TYPES OF NETWORKS
1) PEER TO PEER A peer to peer
network is one in which lacks a dedicated server and every computer acts as both
a client and a server. This is a good networking solution when there are 10 or
less users that are in close proximity to each other. A peer to peer network can
be a security nightmare, because the people setting permissions for shared
resources will be computer idiots and the right people will never have access to
the right resources. Thus is only recommended in situations where security is
not an issue.
2) CLIENT/SERVER This type of network is designed
to support a large Number of users and uses dedicated server/s to accomplish
this. Clients log on to the server/s in order to run applications or obtain
files. Security and permissions can be managed by 1 or more administrators which
cuts down on the aforementioned computer illiterates from medling with things
that they shouldn't be. This type of network also allows for convenient backup
services, reduces network traffic and provides a host of other services that
come with the network operating system(NOS).
3) CENTRALIZED
This is also a client/server based model that is most often seen in UNIX
environments, but the clients are "dumb terminals". This means that the client
may not have a floppy drive, hard disk or CDROM and all applications and
processing occur on the server/s. As you can imagine, this requires fast and
damn expensive server/s. Security is very high on this type of network, although
a similar level of security can be achieved using an NT server and setting
appropriate permissions.
NETWORK TOPOLOGIES
1) BUS This
topology is an old one and essentially has each of the computers on the network
daisy-chained to each other. This type of network is usually peer to peer and
uses Thinnet(10base2) cabling. It is configured by connecting a "T-connector" to
the network adapter and then connecting cables to the T-connectors on the
computers on the right and left. At both ends of the chain the network must be
terminated with a 50 ohm impedance terminator. ADVANTAGES: Cheap, simple to
set up. DISADVANTAGES: Excess network traffic, a failure may affect many
users, Problems are difficult to troubleshoot. 2) STAR The star is
probably the most commonly used topology today. It uses twisted pair(10baseT or
100baseT) cabling and requires that all devices are connected to a hub.
ADVANTAGES: centralized monitoring, failures do not affect others unless it is
the hub, easy to modify. DISADVANTAGES: If the hub fails then everything
connected to it is down. This is like if you were to burn down the phone
company's central office, then anyone connected to it wouldn't be able to make
any phone calls. 3) RING The ring topology looks the same as the
star, except that it uses special hubs and ethernet adapters. The Ring topology
is used with Token Ring networks(will be discussed later). ADVANTAGES: Equal
access. DISADVANTAGES: Difficult to troubleshoot, network changes affect many
users, failure affects many users. 4) MESH Mesh topologies are
combinations of the above and are common on very large networks. For example, a
star bus network has hubs connected in a row(like a bus network) and has
computers connected to each hub.
RAID
0 - Disk Striping 1 - Disk Mirroring 2 - Disk
Striping across disks; also maintains error connection codes across the disks
3 - Same as RAID 2 except that the error connection information is stored as
parity information on one disk 4 - Same as RAID 3 except larger block size
5 - Disk Striping with parity across multiple drives Disk duplexing - same as
RAID 1 but with a disk controller for each drive
BACKUP STRATEGIES
- Full - copies all files and marks them as being backed up.
- Incremental - copies only files created/changed since last full backup and
marks them as being backed up.
- Differential - copies only files created/changed since last full backup
and doesn’t mark them as being backed up.
- Daily - copies only files created/changed today and doesn’t mark them as
being backed up.
PROTOCOLS
IPX/SPX - IPX is the fastest
routable protocol and is not connection oriented
(handles broadcast issues). Responsible for the
sequencing of data during a communication session
between 2 computers. IPX addresses are up to 8
characters in hexadecimal format.
TCP/IP - TCP breaks data into manageable packets and tracks information such
as source and destination of packets. It is able to
reroute packets and is responsible for guaranteed
delivery of the data. NFS - Used to connect to a
UNIX machine or share resources that a UNIX machine
wants. Enables a user to use network disks as though
they were connected to the local machine. SMB -
Redirector for MS networks. NCP - Redirector for
Novell networks. SMTP - Defines the structure of
Internet mail messages. FTP - A method of
transferring files between 2 machines. It is
connection oriented (i.e. verifies that packets
reach destination). TFTP - Same as FTP but not
connection oriented. DECNet - Routable protocol
used by DEC for their WANs. DLC - Non-routable
protocol used to sometimes connect NT servers to
printers. NETBEUI - A non-routable protocol that
establishes connections between computers with the
use of NetBIOS.
THE OSI 7 LAYER MODEL
The OSI networking
model is divided into 7 layers. Each layer has a
different responsibility, and all the layers work
together to provide network data communication.
PHYSICAL - The Physical layer is the specification
for the actual hardware connection, the electronics,
logic circuitry, and wiring that transmit the actual
signal. It is only concerned with moving bits of
data on and off the network medium. Most network
problems occur at the Physical layer. DATA LINK
- The Data Link layer is the interface between the
upper "software" layers and the lower "hardware"
Physical layer. One of its main tasks is to create
and interpret different frame types based on the
network type in use. The Data Link layer is divided
into two sub-layers: the Media Access Control (MAC)
sub-layer and the Logical Link Control (LLC)
sub-layer.
