TCP/IP GuideThis is my compilation of networking guides when I was studying Computer Technology and Networking. The guides below are our actual class disscusion. I would like to share this section to those who are interested to learn netowrking. I studied two years in Computer Technology Networking including PC troubleshooting, Network data communication, Linux and Unix networking and MCSE preparations. Unfortunately, I wasn't able to use my knowledge in networking due to my decision to switch on Windows and Web development. Here it is! Enjoy and hope you learn from it.Contents:ARPIPTCPUDPTCP/IP AddressingSubnettingStatic RoutingRIPDHCPNETBIOSLMHOSTSWINSBrowsingHost NamesDNSSNMPTroubleshooting

ADDRESS RESOLUTION PROTOCOL(ARP)LOCAL IP ADDRESSWhen 2 computers try to communicate, an ARP request is initiated. If the IP address is on the local network, the source host checks its ARP cache to see if it already has the hardware address(MAC address) of the receiving host. If not, a broadcast is sent to all local hosts. If the receiving host finds that the IP address of the source host matches it's own then it sends a reply to the source host with it's hardware address. When received by the source host, it's ARP cache is updated to include this info. If no hosts respond to the broadcast then the request is discarded.

REMOTE IP ADDRESSThis is a little different. When the destination address is found to be a remote host, the source host checks the local routing table for a path to the recieving host. If one is not found then a broadcast is sent to the router(gateway). The router replies with its hardware address and then the packet is sent to the router. Essentially the router follows the same pattern. It checks its cache for a path to the recieving host. If one is found then it fowards the packet. If not, it sends a broadcast and waits for a reply from the host. It may again determine that it is a remote host and then the process repeats with a broadcast to the next router and so on and so forth. Once the recieving host gets the request, it sends an ICMP echo request.

WOULD YOU LIKE TO KNOW MORE?ARP entries can be static or dynamic. If a dynamic entry is not used within 2 minutes then it is deleted. If it is used then it will remain for 10 minutes. A static entry will hang around until the computer is rebooted, it is deleted witharp -d, or a new hardware address is received via broadcast in which case the entry becomes dynamic. A tornado or earthquake could also remove your static entries.Back to contentsARP COMMANDS1)arp -aorarp -gBoth of these commands do the same thing. They display the contents of your current arp cache.2)arp -s ip_address hardware_addressThis commands a static entry to the arp cache.3)arp -d ip_addressRemoves and entry from the arp cache.

INTERNET PROTOCOL(IP)BACKGROUNDIP is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP.

IP HEADER STRUCTURE- This is not on the examVERSION:This field uses 4 bits to denote the version of IP.HEADER LENGTH:4 bits denote the number of 32-bit words in the header. Them minimum length is 20 bytes.TYPE OF SERVICE:8 bits that indicate the quality of service that the packet should receive. Includes precedence, delay, throughput and reliability.TOTAL LENGTH:16 bits denote the total length of the packet.IDENTIFICATION:16 bits are used as a unique identifier so the packet can be reassembled in the event that it is fragmented.FRAGMENTATION FLAGS:3 bits used in the fragmentation process.FRAGMENT OFFSET:13 bits used to determine the location of the fragment in regards to the original IP packet.TIME TO LIVE(ttl):8 bits that indicate the maximum number of hops that a packet can travel before being thrown away. Asleep yet?PROTOCOL:8 bits are used to identify the original upper-layer protocol used.HEADER CHECKSUM:16 bits used to check for errors in the header only.

SOURCE ADDRESS:32 bits that indicate the IP address of the sending host.DESTINATION ADDRESS:32 bits that indicate the IP address of the receiving host.OPTIONS AND PADDING:stores IP options.I really don't think that any of this header structure info will be on the test. It is simply here for reference purposes.Back to contents

TRANSMISSION CONTROL PROTOCOL(TCP)BACKGROUNDAs opposed to IP, TCP is connection oriented and assures reliable delivery of packets. When the destination host receives a segment it sends back an acknowledgement(ack). If an ack is not received by the source host within a certain period of time then the data is retransmitted. TCP uses sockets and ports to exchange data between applications. Ports provide a specific and universal location for message delivery, while sockets use the host ip address, port number and the type of service (TCP or UDP) to create a reliable connection. TCP uses sliding windows to buffer data between hosts. A buffer that is too large or small can cause poor network performance. For example, if you are shotgunning a beer your throat is like the buffer. If your throat isn't opened wide enough then the beer travels to your stomach very slowly. If your throat is open too wide, then some of the beer packets get lost in your lungs or you just throw up. You then have to retransmit the beer back to your stomach.

THREE-WAY HANDSHAKEA TCP session begins with a three-way - Handshake that is. This process synchronizes the sending and receiving of data.1) The source host sends a segment with the SYN flag set "on".2) The destination host sends a reply with SYN flag "on", a sequence number and an ACK that relays the next packet that the destination host is expecting.3) The source host sends and ACK with received sequence number and an acknowledgement number. The session is ended with a similar process.

TCP HEADER STRUCTURE- This is not on the examSOURCE PORT:This is the TCP port of the source host.DESTINATION PORT:TCP port of receiving hostACKNOWLEDGEMENT NUMBER:The sequence number of the packet that the recieving host is expecting next.DATA LENGTH:Length of segmentRESERVED:Crappy explanations everywhere so it must not be important.FLAGS:Denotes the content of the segmentWINDOW:Specifies how much space is left in the TCP window.CHECKSUM:Makes sure that the header is not corrupted.URGENT POINTER:If there is a flag in the flags section that indicates that there is urgent data included, this field shows where the end of this urgent data is.Back to contents

USER DATAGRAM PROTOCOL(UDP)BACKGROUNDUDP is a connectionless service that sends small amounts of data at one time and does not guarantee delivery. It is commonly used with applications such as NETSTAT, TFTP, SNMP, NETBIOS name service and NETBIOS datagram service. Like TCP, UDP uses ports to provide the location to send packets.

