maintain negative name resolution queries

Host File• The contents of its Host file are automatically loaded

into the resolver cache when a system boots• Your alter and save a Host file, it is automatically

reloaded into the resolver cache• A client’s own local “mini DNS server”• Manually configure or deploy the Host file to every

system where you would like to have th FQDN-to-IP address mappings

• %systemroot%\system32\drivers\etc folder (C:\Windows\system32\drivers\etc by default)

• Notepad to view and edit

2.DNS Query Types• The client will perform a recursive query to its

primary DNS server– A recursive query: it is a request for IP

address resolution of the entire FQDN.

• Not answer: it may make several iterative queries to root-level name servers.– An iterative query: it is a request to resolve only a

portion of an FQDN

3. NetBIOS Cache• it will check in NetBIOS cache for any records

that match the host portion of the FQDN• NetBIOS cache is equivalent of the DNS

resolver cache.• Only different in that it show NetBIOS name-

to-IP address mappings as opposed to FQDN-to-IP address mappings

• Run nbtstat –c to view it

4. WINS• It is used to resolve NetBIOS names to IP

address• It was devised as a way to map IP addresses to

NetBIOS names• The client simply sends the request directly to

the WINS server• Broadcasts• The method depends on the type of NetBIOS

client that the system is configured

NetBIOS client can be configured to use any one of following NetBIOS name resolution modes:- B-node (Broadcast node)- P-node (Peer node)- M-node (Mixed node): combination of B- and

P-node, broadcast => queries a NetBIOS name server

- H-node (Hybrid node): combination of B- and P-node, queries a NetBIOS name server => checks in its LMHosts file => broadcast

DHCP• Dynamic Host Configuration Protocol• It allows clients and server on your network to

automatically obtain an IP address from a DHCP server

• Operations:

DHCP lease DHCP scope

Reservation DHCP options

DHCP relay agent

Automatic Private IP Addressing

DHCP Lease• Network adapters are identified by 48-bit Media

Access Control (MAC) address• MAC address are expressed in hexadecimal

MAC address = 00-03-2F-01-D0-1B• DHCP servers only lease IP addresses to DHCP

clients• A client is connected to the network, at the 50% point

of its DHCP lease duration it will automatically to contact DHCP server and renew its lease

DHCP Scope• DHCP address allocations and leases are configured

in DHCP scopes• Defining a range of IP address• Other Settings: Subnet mask, IP address exclusions,

IP address reservations, and DHCP options• The IP address range is specified at the time a DHCP

scope is created and cannot be changed• When configured, all IP addresses in the defined

exclusion rang will not be handed out by the DHCP server

Reservation

• Same IP address for DHCP clients• Must know the MAC address of the computer• A mapping on the DHCP server of an IP

address to a MAC address• Exclude the range of IP addresses from the

DHCP lease

DHCP Options

• It allow you to automatically provide clients with much more than an IP address and a subnet mask

• It can automatically assign the following to DHCP clients:– Default gatway– DNS server(s)– DNS domain name– WINS server(s)– WINS node type

DHCP Relay Agent• The problem with broadcasts is that router will drop them• The router is RFC1542 compliant and has BOOTP forwarding

enabled, the router will forward DHCP Discover packets• Not RFC1542 compliant, DHCP server on a single subnet,

client on multiple subnets to obtain IP address leases from the server

- Buy newer RFC1542-complient routers

- configure a Win server running Routing and Remote Access service as DHCP relay agent

• DHCP relay agent weren’t present => Microsoft invented APIPA

Automatic Private IP Address• It is in Windows 2000 or higher• Client cannot contact a DHCP server gives

itself its own IP address• Class B address in the 168.254.0.1 to

169.254.255.254 range with subnet mask of 255.255.0.0

• The feature allows you to automatically set up a TCP/IP network by plugging the computer into a hub or switch