- LLC sub-layer starts maintains connections between devices(e.g. server -
workstation).
- MAC sub-layer enables multiple devices to share the same medium. MAC
sub-layer maintains physical device (MAC) addresses for communicating locally
(the MAC address of the nearest router is used to send information onto a
WAN).
NETWORK - The Network layer addresses messages
and translates logical addresses and names into
physical addresses. It also manages data traffic and
congestion involved in packet switching and routing.
It enables the option of specifying a service
address (sockets, ports) to point the data to the
correct program on the destination computer.
TRANSPORT - The Transport layer provides flow
control, error handling, and is involved in
correction of transmission/reception problems. It
also breaks up large data files into smaller
packets, combines small packets into larger ones for
transmission, and reassembles incoming packets into
the original sequence. SESSION - The Session
layer handles security and name recognition to
enable two applications on different computers to
communicate over the network. Manages dialogs
between computers by using simplex(rare),
half-duplex or full-duplex. The phases involved in a
session dialog are as follows: establishment,
data-transfer and termination. PRESENTATION -
The Presentation layer determines data exchange
formats and translates specific files from the
Application layer format into a commonly recognized
data format. It provides protocol conversion, data
translation, encryption, character-set conversion,
and graphics-command expansion. APPLICATION -
The Application layer represents user applications,
such as software for file transfers, database
access, and e-mail. It handles general network
access, flow control, and error recovery. Provides a
consistent neutral interface for software to access
the network and advertises the computers resources
to the network.
Here is an idiotic, yet easy
way to remember the 7 layers. Memorize the following
sentence: All People Seem To Need Data Processing. The first letter of each word corresponds to
the first letter of the layers starting with
Application and ending with the physical layer.
Here are some examples of items that operate at each
layer: APPLICATION - AppleTalk, NFS
PRESENTATION - SMB, NCP SESSION - NCP, Telnet
TRANSPORT - TCP, UDP, NetBEUI, SPX NETWORK - IPX,
IP DATA LINK - Ethernet, Token Ring PHYSICAL -
Twisted Pair, Thinnet Coax, AUI, Network Interface
Card
CABLING
The table
below lists some of the various cable types.
Cable Type
|
Also Known As
|
Connector |
Maximum Length |
10Base5 |
RG-8 or RG-11, Thicknet coax |
AUI/DIX |
500 meters(1640 ft) |
10Base2 |
RG-58, thinnet coax |
BNC connector |
185 meters(607 ft) |
10BaseT |
Cat 3, 4, 5 twisted pair |
RJ-45 |
100 meters(328 ft) |
100BaseT |
Cat 5 twisted pair |
RJ-45 |
100 meters(328 ft) |
10baseFL |
Fiber Optic |
Fiber Optic connector |
2 Kilometers(6562 feet) |
This next table lists the transmission
speeds of the various cable types.
Cable Type
|
Transmission Speed
|
Thicknet |
10mbps |
Thinnet |
10 mbps |
cat 2 twisted pair |
4 mbps |
cat 3 twisted pair |
16 mbps |
cat 4 twisted pair |
20 mbps |
cat 5 twisted pair |
100 mbps |
Fiber Optic |
100 mbps - 1 gbps |
MISC CABLE INFO: --Shielded twisted
pair(STP) differs from UTP in that it has a foil
jacket that helps prevent crosstalk. Crosstalk is
overflow from an adjacent wire.
--The 5-4-3
rule: this rule states that on a 10base2 network can
have 5 cable segment connected with 4 repeaters, but
only 3 of these segments can be occupied by
computers. There is also a maximum of 30 computers
per segment.
--Thicknet cables are 0.5 inches
thick and have a 50 ohm impedance.
--Thinnet
cables are 0.25 inches thick and have a 50 ohm
impedance.
--Plenum grade cabling is required
if the cabling will be run between the ceiling and
the next floor(this is called the plenum). Plenum
grade is resistant to fire and does not emit
poisonous gasses when burned.
--Thicknet is
often used as a backbone. A transceiver with a
vampire tap penetrates the core of the cable. From
the transceiver a DB-15 connector plugs into the AUI
port on a given device.
--Fiber Optic cabling
has an built in security as you can't intercept data
as you can with other cable mediums.
--Baseband=
Digital, single frequency, bidirectional
communications. Broadband= Analog, multiple
frequencies, unidirectional communications, uses
amplifiers to boost signals.
NETWORK HARDWARE
Below are some of the common hardware devices found on a
network. NOTE: The higher the network device is in
the OSI layer the more intelligent the device is.
NETWORK INTERFACE CARD: A NIC translates data
from the parallel data bus to the serial bit stream.
HUBS: A hub is used to connect computers on an ethernet network.