HEADER STRUCTURE- This is not on the examSOURCE PORT:UDP port of the source hostDESTINATION PORT:UDP port of receiving hostMESSAGE LENGTH:The total size of the UDP packet.CHECKSUM:Verifies that the header is intact.Back to contents

TCP/IP ADDRESSINGBACKGROUNDEvery IP address can be broken down into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts on the same network must have the same netid. Each of these hosts must have a hostid that is unique in relation to the netid. IP addresses are divided into 8 octets with each having a maximum value of 255. We view IP addresses in decimal notation such as 124.35.62.181, but it is actually utilized as binary data so one must be able to convert addresses back and forth.

CONVERTING IP ADDRESSESDECIMALBINARYWhen converting binary data to decimal, a "0" is equal to 0. "1" is equal to the number that corresponds to the field it is in. For example, the number 213 would be 11010101 in binary notation. This is calculated as follows: 128+64+0+16+0+4+0+1=213. Remember that this only represents 1 octet of 8 bits, while a full IP address is 32 bits made up of 4 octets. This being true, the IP address 213.128.68.130 would look like 11010101 10000000 01000100 10000010. If you understand this then you are a geek and all of your friends will laugh at you. Believe me - I know!12810000000640100000032001000001600010000800001000400000100200000010100000001

CLASSESBack to contentsCLASSRANGEA1-126IP addresses can be class A, B or C. Class A addresses are for networks with a large number of hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium to large networks with the first 2 octets making up the netid and the remaining 2 are the hostid. A class C is for smaller networks with the first 3 octets making up the netid and the last octet comprising the hostid.B128-191C192-223

Back to contents

SUBNETTINGBACKGROUNDA subnet mask blocks out a portion of an IP address and is used to differentiate between the hostid and netid. The default subnet masks are as follows:CLASSDEFAULT SUBNET# OF SUBNETS# OF HOSTS PER SUBNETClass A255.0.0.0n16,777,214Class B255.255.0.016,38465,534Class C255.255.255.02,097,152254In these cases, the part of the IP address blocked out by 255 is the netid.

WOULD YOU LIKE TO KNOW MORE?The table above shows the default subnet masks. What subnet mask do you use when you want more that 1 subnet? Lets say, for example, that you want 8 subnets and will be using a class C address. The first thing you want to do is convert the number of subnets into binary, so our example would be 00001000. Moving from left to right, drop all zeros until you get to the first "1". For us that would leave 1000. It takes 4 bits to make 8 in binary so we add a "1" to the first 4 high order bits of the 4th octet of the subnet mask(since it is class C) as follows: 11111111.11111111.11111111.11110000 = 255.255.255.240. There is our subnet mask.Lets try another one...Lets say that you are the network administrator for a chain of dry cleaning stores in New York and you have stores in 20 different neighborhoods and you want to have a separate subnet on your network for each store. It will be a class B network. First, we convert 20 to binary - 00010100. We drop all zeros before the first "1" and that leaves 10100. It takes 5 bits to make 20 in binary so we add a "1" to the first 5 high order bits which gives: 11111111.11111111.11111000.00000000 = 255.255.248.0. The following table shows a comparison between the different subnet masks.MASK# OF SUBNETSCLASS A HOSTSCLASS B HOSTSCLASS C HOSTS19224,194,30216,3826222462,097,1508,19030240141,048,5744,0941424830524,2862,046625262262,1421,0222254126131,070510Invalid25525465,534254InvalidBack to contents

STATIC ROUTINGBACKGROUNDA router or gateway is a hardware device that fowards packets from one logical network to another. IP uses a routing table to determine which networks that packets can be forwarded to and will only forward them to networks that it has been configured to do so. When a packet is to be sent, IP determines whether or not the IP address is local or remote. If it is local, it forward the packet. If it is remote, it consults the routing table to determine the path to the remote host. If there is no entry in the routing table, then the default gateway is used instead. The routing table is checked at the router and the process repeats. A packet can be forwarded from router to router. Each one of these steps is called a "hop". If a route to the remote host is never found then an error message will return. On NT, multiple gateways can be configured and if "Dead Gateway Detection" is set to "on" then IP will attempt to use the next default gateway.

WOULD YOU LIKE TO KNOW MORE?Routing can be either static or dynamic. Static routing involves manually programming the routing table into the router. If you have a large network, this can be a real hassle especially if your network constantly changes and the tables have to keep getting updated. Let's look at how this all works...

In this example you can see that our router is actually a computer. If one adds 2 network adapters to an NT server, it can be used as a router. A computer that acts as a router in this way is said to be getting it in both ends. Just kidding - it is called multihomed. The default gateway of Host A in this example would be the local side of the router which would be 134.62.8.1. Conversely, Host B's gateway would be 134.62.20.1. And that is all I have to say about that.Back to contentsROUTE COMMANDS1)route add (IP_Address) mask (Subnet_Mask) (Gateway_address)Add a route.2)route -p add (IP_Address) mask (Subnet_Mask) (Gateway_address)Add a persistent route. This type of entry is stored in the registry and are not affected by a power cycle.3)route delete (Subnet_Mask) (Gateway_address).Delete a route.4)route change (Subnet_Mask) (Gateway_address.)Change a route.5)route printShows the contents of the routing table.6)route -fErases all routes.Back to contents

RIPBACKGROUNDThis is a continuation of the routing discussion, but now we will be focusing on dynamic routing which uses the Routing Information Protocol(RIP). RIP measures the distance from source to destination by counting the number of hops(routers or gateways) that the packets must travel over. RIP sets a maximum of 15 hops and considers any larger number of hops unreachable. RIP's real advantage is that if there are multiple possible paths to a particular destination and the appropriate entries exist in the routing table, it will choose the shortest route. Like me, RIP is all about the path of least resistance. RIP uses an update interval which broadcasts its routing table over UDP port 520 after a specified period of time. Here is how it works...

