- Subnetting
Decimal |
Subnets |
# Class A Hosts |
# Class B Hosts |
# Class C Hosts |
.192 |
2 |
4,194,302 |
16,382 |
62 |
.224 |
6 |
2,097,150 |
8,190 |
30 |
.240 |
14 |
1,048,574 |
4,094 |
14 |
.248 |
30 |
524,286 |
2,046 |
6 |
.252 |
62 |
262,142 |
1,022 |
2 |
.254 |
126 |
131,070 |
510 |
NA |
.255 |
254 |
65,534 |
254 |
NA |
Binary values
128 |
10000000 |
64 |
01000000 |
32 |
00100000 |
16 |
00010000 |
8 |
00001000 |
4 |
00000100 |
2 |
00000010 |
1 |
00000001 |
Classes
A |
1-126 |
B |
128-191 |
C |
192-223 |
- IP routing
- Windows NT Server
has the ability to be configured as a router. This is known as a multihomed
computer. A multihomed computer must have at least two network interfaces
connected to separate subnets.
Each network
interface is capable of having up to five IP addresses.
Multihomed computers
can be configured as either static or dynamic routers.
- ROUTE.EXE
is used for configuring static gateways. The router must have
the next routers destination IP address and hardware address loaded
in their ARP cache for a successful hop.
- Dynamic routers
use the RIP protocol.
- ARP - Address
Resolution Protocol
- ARP resolves
IP addresses to hardware addresses. Each network adapter has a unique
hardware address (commonly referred to as a MAC address) which it
uses for identification on the network.
When there is
a need to locate a computer/peripheral on the TCP/IP network, ARP
first checks its local cache to see if it contains the hardware
address for the computer/peripheral it is trying to connect to.
If it the address is not in the ARP cache, ARP broadcasts a message
to the known IP address for its hardware address. The computer it
is trying to locate will receive the broadcast and send a reply
with its IP and hardware addresses. Once the hardware address has
been attained, ARP stores the resolved IP and hardware addresses
in cache, then proceeds with communication.
The ARP cache
can be viewed and edited using the ARP.EXE utility.
- Name Resolution
- Name resolution
is the method of resolving a computer name to its IP address. The
computer can have two names: a NetBIOS name and a Host name.
- NetBIOS name
- Microsoft's naming system implemented with LAN Manager, Windows
and Windows NT.
- Host name -
an older naming system primarily used with UNIX systems.
Typical orders
for resolution methods:
NetBIOS - local netbios name Cache, WINS, Broadcast,
LMHosts, Hosts, DNS.
Host - Local host name, Hosts, DNS, local netbios
name Cache, WINS, Broadcast, LMHosts.
NetBIOS |
|
|
Host |
C |
Cram |
|
H |
Harry |
W |
Well |
|
D |
Didnt |
B |
Before |
|
C |
Cram |
L |
Leaving |
|
W |
Well |
H |
(and) He'll |
|
B |
Before |
D |
Do (well) |
|
L |
Leaving (to take the exam) |
- Local NetBIOS
name cache
- The NetBIOS
name cache contains every NetBIOS name that was recently associated
with an IP address. This local cache helps reduce network traffic
by eliminating the need for broadcasting or WINS queries, it can simpling
start communicating with the host.
The local NetBIOS
cache can be viewed with the NBTSTAT.EXE command.
- NetBIOS name
resolution nodes
- NetBIOS name
resolution nodes define the order of the methods it uses for name
resolution.
Note: regardless
of which node the computer is using, the computer will always check
the local NetBIOS name cache first, and the LMHOSTS file last.
H-node |
Hybrid node. The computer will first query the WINS Server
for the mapping, then if not successful, will use (up to)
3 b-node broadcasts. By inserting the IP address of the
WINS Server in the computer's network properties, it defaults
to H-node. |
M-node |
Mixed node. The computer will first use (up to) 3 b-node
broadcasts, then if not successful, will query the WINS
Server. |
P-node |
Point-to-point (aka Peer-to-peer). The computer will only
query the WINS Server. |
B-node |
Broadcast. The computer will send out a broadcast to all
computers on its local network to have the computer with
the requested name send back a confirmation with its IP
address. B-node is the default node method for non-WINS
clients. |
To alter which
node your computer uses, you will need to make the proper changes
in the DHCP Server. You will be prompted to give a value for the
node you wish to use.
H-node = 08
M-node = 04
P-node = 02
B-node = 01
- WINS - Windows
Internet Naming Services
- WINS is a dynamic
database located on a Windows NT Server, which stores NetBIOS names
to IP address mappings.
Microsoft recommends
1 primary and 1 secondary backup server per 10,000 clients.
WINS operates
with a push/pull replication method. WINS databases can be configured
as one or the other, or both.