There are several different types of hubs as
follows:
- Passive - Receives data in one port and sends it out the other ports.
- Active - Same as passive but contains a built-in repeater to boost the
signal.
- Hybrid - Contains ports for different cables(e.g. coax and UTP)
SWITCHING HUB(Multiport Bridge): Determines the MAC addresses of
devices connected to each port. As the data comes into the switch it only goes
out to the port attached to the intended device not all ports(as with ordinary
hubs)
MULTISTATION ACCESS UNIT(MAU): A device similar to a hub
that connects workstations on a Token Ring network.
REPEATERS Boost signal in order to allow a signal to travel
farther and prevent attenuation. Attentuation is the degradation of a signal as
it travels farther from its origination. Repeaters do not filter packets and
will forward broadcasts. Both segments must use the same access method, meaning
that you can't connect a token ring segment to an Ethernet segment. Repeaters
will connect different cable types.
BRIDGES Functions the same
as a repeater, but can also divide a network in order to reduce traffic
problems. A bridge can also connect unlike network segments(ie. token ring and
ethernet). Bridges create routing tables based on the source address. If the
bridge can't find the source address it will forward the packets to all
segments. Bridging methods:
- Transparent - Only one bridge is used.
- Source-Route - Bridging address tables are stored on each PC on the network
- Spanning Tree - Prevents looping where there exists more than one path
between segments
ROUTERS A router will do everthing that a
bridge will do and more. Joins smaller groups of computers on different logical
networks or subnets and enables traffic that is destined for the networks on the
other side of the router to pass through. Routers can connect networks that use
disimilar protocols. Routers are used in complex networks because they do not
pass broadcast traffic. A router will determine the most efficient path for a
packet to take and send packets around failed segments. Unroutable protocols
can't be fowarded. Below are the 2 different routing types:
- Static - Routing tables must be updated manually
- Dynamic - Routing tables are updated automatically by communicating to other
routers using RIP or OSPF.
4) BROUTERS A brouter has the best
features of both routers and bridges in that it can be configured to pass the
unroutable protocols by imitating a bridge, while not passing broadcast storms
by acting as a router for other protocols.
5) GATEWAYS Often
used as a connection to a mainframe or the internet. Gateways enable
communications between different protocols, data types and environments. This is
achieved via protocol conversion, whereby the gateway strips the protocol stack
off of the packet and adds the appropriate stack for the other side.
FRAME TYPES
802.1 |
Internetworking |
802.2 |
Logical link control - LLC adds header
information that identifies the upper layer protocols sending the frame. |
802.3 |
Ethernet - Media Access Control (MAC) sub-layer
uses Carrier Sense Multiple Access with Collision Detection(CSMA/CD) |
802.4 |
Token bus LAN |
802.5 |
Token Ring BUS |
802.6 |
Metropolitan Area network (MAN) |
802.7 |
Broadband |
802.8 |
Fiber optic |
802.9 |
Integrated voice/Data |
802.10 |
Network Security |
802.11 |
Wireless Networks |
802.12 |
Demand Priority. Like 100VG-Any LAN |
TCP/IP PROTOCOL SUITE
TCP - A transport layer protocol that provides reliable,
connection-based delivery. Uses ACKS to acknowledge successful receipt of data.
UDP - A connectionless, datagram service that provides an unreliable,
best-effort delivery. ICMP - Internet Control Message Protocol enables
systems on a TCP/IP network to share status and error information such as with
the use of PING and TRACERT utilities. ARP - provides IP-address to MAC
address resolution for IP packets. Each computer stores an ARP cache of other
computers ARP-IP combinations. SMTP - Used to reliably send and receive mail
over the Internet. POP3 - Post Office Protocol. A POP3 mail server holds
mail until the workstation is ready to receive it. SNMP - Provides a simple
method for remotely managing any network device. Any computer running SNMP
software is known as a Management System. FTP - File transfer protocol is
used for transferring files between remote systems. Must resolve host name to IP
address to establish communication. IP - This is a connectionless protocol,
which means that a session is not created before sending data. IP is responsible
for addressing and routing of packets between computers. It does not guarantee
delivery and does not give acknowledgement of packets that are lost or sent out
of order as this is the responsibility of higher layer protocols such as TCP.
DHCP - Dynamic Host Control Protocol. Assigns IP addresses for clients that
are configured to use DHCP and ensures that each IP address is unique.
TCP/IP ADDRESSING
Every IP address can be broken down
into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts on the
same network must have the same netid. Each of these hosts must have a hostid
that is unique in relation to the netid. IP addresses are divided into 4 octets
with each having a maximum value of 255. We view IP addresses in decimal
notation such as 124.35.62.181, but it is actually utilized as binary data so
one must be able to convert addresses back and forth.