OK...Router 1 and router 2 would broadcast their routing tables to each other every x seconds depending on what the update interval is set to. Each router would then add any new routes to its table. If a route already exists then the router would see if the new route has less hops then the one it currently has stored.

WOULD YOU LIKE TO KNOW MORE?The Microsoft text claims that RIP is best used on smaller networks. This is because larger networks can have a crap-load of entries in their routing table. Due to the fact that RIP packets can be a maximum of 512 bytes, larger tables would have to be sent as multiple packets which can bog down the network.Back to contents

DHCPBACKGROUNDDHCP stands for Dynamic Host Configuration Protocol and provides a solution that automatically assigns IP addresses to computers on a network. When a client is configured to receive an IP address automatically, It will send out a broadcast to the DHCP server requesting an address. The NT server will then issue a "lease" and assign it to that client. The time period that a lease will last can be specified on the server. Some of the benefits of DHCP include the following: Prevents users from making up their own IP addresses. Prevents incorrect gateway or subnet masks from being entered. Decreases amount of time spent configuring computers especially in environments where computers get moved around all the time(I think that is everywhere, isn't it?). Handy in situations where you have a large sales staff that work remotely. On that one day they bring their laptops and they can just plug them into the network and they are all set.HOW DOES THIS CRAZY THING WORK?It all happens in 4 steps.1) The client sends a broadcast that says "Hey, I need an IP address over here". Since it is not configured for TCP/IP yet it uses a source address of 0.0.0.0 and a destination address of 255.255.255.255. The broadcast contains the computer's name and the MAC address so the DHCP server knows where to reply. This is called the IP lease request.2) The DHCP server/s send an offer. This broadcast contains the IP address, client's hardware address, subnet mask, duration of lease and the IP address of the responding DHCP server. This process is called a IP lease offer.3) The client takes a look at the first offer that it receives and sends a message to all DHCP servers to let them know that it has chosen an offer. This is known as the IP lease selection.4) The DHCP server then sends an ack to the client, all other DHCP servers withdraw their offers and cry in the corner and the clients now have an IP address. If an unsuccessful ack is received then the client sends out another lease request. Easy eh? For all of you registry nuts, the client stores its IP info inHKEY_LOCAL_MACHINE\SYSTEM\CurrentConrolSet\Services\adapter\Parameters\Tcpip.Back to contentsLEASE RENEWALDHCP clients will attempt to renew their leases when %50 of the lease has expired. The client will send a DHCPREQUEST message to the server that assigned the lease. Assuming the DHCP server isn't on fire or anything it will send out a DHCPACK with the new lease. If the server is unavailable, then the client can continue functioning as it has %50 remaining still. The client will continue as normal until the lease reaches %87.5 used at which time it broadcast to all DHCP servers and attempt to get a new lease. If the client receives a DHCPNACK message or the lease expires then the client must start all over again and will get a different IP address. If the lease expires and the client is unable to get a new one then the user will be whining to their IS dept. about it because they will not be able to communicate over the network.

IPCONFIGBelow are the ipconfig switches that can be used at a command prompt. ipconfig /allwill display all of your IP settings. ipconfig /renewforces the DHCP server, if available to renew a lease ipconfig /releaseforces the release of a lease.SETTING UP A DHCP SERVERWe have discussed how DHCP works for the clients, so now we should look at what happens on the rest of the network. First question to ask yourself is how many subnets will the DHCP server serve. If it is more than 1 then you have to make sure that all routers are configured as DHCP relay agents or else only the local subnet will get leases. Next the "scope" needs to be defined. If there multiple DHCP servers then each one will need to have a unique scope of IP addresses since DHCP servers do not share information about leases with each other. According to Microsoft, each DHCP server should be configured with %75 of the scope reserved for the local subnet and the remaining %25 for remote subnets. This provides redundancy in case a client can't obtain a lease from the local server, then it can get one from a remote server. Also, keep in mind that a DHCP server cannot also be a DHCP client, meaning that the DHCP server must have static entries for its IP settings. Below are the basic steps to set up a DHCP server:

1) The DHCP server service must be installed.2) A scope must be defined. Note that each DHCP server must have unique scopes defined or else duplicate IP addresses may be assigned. There are 3 scope options:

Global - This option is used when all DHCP clients will use the same IP setting, such as the same subnet mask.

Scope - These options are only available to clients that are using an address specified by the scope.

Client - Used for clients that use reserved addresses.

3) The server may be configured to always assign a particular address to a client.4) "Map out" any static IP addresses on the network in the "exclusion range" fields.The DHCP server database is backed up every hour(default) and can be restored when needed. It can also be compacted in order to keep it running efficiently. NT 4.0 does this automatically, whereas it must be done manually with earlier versions of NT.