- Push - The
server will send its database changes once the number of changes
have met a predetermined value in the push settings. This could
cause traffic at the wrong time of day, and is not recommended over
WAN links.
- Pull - The
server will pull database changes from another server at a predetermined
time of day, or at regular timely intervals, as determined in
pull settings. Is recommended for WAN links, as it can be setup
to pull changes after hours or at times of day which traffic is
not as heavy.
A WINS client
attempts to renew its mapping with the primary WINS Server at
1/8th of its TTL (Time to Live) and then every two minutes after
that, until it reaches 1/2 TTL. At 1/2 TTL it then attempts renewal
once with the nominated secondary server (if one is present) and
again at 1/8th TTL, then for every 2 minutes until TTL expires.
Microsoft
recommends to compact the database if it is over 30mb in size.
To compact the database, use the JETPACK.EXE utility.
Corrupt
Databases
There are three ways to recover from a corrupt database:
1) Stop and restart
the WINS Services. If NT detects the database as being corrupt,
it will automatically restore the backup copy when the WINS service
restarts.
2) In the WINS Manager, select the Restore Local Database option.
3) Manually copy over the database from your backup directory.
- WINS Proxy
- A WINS Proxy is an NT computer, which is not already a WINS Server,
that listens for b-node broadcasts from non-WINS computers. Once
a b-node broadcast is detected, it intercepts the broadcast, and
checks its local NetBIOS cache for the requested computer name.
If the computer name is not found in the proxy's cache, it forwards
the request to a WINS Server. The WINS Server then returns the mapping
for the name, and the WINS Proxy forwards its findings to the requesting
non-WINS computer.
Non-WINS computers
can have their NetBIOS name mappings stored in the WINS Servers
database by being manually added. If your network was using LMHOSTS
files before adding the WINS Server, you can import it into the
database in the Add Static Mappings option.
- LMHosts.
- The LMHosts.
file, originally used with MS-LAN Manager, contains a list of NetBIOS
name to IP address mappings. It is a regular text file named LMHOSTS.
and is located in the %Systemroot%\system32\drivers\etc directory.
To view a sample
LMHosts. file, look in the Windows directory of your DOS/Windows95
computer (or the %Systemroot%\system32\drivers\etc directory on
your NT machine), and open it with a text editor.
The tags associated
with the LMHosts. file are as follows:
#PRE |
will cause the entry to be preloaded into the NetBIOS
name cache. |
#DOM:domainname |
specifies the domain master browser in another domain.
Must be preceded by the #PRE tag. |
#INCLUDE:\\servername\share\lmhosts. |
specifies the LMHosts. file on another computer, and will
parse it as if it was local. |
#BEGIN_ALTERNATE |
precedes multiple #INCLUDE statements. |
#END_ALTERNATE |
succedes multiple #INCLUDE statements. |
The LMHosts
file is not case-sensitive.
Note: All items
after the # sign on the same line are noted as comments.
- DNS - Domain
Name Services
- Domain Name
Services is a heirarchical server database which contains host name
to IP address static mappings.
DNS can be used
to resolve NetBIOS names, but only when the box is checked to enable
DNS for NetBIOS name resolution in TCP/IP properties in the Network
configuration window.
A CNAME is a
method of DNS aliasing. It is normally used to alias a server as
www or ftp.
Windows NT is
able to list up to three DNS Servers in its network properties.
If a DNS Server
is queried, but is unable to resolve the host name, it will return
a negative acknowledgement to the querying computer. The querying
computer will then attempt another method of name resolution, rather
than trying the other DNS Servers.
If a DNS Server
is queried, but is unable to be located, the querying computer will
then attempt to contact the next DNS Server in the list.
A DNS Server
can be setup to be a zone transfer server. Zone transfer will allow
the DNS Server to query other DNS Servers if it is unable to resolve
the request.
-
Secondary
DNS server - A Secondary DNS server uses Zone Transfers to collect
the DNS database from it's Primary DNS Server.
-
Caching DNS
Server - A Caching DNS Server does not maintain any static DNS
records. All of it's records are created by resolving DNS queries
to a Primary or Secondary DNS server. Caching DNS servers thus
add redundancy to the DNS namespace.
- Hosts.
- The Hosts. file,
originally used with UNIX systems, contains a list of host name to
IP address mappings. It is a regular text file named HOSTS. and is
located in the %Systemroot%\system32\drivers\etc directory.
The Hosts. file
is not case sensitive when working with NT networks. However, UNIX
computer names are case-sensitive. When connecting from NT to UNIX,
the hosts file must have proper case-sensitivity.
A hostname containing
a numerals must be specified in the Hosts. file within single quotation
marks (i.e. '1997').
The Hosts. file
is only parsed for NetBIOS name resolution when the box is checked
to enable DNS for NetBIOS name resolution.
- DHCP - Dynamic
Host Configuration Protocol
- DHCP is a server-based
adminstration utility used to automatically assign IP addresses to
clients.