The following table
explains how to convert binary into decimal and visa versa:
DECIMAL |
BINARY |
|
When converting binary data to decimal, a "0" is
equal to 0. "1" is equal to the number that corresponds to the field it is
in. For example, the number 213 would be 11010101 in binary notation. This
is calculated as follows: 128+64+0+16+0+4+0+1=213. Remember that this only
represents 1 octet of 8 bits, while a full IP address is 32 bits made up of
4 octets. This being true, the IP address 213.128.68.130 would look like
11010101 10000000 01000100 10000010.
|
128 |
10000000 |
64 |
01000000 |
32 |
00100000 |
16 |
00010000 |
8 |
00001000 |
4 |
00000100 |
2 |
00000010 |
1 |
00000001 |
IP addresses are divided into 3 classes as shown below:
CLASS |
RANGE |
A |
1-126 |
IP addresses can be class A, B or C. Class A
addresses are for networks with a large number of hosts. The first octet is
the netid and the 3 remaining octets are the hostid. Class B addresses are
used in medium to large networks with the first 2 octets making up the netid
and the remaining 2 are the hostid. A class C is for smaller networks with
the first 3 octets making up the netid and the last octet comprising the
hostid. |
B |
128-191 |
C |
192-223 |
A subnet mask blocks out a portion of an IP address and is used to
differentiate between the hostid and netid. The default subnet masks are as
follows:
CLASS |
DEFAULT SUBNET |
# OF SUBNETS |
# OF HOSTS PER SUBNET |
Class A |
255.0.0.0 |
126 |
16,777,214 |
Class B |
255.255.0.0 |
16,384 |
65,534 |
Class C |
255.255.255.0 |
2,097,152 |
254 |
In these cases, the part of the IP address blocked out by 255 is the netid.
In the table above, the it shows the default subnet masks. What subnet mask do
you use when you want more that 1 subnet? Lets say, for example, that you want 8
subnets and will be using a class C address. The first thing you want to do is
convert the number of subnets into binary, so our example would be 00001000.
Moving from left to right, drop all zeros until you get to the first "1". For us
that would leave 1000. It takes 4 bits to make 8 in binary so we add a "1" to
the first 4 high order bits of the 4th octet of the subnet mask(since it is
class C) as follows: 11111111.11111111.11111111.11110000 = 255.255.255.240.
There is our subnet mask.
Lets try another one...Lets say that you own a chain of stores that sell
spatulas in New York and you have stores in 20 different neighborhoods and you
want to have a separate subnet on your network for each neighborhood. It will be
a class B network. First, we convert 20 to binary - 00010100. We drop all zeros
before the first "1" and that leaves 10100. It takes 5 bits to make 20 in binary
so we add a "1" to the first 5 high order bits which gives:
11111111.11111111.11111000.00000000 = 255.255.248.0. The following table shows a
comparison between the different subnet masks.
MASK |
# OF SUBNETS |
CLASS A HOSTS |
CLASS B HOSTS |
CLASS C HOSTS |
192 |
2 |
4,194,302 |
16,382 |
62 |
224 |
6 |
2,097,150 |
8,190 |
30 |
240 |
14 |
1,048,574 |
4,094 |
14 |
248 |
30 |
524,286 |
2,046 |
6 |
252 |
62 |
262,142 |
1,022 |
2 |
254 |
126 |
131,070 |
510 |
Invalid |
255 |
254 |
65,534 |
254 |
Invalid |
NOTE: 127.x.x.x is reserved for loopback testing on the local
system and is not used on live systems.
TCP/IP PORTS
Ports are what an application uses when communicating between a client
and server computer. Some common ports are:
- 20 FTP-DATA
- 21 FTP
- 23 TELNET
- 25 SMTP
- 69 TFTP
- 70 GOPHER
- 80 HTTP
- 110 POP3
- 137 NetBIOS name service
- 138 NetBIOS datagram service
- 139 NetBIOS
- 161 SNMP
DHCP
DHCP stands for Dynamic Host
Configuration Protocol and provides a solution that automatically assigns IP
addresses to computers on a network. When a client is configured to receive an
IP address automatically, It will send out a broadcast to the DHCP server
requesting an address. The NT server will then issue a "lease" and assign it to
that client. The time period that a lease will last can be specified on the
server. Some of the benefits of DHCP include the following:
- Prevents computer illiterates from making up their own IP addresses.
- Prevents incorrect gateway or subnet masks from being entered by your
helplessdesk.
- Decreases amount of time spent configuring computers especially in
environments where computers get moved around all the time(I think that is
everywhere, isn't it?).
- Handy in situations where you have a large sales staff that only have to
work 1 day a week. On that one day they bring their laptops and they can just
plug them into the network and they are all set.
DHCP IN ACTION: It all happens in 4 steps. 1) The client sends a
broadcast that says "Hey, I need an IP address over here". Since it is not
configured for TCP/IP yet it uses a source address of 0.0.0.0 and a destination
address of 255.255.255.255. The broadcast contains the computer's name and the
MAC address so the DHCP server knows where to reply. This is called the IP lease
request. 2) The DHCP server/s send an offer. This broadcast contains the IP
address, client's hardware address, subnet mask, duration of lease and the IP
address of the responding DHCP server. This process is called a IP lease offer.