DHCP RELAY AGENTThis service is used when routers separate clients from a DHCP server. An NT server on the same subnet as the clients can be configured so that it automatically sends all DHCP messages directly to the DHCP server. Included in the message to the server is the address of the originating client so that the DHCP server can respond directly back to the client. This service is basically a middle-man.Back to contents

NETBIOSBACKGROUNDGet ready, because it is time to take it to the next level. When talking about Netbios, we typically refer to the concept of a Netbios Name which is the name assigned to your computer. Netbios allows applications to talk to each other using protocols such as TCP/IP that support Netbios. Netbios is also a session/transport layer protocol that is typically seen in other forms such as Netbeui and NetBT. These are the main functions that Netbios serves:

Starting and stopping sessions.

Name registration

Session layer data transfer(reliable)

Datagram data transfer(unreliable)

protocol driver and network adapter management functions.

Back to contents

NETBIOS NAMINGA Netbios name is either a unique name or a group name, the difference being that a unique name is is used for communication with a specific process on a computer, whereas a group name is for communication with multiple clients. Netbios name resolution resolves a computer's Netbios name to an IP address. Microsoft offers several different ways to resolve Netbios names and each will be disscussed below.

LOCAL BROADCAST- If the destination host is local, then first the Netbios name cache is checked and a broadcast is not sent. If it is not found here, then a name query broadcast is sent out that includes the destination Netbios name. Each computer that receives the broadcast checks to see if it belongs to the name requested. The computer that owns the name then uses ARP to determine the MAC address of the source host. Once obtained a name query response is sent. NOTE: Some routers do not support the fowarding of these broadcasts as they use UDP ports 137 and 138.

NETBIOS NAME SERVER- When using a Netbios name server, the cache is checked first and if the name is not found the destination host's name is sent to the name server. After the name server resolves the name to an IP address, it is returned to the source host. When the source host receives the information it uses ARP to resolve the IP address of the destination host to it's MAC address.

LMHOSTS FILE- More on this later...

HOSTS FILE- More on this later...

DNS- More on this later...

NBSTAT COMMANDS1)nbstat -nLists all registered Netbios names.2)nbstat -cShows the Netbios cache.3)nbstat -RReloads the Netbios name cache from the lmhosts file.Back to contentsLMHOSTSBACKGROUNDAn lmhosts file is a text file that is used to manually configure Netbios names. In NT, it is located in the \system32\Drivers\Etc directory. The file is configured with the keywords listed below: #PRE - Denotes entries to be preloaded to the cache, which cuts down on broadcast traffic. #DOM:domain name- provides logon validation, browsing and account syncronization. #BEGIN_ALTERNATE and #END ALTERNATE - Provides alternate locations for other lmhosts files using a UNC path. #INCLUDE - Uses Netbios entries located in a different lmhosts file such as one that is centrally shared. #MH - For multi-homed computers, this adds extra entries.Each entry in the lmhosts file must be unique, have a valid IP address for the Netbios name and be spelled correctly.Back to contents

WINSBACKGROUNDMicrosoft's definition of WINS is "An enhanced NetBIOS Name Server(NBNS) designed by Microsoft to eliminate broadcast traffic associated with the B-node implementation of NetBIOS over TCP/IP. It is used to register NetBIOS names and resolve them to IP addesses for both local and remote hosts." If a WINS server is configured, then name resolution requests are sent directly to it and in turn the WINS server will send the IP address to the requesting client. If the WINS server can't resolve the name for some reason, then it will use a broadcast to try to resolve the name. A secondary WINS server can be configured to prevent such situations. WINS is dynamically updated which gets rid of the need to screw around with lmhosts files. If a client is configured to use WINS then it will register it's name and IP address with the WINS server. When the computer is turned off, it releases its lease on that name which may be used by a different computer. Microsoft recommends 1 primary and secondary WINS server per 10,000 clients.

NAME RENWAL AND RELEASEBack to contents RENEWAL- Name registrations on the WINS server do not last forever and have a "time to live" or TTL. After 1/8th of the TTL the client will attempt to refresh its name with the server. If it is unable to do this it will try again every 2 minutes until 1/2 the TTL is expired at which point it will start barking at the secondary WINS server if one is present. It will attempt to register with the secondary WINS server 4 times(every 1/8th of the TTL until half is expired). After a successful refresh it will attempt another at 1/2 TTL from there on out. RELEASE- When a computer is shutdown normally(i.e. doesn't crash), it will make a request to the WINS server that its name be released. If the server detects an error it will tell the client "no". If everything checks out ok, the server will send a positive response and releases the name making it available to other clients.OTHER CONSIDERATIONSBack to contents NON-WINS CLIENTS- Static mappings should be made for non-WINS clients other wise a lmhosts file must be configured. Once this is done you will want to set up a proxy agent to that name registration requests are sent to the server. The proxy can be enable by editing the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. Once at this key, change the value for EnableProxy to 1. DATABASE REPLICATION- If multiple WINS servers exist on a network, it is possible to configure them to replicate each others databases for redundancy. In order for this small miracle to happen each WINS server must be configured as a "push" or "pull" partner. Basically, a push partner sends it's database entries to the pull partners. This happens after a certain number of changes have occured in the push partners database and for that reason is not recommended for larger networks as it could start replication during peak traffic times. A pull partner will grab the changed database entries after a configurable amount of time. Servers can also be configured as both push and pull partners which will cause them to replicate their entries with each other. BACKUP, RESTORING AND COMPACTING- A directory for the backup needs to be established. Once this occurs, the database will be backed up every 24 hours. If the database gets hosed and needs to be restored, you can do so by going to the WINS Manager "mappings" menu and select "restore database". The database is compacted automatically.Back to contents