DHCP clients
communicate with DHCP Servers via BOOTP broadcast messages which
can only cross routers if the router is a RFC1542-compliant router,
and has BOOTP forwarding enabled.
DHCP clients
automatically attempt to renew their IP address lease after 50%
of the lease has expired. It will broadcast to the DHCP Server for
a renewal. If the DHCP Server is not available to renew the IP address,
the client will wait until 87.5% (7/8) of the lease has expired,
and send a broadcast to all DHCP Servers for a renewal.
Scope options
are available for using custom settings. A scope is a range of IP
addresses for a subnet. There are three options for scope settings:
- Global -
Changes made here affect all scopes available in the DHCP Server.
- Scope - Changes
made here affect only the highlighted scope.
- Client -
Changes made here affect only the specified client.
Client Reservations
need to be made for DHCP clients that require having a static IP
address reserved, so that no DHCP clients attempt to take that address,
such as Domain controllers, member servers, web servers, etc.
In the scope
options, options are available to let DHCP automatically update
the client with addressing for WINS Servers, default gateways, etc.
- SNMP - Simple
Network Management Protocol
- SNMP is a management
tool used to monitor and control remote network devices. It can be
used to poll specific information from the agent.
SNMP must be
installed on a Windows NT computer to enable Performance Monitor
to monitor TCP/IP activity to and from your computer.
An SNMP community
is a functional group of SNMP agents and managers. Agents receive
requests and report information to the SNMP managers for the communities
the agent belongs to.
An SNMP trap
is an alert that, under predefined conditions or thresholds, the
SNMP agent sends to the SNMP manager.
Security
- Send Authentication
Trap - sends a message to the trap destinations if it receives
a request with an incorrect community name.
- Only Accept
SNMP packets from these hosts - allows agent to accept only packets
from defined hosts. Defined hosts are known by either their IP
or IPX addresses or by their host name.
- FTP - File
Transfer Protocol
- FTP is used
to transfer files from a computer to a server, or vice versa. FTP
is a fast, error-free method of communication.
Passwords are
always sent to the FTP server unencrypted.
To prevent disclosure
of passwords, check the box Allow Anonymous connections only in
the FTP Service properties box within the network properties window.
Allow Anonymous Connections must first be enabled, by checking its
box, before being able to Allow Anonymous connections only. Default
anonymous user names are anonymous and ftp.
FTP and NTFS
can both be used to prevent unauthorized FTP access to places in
the server.
- Troubleshooting
-
The address
127.0.0.1 is used as a loopback test. Ping this address to test
TCP/IP functionality.
A default gateway
must be on the same subnet as the host computer.
Incorrect subnet
masks will cause connectivity problems.
Incorrect default
gateways will keep you from communicating outside of the subnet.
- Commands &
Utilities
-
Know what
all of these commands and utilities are used for.
- NBTSTAT - Displays
protocol statistics and current TCP/IP connections using NetBIOS.
Is also used to display NetBIOS name cache.
- NETSTAT - Displays
protocol statistics and current TCP/IP network connections. Netstat
shows statistics since the server was booted.
- ARP - Used
to display and edit the ARP cache. Is used to resolve IP addresses
to hardware addresses.
- TRACERT - Is
used to determine what route a packet takes to get from the source
to the destination.
- ROUTE - Used
to display and edit static routing tables.
- IPCONFIG -
Quickly displays Windows IP configuration settings.
- IPCONFIG /ALL
- Thoroughly displays Windows IP configuration settings.
- LPQ - Displays
status of a remote LPD print queue.
- LPR - Sends
a print job to a remote print queue.
- Performance
Monitor - Monitors network and computer statistics. Is able to log
the data and export it for spreadsheet usage.
- Network Monitor
- Monitors network activity and is able to capture look at packets
of data sent over the network.
- Registry hacks
-
TCP/IP
- TCPWindowSize
- Should be increased when having trouble with communications across
WAN links. This will decrease the number of acknowledgements, the
number of packets sent, and retransmission of out-of-order packets.
- DefaultTTL
- Defines default time to live. Should be increased if numerous
links in the network path are slow and or packets are constantly
being discarded due to packet expiration.
- TCPMaxConnectRetransmissions
- Defines number of times TCP will retransmit a connect request
before aborting the attempt. Increasing the value in small increments
may allow a client to connect over a slow WAN link.
Multihomed
IP Router
- ForwardBufferMemory
- Defines amount of memory used by the router to store IP packets
in the route queue. Increase the value if packets are constantly
being discarded by the router.
- NumForwardPackets
- Defines the number of packets which the router stores in its IP
packets in the route queue. Must be at least the same size
that the ForwardBufferMemory has defined for the buffer's capacity.
- TCPNumConnections
- Limits the maximum number of connections TCP may have open simultaneously.
|