3) The client takes a look at the first offer that it receives and sends a
message to all DHCP servers to let them know that it has chosen an offer. This
is known as the IP lease selection. 4) The DHCP server then sends an ack to
the client, all other DHCP servers withdraw their offers and cry in the corner
and the clients got some ill communication. If an unsuccessful ack is received
then the client sends out another lease request. Easy eh? For all of you
registry nuts, the client stores its IP info in HKEY_LOCAL_MACHINE\SYSTEM\CurrentConrolSet\Services\adapter\Parameters\Tcpip.
LEASE RENEWAL: DHCP clients will attempt to renew their leases when %50
of the lease has expired. The client will send a DHCPREQUEST message to the
server that assigned the lease. Assuming the DHCP server isn't on fire or
anything it will send out a DHCPACK with the new lease. If the server is
unavailable, then the client can continue functioning as it has %50 remaining
still. The client will continue as normal until the lease reaches %87.5 used at
which time it broadcast to all DHCP servers and attempt to get a new lease. If
the client receives a DHCPNACK message or the lease expires then the client must
start all over again and will get a different IP address. If the lease expires
and the client is unable to get a new one then the user will be whining to their
IS dept. about it because they will not be able to communicate over the network.
SETTING UP A DHCP SERVER: We have discussed how DHCP works for the
clients, so now we should look at what happens on the rest of the network. First
question to ask yourself is how many subnets will the DHCP server serve. If it
is more than 1 then you have to make sure that all routers are configured as
DHCP relay agents or else only the local subnet will get leases. Next the
"scope" needs to be defined. If there multiple DHCP servers then each one will
need to have a unique scope of IP addresses since DHCP servers do not share
information about leases with each other. According to Microsoft, each DHCP
server should be configured with %75 of the scope reserved for the local subnet
and the remaining %25 for remote subnets. This provides redundancy in case a
client can't obtain a lease from the local server, then it can get one from a
remote server. Also, keep in mind that a DHCP server cannot also be a DHCP
client, meaning that the DHCP server must have static entries for its IP
settings. Below are the basic steps to set up a DHCP server:
1) The DHCP
server service must be installed. 2) A scope must be defined. Note that each
DHCP server must have unique scopes defined or else duplicate IP addresses may
be assigned. There are 3 scope options:
- Global - This option is used when all DHCP clients will use the same IP
setting, such as the same subnet mask.
- Scope - These options are only available to clients that are using an
address specified by the scope.
- Client - Used for clients that use reserved addresses.
3) The server may be configured to always assign a particular address to a
client. 4) "Map out" any static IP addresses on the network in the "exclusion
range" fields. The DHCP server database is backed up every hour(default) and
can be restored when needed. It can also be compacted in order to keep it
running efficiently. NT 4.0 does this automatically, whereas it must be done
manually with earlier versions of NT.
NETBIOS NAME RESOLUTION
There are several
different methods of resovling names to IP addresses. Before getting into the
different methods, it is important to understand the role of NetBIOS. When
talking about Netbios, we typically refer to the concept of Netbios name which
is the name assigned to your computer. Netbios allows applications to talk to
each other using protocols such as TCP/IP that support Netbios. Netbios is also
a session/transport layer protocol that is typically seen in other forms such as
Netbeui and NetBT. These are the main functions that Netbios serves:
- Starting and stopping sessions.
- Name registration
- Session layer data transfer(reliable)
- Datagram data transfer(unreliable)
- Protocol driver and network adapter management functions.
NETBIOS NAMING: A Netbios name is either a unique name or a group
name, the difference being that a unique name is is used for communication with
a specific process on a computer, whereas a group name is for communication with
multiple clients. Netbios name resolution resolves a computer's Netbios name to
an IP address. Microsoft offers several different ways to resolve Netbios names
and each will be disscussed below.
- LOCAL BROADCAST - If the destination host is local, then first the Netbios
name cache is checked and a broadcast is not sent. If it is not found here,
then a name query broadcast is sent out that includes the destination Netbios
name. Each computer that receives the broadcast checks to see if it belongs to
the name requested. The computer that owns the name then uses ARP to determine
the MAC address of the source host. Once obtained a name query response is
sent. NOTE: Some routers do not support the fowarding of these broadcasts as
they use UDP ports 137 and 138.
- NETBIOS NAME SERVER - When using a Netbios name server, the cache is
checked first and if the name is not found the destination host's name is sent
to the name server. After the name server resolves the name to an IP address,
it is returned to the source host. When the source host receives the
information it uses ARP to resolve the IP address of the destination host to
it's MAC address.
- LMHOSTS FILE - More on this later...
- HOSTS FILE - More on this later...
- DNS - More on this later...