BROWSINGBACKGROUNDThis section is about Microsoft's browsing service. Pay attention as browsing problems can be difficult to fix. A select few computers on the network have the priveledge of being browsers, which means that they are responsible for tracking the shared resources on a network. They obtain their lists of resources from NetBIOS broadcasts. There are 3 different types of browsers: MASTER BROWSER- The king of browsing. This computer keeps track of the list in it's domain as well as keep a browse list on file for the other domains. It is also responsible for making sure that the backup browsers have copies of the list. BACKUP BROWSER- Upon request, this computer sends the list that it recieves from the master browser to clients. DOMAIN MASTER BROWSER- This one takes the browse lists from the master browsers on the network and makes sure that they match.Due to the fact that NetBIOS broadcasts are not typically routed because it can bog down the network with traffic, WINS or lmhosts files need to be used to allow browsing across subnets. When WINS is used, the destination host's IP address is retrieved directly from the WINS database. For clients not using WINS, an lmhosts file must be configured with the name and address of the browsers on the network.

CONFIGURING ANLMHOSTSFILEFor a master browser, the file would be configured as follows:(ip_address)(domain_master_browser_name)#PRE #DOM(domain_name)A domain master browser would be configured as follows:(ip_address)(master_browser_name)#DOM(domain_name)

If you are on a large network, it is better to use WINS. Imagine trying to configure lmhosts files for 1,000 computers. Job security for sure, but what a pain.Back to contents

HOST NAMESBACKGROUNDHost names can be mapped to IP addresses to make referencing hosts easier as you don't have to remember an IP address. Personally, it isn't any easier for me, but Microsoft is the boss. A host name can be any string 256 characters or less and does not have to match the NetBIOS name. There are several different ways that host names can be resolved to IP addresses. Below are the standard methods: HOSTS FILES- A text file that can be edited to manually map the host name to an IP address. DNS SERVER- A database of name/address mapping stored on a computer as is done with WINS. LOCAL HOST NAME - Unless configured otherwise, the default name is the host name of the computer.Microsoft adds several more options which follow: LOCAL BROADCAST- A broadcast on the local network that attempts to discover the IP address for the destination computer's NetBIOS name. LMHOSTS FILES- Like a hosts file, this can be configured for name resolution. NetBIOS NAME SERVER- Pretty self-explanatory. Microsoft uses WINS for this.HOSTS FILEThe hosts file is a little different than the lmhosts file in that it will resolve both local and remote names. If the host name can't be resolved and no other alternative name resolution processes are in place, the user will receive an error. Once the host name is parsed from the host file, ARP takes over and attempts to resolve the IP address to a MAC address. Like the lmhosts method, this is static name resolution.Back to contents

DNSBACKGROUNDThe internet used to use a hosts file to resolve IP addresses to host names or domain names. The internet grew to the point where the administration and the traffic needed to maintain this file became unbearable and DNS was born. A DNS client(aka resolver) sends requests to the DNS nameserver which responds with the requested info, another server to pester or a failure message. This process is very similar to calling information. You call them with a name, they check their database and give you the phone number. There are 3 types of queries that a host will send to its DNS servers and they are inverse, iterative and recursive. When the nameserver resolves a request it is cached and given a TTL. There are a variety of roles a nameserver can satisfy within the zone that they are responsible for: PRIMARY NAMESERVER- Gathers DNS information from local files and is a focal point for adding hosts and domains. SECONDARY NAMESERVER- Gathers the data for its' zone(s) from another DNS server. Secondary nameservers provide redundancy, traffic on primary server and quicker access for locations that are remote in regards to the primary server. CACHING ONLY SERVERS- These do not have a zone that they are responsible for. Their databases only contain info that is received from resolutions that it has made since the the server was last started.Nameservers are distributed into tiers called domains which will be covered in a moment.

DOMAINSMicrosoft discusses domains in terms of a hierarchical "domain name space" which they refer to as being like a tree structure. This probably makes a lot of sense to those of you migrating from the clunky, yet powerful Netware side of things. There are several different domain levels as listed below:Back to contents ROOT LEVEL DOMAINS- The top of the tree. TOP LEVEL DOMAINS- These are divided into different categories. Com, net, mil, edu, org and gov are the most common. SECOND LEVEL DOMAINS- These domains make up the rest of networks as all sub-domains are categorized under this heading. So if you visit Intel's site, you are visiting the sub-domain intel.com. Within intel.com many other sub-domains may also exist. HOSTS- Hosts are the final level in the hierarchy as they are the individual computers that occupy or comprise a domain.THE FILES BEHIND THE MADNESSNormally, a DNS server will use 4 different files to resolve names. These are the database file, reverse lookup file, cache file and boot file. Each of these will be discussed in detail below.Back to contents THE DATABASE FILE- This file will actually be calledyourzone.dnsand it is responsible for storing DNS records. This is a file that replication servers push/pull from the primary server in order to update their databases. This file contains several different entries. The first thing that will be seen in this file is the "Start of Authority"(SOA)which defines a zone's parameters. Next, there should be an entry called "Name Server Record" which lists other namerservers on the network. Next, the "Host Record" is a static mapping of host names to IP addresses and should list all of the hosts in a given zone. Finally, there is a "Canonical Name"(CNAME) entry that allows one to assign multiple host names to an IP address, or in other words, create aliases. REVERSE LOOKUP FILE- This file allows for reverse DNS lookups. Somebody correct me if I am wrong on this point, but I believe that is does this by mapping a host name to a backwards IP address. For example, 192.62.70.50 would become 50.70.62.192. This is accomplished by using "Pointer" records. CACHE FILE- The cache.dns file is required as it contains the records of the root domain servers. The default file that is included with NT 4 contains all of the root internet servers. BOOT FILE- The boot file controls the start-up characteristics of a DNS server on the Berkley Internet Name Daemon(BIND).FINAL THOUGHTS ON DNSDNScan be configured to use WINS in such a way that if the DNS can't solve the request, it will query the WINS server for the information. In order for this to work a WINS -R(reverse lookup) record must be created.Back to contents

SNMPBACKGROUNDNo, it is not a venereal disease! SNMP(Simple Network Management Protocol) is a part of the TCP/IP stack that allows for monitoring and status information on a network. SNMP can commuicate with other NT computers, routers, gateways, mainframes, LAN manager servers, terminal servers and wiring hubs. This service allows open files, arp tables, IP addresses, disk space, etc. to be monitored. In order to do this, 3 basic commands are used. GET- This command requests a specific value. GET-NEXT- Allows for the next value to be viewed and is used for navigation. SET- Allows a value to be altered. Most values are read only and can't be changed.AnSNMPagent sends out reports of events(traps) to as many hosts are configured to receive them. 3rd party Management Information Bases(MIBs) can be used with the Microsoft SNMP service. A MIB contains the information that the agent can request. It essentially defines the scope of the types of requests that can be made.Back to contents

TROUBLESHOOTINGTOOLSThe following is a guide to the tools and techniques for troubleshooting TCP/IP so that you don't go completely mental and kill your co-workers. Although this is not the largest section of the study guide, it is probably one of the more important, so pay attention! First, we will list the tools that NT offers and a description of what they are for.PINGProbably the most important. This verifies that TCP/IP is configured correctly and that a connection can be made.IPCONFIGAllows you to view TCP/IP settings and configuration.TRACERTEnables you to view the route to a specified host. This will show how many hops the packets have to travel and how long it takes.ROUTEView or change entries in the routing table.ARPView and add entries to the ARP cache.NETSTATDisplay protocol information and connection statusNBTSTATCheck NETBIOS connections and update LMHOSTS cache.NSLOOKUPFind all of the mistakes that you made when setting up a DNS server.SNMPManage status information with computers running an SNMP service.EVENT VIEWERView service events and error messages.PERFORMANCE MONITORFind out how well your network is performing and where the problems are.NETWORK MONITORBasically a sniffer trace used to capture and analyze packets.

Back to contentsVERIFY YOUR COMMUNICATIONBilly Gates INC recommends that you troubleshoot networking problems from the bottom layer and move toward the top. The first step is to always ping whatever it is you can't connect to. Next attempt to establish a session of some sort. Now I will show you why the ping utility is so important. For communication problems, if you follow a logical order, you can narrow down the trouble spot as shown below.1. Ping 127.0.0.1 - This is the loopback address and verifies that the computer that you are pinging from can communicate via TCP/IP with its own ethernet adapter.2. Ping own IP address - Verifies that a valid IP address was entered for this computer.3. Ping default gateway - Typically this would be the near side of a router. If you can ping this address, then you should be able to ping other hosts on your same subnet.4. Ping far side of router - This will verify that the routing table is correct.5. Ping remote host - If this works then it would appear that there are valid communications.6. Ping host names - If all of the above work, try each again using the host name instead of the IP address.Once this is completed, attempt to establish a session by using the following methods:1. See if a session can be established using the Net View or Net Use commands2. Try a Telnet or FTP session.If the above are unsuccessful, check the following: Double check that the target host is using Netbios. Make sure that the source and target host's scope IDs match. Make sure that you are using the correct Netbios name. If it is a remote host, check your WINS database or LMHOSTS file to make sure that the name to address mappings are configured properly.

IP Address TablesBy NCATListed below are the IP address tables forClass A,Class BandClass C. Each table presents:

The Maximum number of Subnets for a given mask

The Maximum number of hosts for a given mask

The first and second subnet information,as follows:

The Subnet number which is used for routing (this is the number displayed in routing tables)

The valid IP address ranges for the subnets

The IP subnet broadcast address

Please note, the information on the first and last subnets has not been displayed as some hosts are unable to use these subnets, see RFC 1519 or 1812 for more information

No liability is taken for the correctness of the information supplied on this page or any other page.

Class A IP Address Table

No: of Subnet bitsSubnet MaskSubnet Mask in HexNo: SubnetsNo: HostsMax No: of Hosts (Nets * Hosts)1st Subnet Addr. Used for Routing1st Subnet Addr Range1st Subnet B'cast2nd Subnet Addr. Used for Routing2nd Subnet Addr Range2nd Subnet B'cast

2255.192.0.0FF.C0.0.0241943028388604X.64.0.0X.64.0.1 to X.127.255.254X.127.255.255X.128.0.0X.128.0.1 to X.191.255.254X.191.255.255

3255.224.0.0FF.E0.0.06209715012582900X.32.0.0X.32.0.1 to X.63.255.254X.63.255.255X.64.0.0X.64.0.1 to X.95.0.254X.95.255.255

4255.240.0.0FF.F0.0.014104857414680036 X.16.0.0 X.16.0.1 to X.31.255.254X.31.255.255X.32.0.0X.32.0.1 to X.47.255.254 X.47.255.255

5255.248.0.0FF.F8.0.03052428615728580 X.8.0.0X.8.0.1 to X.15.255.254X.15.255.255X.16.0.0X.16.0.1 to X.23.255.254X.23.255.255

6255.252.0.0FF.FC.0.06226214216252804 X.4.0.0X.4.0.1 to X.7.255.254X.7.255.255X.8.0.0X.8.0.1 to X.11.255.254X.11.255.255