LMHOSTS: An lmhosts file is a text file that is used to manually
configure Netbios names. In NT, it is located in the \system32\Drivers\Etc
directory. The file is configured with the keywords listed below:
- #PRE - Denotes entries to be preloaded to the cache, which cuts down on
broadcast traffic.
- #DOM:domain name - provides logon validation, browsing and account
syncronization.
- #BEGIN_ALTERNATE and #END ALTERNATE - Provides alternate locations for
other lmhosts files using a UNC path.
- #INCLUDE - Uses Netbios entries located in a different lmhosts file such
as one that is centrally shared.
- #MH - For multi-homed computers, this adds extra entries.
Each entry in the lmhosts file must be unique, have a valid IP address for
the Netbios name and be spelled correctly.
WINS: Microsoft's
definition of WINS is "An enhanced NetBIOS Name Server(NBNS) designed by
Microsoft to eliminate broadcast traffic associated with the B-node
implementation of NetBIOS over TCP/IP. It is used to register NetBIOS names and
resolve them to IP addesses for both local and remote hosts." If a WINS server
is configured, then name resolution requests are sent directly to it and in turn
the WINS server will send the IP address to the requesting client. If the WINS
server can't resolve the name for some reason, then it will use a broadcast to
try to resolve the name. A secondary WINS server can be configured to prevent
such situations. WINS is dynamically updated which gets rid of the need to screw
around with lmhosts files. If a client is configured to use WINS then it will
register it's name and IP address with the WINS server. When the computer is
turned off, it releases its lease on that name which may be used by a different
computer. Microsoft recommends 1 primary and secondary WINS server per 10,000
clients. Name registrations on the WINS server do not last forever and have a
"time to live" or TTL. After 1/8th of the TTL the client will attempt to refresh
its name with the server. If it is unable to do this it will try again every 2
minutes until 1/2 the TTL is expired at which point it will start barking at the
secondary WINS server if one is present. It will attempt to register with the
secondary WINS server 4 times(every 1/8th of the TTL until half is expired).
After a successful refresh it will attempt another at 1/2 TTL from there on out.
When a computer is shutdown normally(i.e. doesn't crash), it will make a request
to the WINS server that its name be released. If the server detects an error it
will tell the client "no". If everything checks out ok, the server will send a
positive response and releases the name making it available to other clients.
HOST NAME RESOLUTION
Host names can be mapped to IP addresses to make referencing hosts
easier as you don't have to remember an IP address. A host name can be any
string 256 characters or less and does not have to match the NetBIOS name. There
are several different ways that host names can be resolved to IP addresses.
Below are the standard methods:
- HOSTS FILES - A text file that can be edited to manually map the host name
to an IP address.
- DNS SERVER - A database of name/address mapping stored on a computer as is
done with WINS.
- LOCAL HOST NAME - Unless configured otherwise, the default name is the
host name of the computer.
Microsoft adds several more options which follow:
- LOCAL BROADCAST - A broadcast on the local network that attempts to
discover the IP address for the destination computer's NetBIOS name.
- LMHOSTS FILES - Like a hosts file, this can be configured for name
resolution.
- NetBIOS NAME SERVER - Pretty self-explanatory. Microsoft uses WINS for
this.
HOSTS FILE: The hosts file is a little different than the lmhosts
file in that it will resolve both local and remote names. If the host name can't
be resolved and no other alternative name resolution processes are in place, the
user will receive an error. Once the host name is parsed from the host file, ARP
takes over and attempts to resolve the IP address to a MAC address. Like the
lmhosts method, this is static name resolution.
DNS: The
internet used to use a hosts file to resolve IP addresses to host names or
domain names. The internet grew to the point where the administration and the
traffic needed to maintain this file became unbearable and DNS was born. A DNS
client(aka resolver) sends requests to the DNS nameserver which responds with
the requested info, another server to pester or a failure message. This process
is very similar to calling information. You call them with a name, they check
their database and give you the phone number. There are 3 types of queries that
a host will send to its DNS servers and they are inverse, iterative and
recursive. When the nameserver resolves a request it is cached and given a TTL.
There are a variety of roles a nameserver can satisfy within the zone that they
are responsible for:
- PRIMARY NAMESERVER - Gathers DNS information from local files and is a
focal point for adding hosts and domains.
- SECONDARY NAMESERVER - Gathers the data for its' zone(s) from another DNS
server. Secondary nameservers provide redundancy, traffic on primary server
and quicker access for locations that are remote in regards to the primary
server.
- CACHING ONLY SERVERS - These do not have a zone that they are responsible
for. Their databases only contain info that is received from resolutions that
it has made since the the server was last started.
Nameservers are distributed into tiers called domains which will be covered
in a moment as soon as I figure out why my shirt is chaffing me.
DOMAINS: Microsoft discusses domains in terms of a hierarchical "domain
name space" which they refer to as being like a tree structure. This probably
makes a lot of sense to those of you migrating from the clunky, yet powerful
Netware side of things. There are several different domain levels as listed
below:
- ROOT LEVEL DOMAINS - The top of the tree.