7255.254.0.0FF.FE.0.012613107016514820X.2.0.0X.2.0.1 to X.3.255.254X.3.255.255X.4.0.0X.4.0.1 to X.5.255.254X.5.255.255

8255.255.0.0FF.FF.0.02546553416645636 X.1.0.0X.1.0.1 to X.1.255.254X.1.255.255X.2.0.0X.2.0.1 to X.2.255.254X.2.255.255

9255.255.128.0FF.FF.80.05103276616710660X.0.128.0X.0.128.1 to X.0.255.254X.0.255.255X.1.0.0X.1.0.1 to X.1.127.254X.1.127.255

10255.255.192.0FF.FF.C0.010221638216742404 X.0.64.0X.0.64.1 to X.0.127.254X.0.127.255X.0.128.0X.0.128.1 to X.0.191.254X.0.191.255

11255.255.224.0FF.FF.E0.02046819016756740 X.0.32.0 X.0.32.1 to X.0.63.254X.0.63.255X.0.64.0X.0.64.1 to X.0.95.254X.0.95.255

12255.255.240.0FF.FF.F0.04094409416760836X.0.16.0X.0.16.1 to X.0.31.254X.0.31.255X.0.32.0X.0.32.1 to X.0.47.254X.0.47.255

13255.255.248.0FF.FF.F8.08190204616756740X.0.8.0X.0.8.1 to X.0.15.254X.0.15.255X.0.16.0X.0.16.1 to X.0.23.254X.0.23.255

14255.255.252.0FF.FF.FC.016382102216742404 X.0.4.0X.0.4.1 to X.0.7.254X.0.7.255X.0.8.0X.0.8.1 to X.0.11.254X.0.11.255

15255.255.254.0FF.FF.FE.03276651016710660X.0.2.0X.0.2.1 to X.0.3.254X.0.3.255X.0.4.0X.0.4.1 to X.0.5.254X.0.5.255

16255.255.255.0FF.FF.FF.06553425416645636X.0.1.0X.0.1.1 to X.0.1.254X.0.1.255X.0.2.0X.0.2.1 to X.0.2.254X.0.2.255

17255.255.255.128FF.FF.FF.8013107012616514820X.0.0.128X.0.0.129 to X.0.0.254X.0.0.255X.0.1.0X.0.1.1 to X.0.1.126 X.0.1.127

18255.255.255.192FF.FF.FF.C02621426216252804X.0.0.64X.0.0.65 to X.0.0.126 X.0.0.127X.0.0.128X.0.0.129 to X.0.0.190X.0.0.191

19255.255.255.224FF.FF.FF.E05242863015728580 X.0.0.32X.0.0.33 to X.0.0.62 X.0.0.63X.0.0.64X.0.0.65 to X.0.0.94X.0.0.95

20255.255.255.240FF.FF.FF.F010485741414680036 X.0.0.16X.0.0.17 to X.0.0.30X.0.0.31X.0.0.32X.0.0.33 to X.0.0.46X.0.0.47

21255.255.255.248FF.FF.FF.F82097150612582900 X.0.0.8X.0.0.9 to X.0.0.14X.0.0.15X.0.0.16X.0.0.17 to X.0.0.22X.0.0.23

22255.255.255.252FF.FF.FF.FC419430228388604 X.0.0.4X.0.0.5 to X.0.0.6X.0.0.7X.0.0.8X.0.0.9 to X.0.0.10X.0.0.11

Back toTop

Class B IP Address Table

tNo: of Subnet bitssSubnet MaskSubnet Mask in HexNo: SubnetsNo: HostsMax No: of Hosts (Nets * Hosts)1st Subnet Addr. Used for Routing1st Subnet Addr Range1st Subnet B'cast2nd Subnet Addr. Used for Routing2nd Subnet Addr Range2nd Subnet B'cast

2255.255.192.0FF.FF.C0.021638232764X.Y.64.0X.Y.64.1 to X.Y.127.254X.Y.127.255X.Y.128.0X.Y.128.1 to X.Y.191.254X.Y.191.255