- TOP LEVEL DOMAINS - These are divided into different categories. Com, net,
mil, edu, org and gov are the most common.
- SECOND LEVEL DOMAINS - These domains make up the rest of networks as all
sub-domains are categorized under this heading. So if you visit Intel's site,
you are visiting the sub-domain intel.com. Within intel.com many other
sub-domains may also exist.
- HOSTS - Hosts are the final level in the hierarchy as they are the
individual computers that occupy or comprise a domain.
THE FILES: Normally, a DNS server will use 4 different files to
resolve names. These are the database file, reverse lookup file, cache file and
boot file. Each of these will be discussed in detail below.
- THE DATABASE FILE - This file will actually be called yourzone.dns
and it is responsible for storing DNS records. This is a file that replication
servers push/pull from the primary server in order to update their databases.
This file contains several different entries. The first thing that will be
seen in this file is the "Start of Authority"(SOA)which defines a zone's
parameters. Next, there should be an entry called "Name Server Record" which
lists other namerservers on the network. Next, the "Host Record" is a static
mapping of host names to IP addresses and should list all of the hosts in a
given zone. Finally, there is a "Canonical Name"(CNAME) entry that allows one
to assign multiple host names to an IP address, or in other words, create
aliases.
- REVERSE LOOKUP FILE - This file allows for reverse DNS lookups. Somebody
correct me if I am wrong on this point, but I believe that is does this by
mapping a host name to a backwards IP address. For example, 192.62.70.50 would
become 50.70.62.192. This is accomplished by using "Pointer" records.
- CACHE FILE - The cache.dns file is required as it contains the records of
the root domain servers. The default file that is included with NT 4 contains
all of the root internet servers.
- BOOT FILE - The boot file controls the start-up characteristics of a DNS
server on the Berkley Internet Name Daemon(BIND).
TCP/IP UTILITIES
ARP: Provides a mapping from the logical 32-bit TCP/IP address to
the physical 48-bit MAC address (i.e. translates a IP address into MAC address).
Options: -a Gives the MAC addresses of recently browsed machines.
RARP: Translates a MAC address into a IP address.
TELNET: Provides a virtual terminal or remote login across the
network that is connection-based and handles its own session negotiation. The
remote server must be running a Telnet service for clients to connect. Defaults
settings are Port 23 VT100 terminal emulation.
NBTSTAT: Is used
to troubleshoot connectivity problems between 2 computers communicating via
NetBT, by displaying protocol statistics and current connections. NBTSTAT
examines the contents of the NetBIOS name cache and gives MAC address.
Options: -A 10.0.0.3 statistics for remote machine (Adaptor) given its
IP address. -c lists the remote name
cache. -n lists local NetBIOS names. -r lists names
resolved by broadcast and by WINS. -R Reloads the remote cache
name table. -S lists Sessions table with destination IP addresses.
-s lists sessions table converting IIP addresses to host names via HOSTS
file.
TRACERT: By sending out ICMP packets, it determines the
path taken by a data packet to reach it’s destination and can help determine at
what point a network connection is now longer active. Can help troubleshoot
network response time issues. Options: -d do not resolve addresses
to host names. -h max hops. -w change timeout value. -j route
via the specified router.
NETSTAT: Displays in-depth detail about
TCP/IP protocol status and statistics. Options: -a displays all
connections. -e displays ethernet connections. -n displays
addresses in numerical form rather than doing name-lookups. -s
displays statistics for the given protocol only (default is all
protocols). -p displays connections for the given
protocol. -r displays routing table.
WINIPCFG:
Displays current TCP/IP configurations on the local workstation(see also
IPCONFIG on Windows NT).
IPCONFIG: Below are the ipconfig
switches that can be used at a command prompt. - ipconfig /all will
display all of your IP settings. - ipconfig /renew forces the DHCP
server, if available to renew a lease. - ipconfig /release forces the
release of a lease.
FTP: Used for transferring data across a
network from a server to a client. FTP uses TCP port 20 as the data transfer
channel(known as DTP - Data Transfer Process) and uses TCP port 21 for
commands(known as the PI - Protocol Interpreter).
PING: Uses ICMP
to verify a connection to a remote host by sending echo requests and "listening"
for reply packets. Options: -t keeps pinging until interrupted. -a do
not resolve addresses to host names. -n number of echo counts
(default 4). -l length of echo packets (default 64). -f do not let
gateways fragment the packets (good for stress-testing). -i sets TTL
(Time To Live). -v sets TOS (Type of Service). -j packets must go thru
listed hosts (i.e. routers). -k packets must not go thru listed hosts. -w
timeout interval.
TCP/IP TROUBLESHOOTING STEPS
- Check TCP/IP configuration (WINIPCFG) - check IP address, subnet mask,
default gateway.