3255.255.224.0FF.FF.E0.06819049140X.Y.32.0X.Y.32.1 to X.Y.63.254X.Y.63.255X.Y.64.0X.Y.64.1 to X.Y.95.254X.Y.95.255

4255.255.240.0FF.FF.F0.014409457316X.Y.16.0X.Y.16.1 to X.Y.31.254X.Y.31.255X.Y.32.0X.Y.32.1 to X.Y.47.254X.Y.47.255

5255.255.248.0FF.FF.F8.030204661380X.Y.8.0X.Y.8.1 to X.Y.15.254X.Y.15.255X.Y.16.0X.Y.16.1 to X.Y.23.254X.Y.23.255

6255.255.252.0FF.FF.FC.062102263364X.Y.4.0X.Y.4.1 to X.Y.7.254X.Y.7.255X.Y.8.0X.Y.8.1 to X.Y.11.254X.Y.11.255

7255.255.254.0FF.FF.FE.012651064260X.Y.2.0X.Y.2.1 to X.Y.3.254X.Y.3.255X.Y.4.0X.Y.4.1 to X.Y.5.254X.Y.5.255

8255.255.255.0FF.FF.FF.025425464516X.Y.1.0X.Y.1.1 to X.Y.254X.Y.1.255X.Y.2.0X.Y.2.1 to X.Y.2.254X.Y.2.255

9255.255.255.128FF.FF.FF.8051012664260X.Y.0.128X.Y.0.129 to X.Y.0.254X.Y.0.255X.Y.1.0X.Y.1.1 to X.Y.1.126X.Y.1.127

10255.255.255.192FF.FF.FF.C010226263364X.Y.0.64X.Y.0.65 to X.Y.0.126X.Y.0.127X.Y.0.128X.Y.0.129 to X.Y.0.190X.Y.0.191

11255.255.255.224FF.FF.FF.E020463061380X.Y.0.32X.Y.0.33 to X.Y.0.62X.Y.0.63X.Y.0.64X.Y.0.65 to X.Y.0.94X.Y.0.95

12255.255.255.240FF.FF.FF.F040941457316X.Y.0.16X.Y.0.17 to X.Y.0.30X.Y.0.31X.Y.0.32X.Y.0.33 to X.Y.0.46X.Y.0.47

13255.255.255.248FF.FF.FF.F88190649140X.Y.0.8X.Y.0.9 to X.Y.0.14X.Y.0.15X.Y.0.16X.Y.0.17 to X.Y.0.22X.Y.0.23

14255.255.255.252FF.FF.FF.FC16382232764X.Y.0.4X.Y.0.5 to X.Y.0.6X.Y.0.7X.Y.0.8X.Y.0.9 to X.Y.0.10X.Y.0.11

Back toTop

Class C IP Address Table

No: of Subnet bitsSubnet MaskSubnet Mask in HexNo: SubnetsNo: HostsMax No: of Hosts (Nets * Hosts)1st Subnet Addr. Used for Routing1st Subnet Addr Range1st Subnet B'cast2nd Subnet Addr. Used for Routing2nd Subnet Addr Range2nd Subnet B'cast

2255.255.255.192FF.FF.FF.C0262124X.Y.Z.64X.Y.Z.65 to X.Y.Z.126X.Y.Z.127X.Y.Z.128X.Y.Z.129 to X.Y.Z.190X.Y.Z.191

3255.255.255.224FF.FF.FF.E0630180X.Y.Z.32X.Y.Z.33 to X.Y.Z.62X.Y.Z.63X.Y.Z.64X.Y.Z.65 to X.Y.Z.94X.Y.Z.95

4255.255.255.240FF.FF.FF.F01414196X.Y.Z.16X.Y.Z.17 to X.Y.Z.30X.Y.Z.31X.Y.Z.32X.Y.Z.33 to X.Y.Z.46X.Y.Z.47

5255.255.255.248FF.FF.FF.F8306180X.Y.Z.8X.Y.Z.9 to X.Y.Z.14X.Y.Z.15X.Y.Z.16X.Y.Z.17 to X.Y.Z.22X.Y.Z.23

6255.255.255.252FF.FF.FF.FC622124X.Y.Z.4X.Y.Z.5 to X.Y.Z.6X.Y.Z.7X.Y.Z.8X.Y.Z.9 to X.Y.Z.10X.Y.Z.11

The 5-4-3-2-1 rule of computer network design

Hits:11076Rating:(4.13) votes3128Rate:1-star2-stars3-stars4-stars5-starsE-mail to a friendBookmark this Networking FAQAnswer:The 5-4-3-2-1 rule embodies a simple recipe for network design. It may not be easy to find examples in practice, but this rule neatly ties together several important elements of design theory.To understand this rule, it's first necessary to understand the concepts of collision domains and propagation delay. Collision domains are portions of a network. When a network packet is transmitted over Ethernet, for example, it is possible for another packet from a different source to be transmitted close enough in time to the first packet to cause a collision on the wire. The total range over which a packet can travel and potentially collide with another is its collision domain.Propagation delays are a property of the physical medium (e.g., Ethernet). Propagation delays help determine how much of a time difference between the sending of two packets on a collision domain is "close enough" to actually cause a collision. The greater the propagation delay, the increased likelihood of collisons.

The 5-4-3-2-1 rule limits the range of a collision domain by limiting the propagation delay to a "reasonable" amount of time. The rule breaks down as follows:

5 - the number of network segments4 - the number of repeaters needed to join the segments into one collision domain3 - the number of network segments that have active (transmitting) devices attached2 - the number of segments that do not have active devices attached1 - the number of collision domainsBecause the last two elements of the recipe follow naturally from the others, this rule is sometimes also known as the "5-4-3" rule for short.

What tools/sniffers can I use to monitor my network?

Hits:3511Rating:(3.80) votes1380Rate:1-star2-stars3-stars4-stars5-starsE-mail to a friendBookmark this Networking FAQAnswer:Depending on your operating system, the following is an incomplete list of available tools:tcpdump: Found out-of-the-box on most BSD variants, and also available separately from ftp://ftp.ee.lbl.gov/tcpdump.tar.Z along with libpcap (see below) and various other tools. This tool, in particular, has been ported to multiple platforms thanks to libpcap.ipgrab Compatible with many systems. ipgrab displays link level, transport level, and network level information on packets captured verbosely. http://www.xnet.com/~cathmike/MSB/Software/Ethereal (GUI) A network packet analyzer (uses GTK+). Supports many systems. Available at: http://ethereal.zing.org/tcptrace: http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.html Not an actual sniffer, but can read from the logs produced by many other well known sniffers to produce output in different formats and in adjustable details (includes diagnostics).tcpflow http://www.circlemud.org/~jelson/software/tcpflow/ tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging.snoop: Solaris, IRIX.etherfind: SunOS.Packetman: SunOS, DEC-MIPS, SGI, DEC-Alpha, and Solaris. Available at ftp://ftp.cs.curtin.edu.au:/pub/netman/nettl/ntfmt: HP/UX