- Ping loopback address (PING 127.0.0.1 or PING loopback) - problem with
TCP/IP protocol
- Ping local address (PING 203.5.171.20) - problem with NIC
- Display then clear local ARP cache (ARP -a, ARP -d 203.5.171.20)
- Ping the default gateway if host is on a remote subnet (PING 203.5.171.1)
- Trace a route to the remote host (TRACERT 203.5.171.20) - connection or
bandwidth problems
- Check IP security on the server, including port settings (TELNET
203.5.171.20,80)
- Can connect via IP but not by name - check host/NetBIOS names, DNS, WINS,
HOSTS & LMHOSTS
REMOTE CONNECTIVITY
SLIP(Serial Line
Internet Protocol): Used for making a TCP/IP connection over a serial
interface to a remote network. Does not provide error checking and is rarely
used anymore.
PPP(Point to Point Protocol): A Data Link Layer
protocol used to encapsulate higher protocols to pass over synchronous or
asynchronous communication lines. PPP is capable of operating across any DTE/DCE
device, most commonly modems, as long as they support duplex circuits. There are
3 components to PPP.
- HDLC(High-level Data Link Control) - Encapsulates the data during
transmission.
- LCP(Link Control Protocol) - Establishes, tests and configures the data
link connection.
- NCPs(Network Control Protocols) - Used to configure the different
communication protocols, allowing them on the same line simultaneously.
Microsoft uses 3 NCPs for the 3 protocols at the Network Layer (IP, IPX and
NetBEUI)
PPP communication occurs in the following manner: PPP sends LCP frames to
test and configure the data link. Next, authentication protocols are negotiated
to determine what sort of validation is used for security. Below are 2 common
authentication protocols:
- PAP is similar to a network login but passwords are sent as clear text. It
is normally only used on FTP sites.
- CHAP uses encryption and is a more secure way of sending passwords.
Then
NCP frames are used to setup the network layer protocols to be used. Finally,
HDLC is used to encapsulate the data stream as it passes through the PPP
connection.
PPTP(Point to Point Tunneling Protocol): PPTP
provides for the secure transfer of data from a remote client to a private
server by creating a multi-protocol Virtual Private Network(VPN) by
encapsulating PPP packets into IP datagrams. There are 3 steps to setup a secure
communication channel:
- PPP connection and communication to the remote network are established.
- PPTP creates a control connection between the client and remote PPTP
server
- PPTP creates the IP datagrams for PPP to send.
The packets are encrypted by PPP and sent through the tunnel to the PPTP
server which decrypts the packets, disassembles the IP datagrams and routes them
to the host. Setting Up PPTP requires a PPTP Client, PPTP Server and a Network
Access Server(NAS).
ISDN(Integrated Services Digital Network): ISDN is comprised of
digital telephony and data-transport services offered by regional telephone
carriers. ISDN involves the digitalization of the telephone network, which
permits voice, data, text, graphics, music, video, and other source materials to
be transmitted over existing telephone wires. There are 2 types of ISDN
channels:
- B (bearer) - Transfers data at 64Kps
- D (data) - Handles signalling at either 16Kps or 64Kps(sometimes limited to
56Kps) which enables the B channel to strictly pass data
An ISDN usually
contains 2 B channels and one D channel and uses one of the following standard
interfaces:
- BRI (Basic Rate Interface) - Contains 2x64 B channels and 1x16 D channel and
uses existing wiring. BRI subscribers must be within about 5.5 kms of the
telephone exchange and must have a ISDN Terminal Adapter and ISDN router.
- PRI (Primary Rate Interface) - Contains 23x64 B channels and 1x64 D channel.
ISDN Identifiers:
- SPID (Service Profile ID) - unique throughout the whole switch - provided by
the provider when the service is first set up
- DN (Directory Nbr) - 10-digit phone nbr - can be used for multiple channels
or devices.
- TEI (Terminal Endpoint ID) - identifies the particular ISDN device to the
switch.
- SAPI (Service Address Point ID) - identifies the interface on the switch
that the devices are connected to.
- BC (Bearer Code) - an identifier made up of the TEI and SAPI and is setup
for each call.
Advantages of ISDN Over Analog:
- Speed: no analog-digital converting & faster connect time, D channel takes
care of overhead, 2Gbps v 56Kbps max speed
- Can use multiple digital channels simultaneously
- Can use bind channels together to get a higher bandwidth
- Supports multiple devices per line
NETWORK DIAGNOSTIC TOOLS
NETWORK MONITOR:
Tracks usage of network resources(good for establishing a network baseline).
PERFORMANCE MONITOR: Tracks usage of various resources over time(good for
establishing a general baseline).
TONE GENERATOR: Used to test cabling. Identifies which cable or
wire is being tested by generating different tones.
TDR (Time Domain
Reflectometer): Sends a signal down a cable and measures the distance that
the signal travelled before bouncing back(like sonar). Used to find opens and
shorts in cables.
OSCILLOSCOPE: Tests cable by determining where
there are shorts, crimps or attenuation.
PROTOCOL ANALYZERS: -
Monitor network traffic and display packet and protocol statistics and
information.
|