Home | Courses | Networking

Networking Menu

Lesson 1>

 

Computer Menu

ASP
HTML
XML
JAVA
SQL
XHTML
HARDWARE
NETWORKING

 

More Courses...

 TrainingTools

Free web based courses. Learn all the softwares used for designing.

 

 W3Schools

Full Web Building Tutorials. From basic HTML and XHTML to advanced XML, XSL, Multimedia and WAP.

 

 Java Courses

A big collection of JAVA script courses offered by Sun Microsystems.

 


 


 



 


 

Networking

°  COMPUTER NETWORKING TUTORIAL
    
TUTORIAL------------------------------------------------------------------------------

TYPES OF NETWORKS

1) PEER TO PEER
A peer to peer network is one in which lacks a dedicated server and every computer acts as both a client and a server. This is a good networking solution when there are 10 or less users that are in close proximity to each other. A peer to peer network can be a security nightmare, because the people setting permissions for shared resources will be computer idiots and the right people will never have access to the right resources. Thus is only recommended in situations where security is not an issue.

2) CLIENT/SERVER
This type of network is designed to support a large Number of users and uses dedicated server/s to accomplish this. Clients log on to the server/s in order to run applications or obtain files. Security and permissions can be managed by 1 or more administrators which cuts down on the aforementioned computer illiterates from medling with things that they shouldn't be. This type of network also allows for convenient backup services, reduces network traffic and provides a host of other services that come with the network operating system(NOS).

3) CENTRALIZED
This is also a client/server based model that is most often seen in UNIX environments, but the clients are "dumb terminals". This means that the client may not have a floppy drive, hard disk or CDROM and all applications and processing occur on the server/s. As you can imagine, this requires fast and damn expensive server/s. Security is very high on this type of network, although a similar level of security can be achieved using an NT server and setting appropriate permissions.

NETWORK TOPOLOGIES

1) BUS
This topology is an old one and essentially has each of the computers on the network daisy-chained to each other. This type of network is usually peer to peer and uses Thinnet(10base2) cabling. It is configured by connecting a "T-connector" to the network adapter and then connecting cables to the T-connectors on the computers on the right and left. At both ends of the chain the network must be terminated with a 50 ohm impedance terminator.
ADVANTAGES: Cheap, simple to set up.
DISADVANTAGES: Excess network traffic, a failure may affect many users, Problems are difficult to troubleshoot.
2) STAR
The star is probably the most commonly used topology today. It uses twisted pair(10baseT or 100baseT) cabling and requires that all devices are connected to a hub.
ADVANTAGES: centralized monitoring, failures do not affect others unless it is the hub, easy to modify.
DISADVANTAGES: If the hub fails then everything connected to it is down. This is like if you were to burn down the phone company's central office, then anyone connected to it wouldn't be able to make any phone calls.
3) RING
The ring topology looks the same as the star, except that it uses special hubs and ethernet adapters. The Ring topology is used with Token Ring networks(will be discussed later).
ADVANTAGES: Equal access.
DISADVANTAGES: Difficult to troubleshoot, network changes affect many users, failure affects many users.
4) MESH
Mesh topologies are combinations of the above and are common on very large networks. For example, a star bus network has hubs connected in a row(like a bus network) and has computers connected to each hub.

RAID

0 - Disk Striping
1 - Disk Mirroring
2 - Disk Striping across disks; also maintains error connection codes across the disks
3 - Same as RAID 2 except that the error connection information is stored as parity information on one disk
4 - Same as RAID 3 except larger block size
5 - Disk Striping with parity across multiple drives
Disk duplexing - same as RAID 1 but with a disk controller for each drive

BACKUP STRATEGIES

  • Full - copies all files and marks them as being backed up.
  • Incremental - copies only files created/changed since last full backup and marks them as being backed up.
  • Differential - copies only files created/changed since last full backup and doesn’t mark them as being backed up.
  • Daily - copies only files created/changed today and doesn’t mark them as being backed up.

PROTOCOLS

IPX/SPX - IPX is the fastest routable protocol and is not connection oriented (handles broadcast issues). Responsible for the sequencing of data during a communication session between 2 computers. IPX addresses are up to 8 characters in hexadecimal format.
TCP/IP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data.
NFS - Used to connect to a UNIX machine or share resources that a UNIX machine wants. Enables a user to use network disks as though they were connected to the local machine.
SMB - Redirector for MS networks.
NCP - Redirector for Novell networks.
SMTP - Defines the structure of Internet mail messages.
FTP - A method of transferring files between 2 machines. It is connection oriented (i.e. verifies that packets reach destination).
TFTP - Same as FTP but not connection oriented.
DECNet - Routable protocol used by DEC for their WANs.
DLC - Non-routable protocol used to sometimes connect NT servers to printers.
NETBEUI - A non-routable protocol that establishes connections between computers with the use of NetBIOS.

THE OSI 7 LAYER MODEL

The OSI networking model is divided into 7 layers. Each layer has a different responsibility, and all the layers work together to provide network data communication.

PHYSICAL - The Physical layer is the specification for the actual hardware connection, the electronics, logic circuitry, and wiring that transmit the actual signal. It is only concerned with moving bits of data on and off the network medium. Most network problems occur at the Physical layer.
DATA LINK - The Data Link layer is the interface between the upper "software" layers and the lower "hardware" Physical layer. One of its main tasks is to create and interpret different frame types based on the network type in use. The Data Link layer is divided into two sub-layers: the Media Access Control (MAC) sub-layer and the Logical Link Control (LLC) sub-layer.

  • LLC sub-layer starts maintains connections between devices(e.g. server - workstation).
  • MAC sub-layer enables multiple devices to share the same medium. MAC sub-layer maintains physical device (MAC) addresses for communicating locally (the MAC address of the nearest router is used to send information onto a WAN).

NETWORK - The Network layer addresses messages and translates logical addresses and names into physical addresses. It also manages data traffic and congestion involved in packet switching and routing. It enables the option of specifying a service address (sockets, ports) to point the data to the correct program on the destination computer.
TRANSPORT - The Transport layer provides flow control, error handling, and is involved in correction of transmission/reception problems. It also breaks up large data files into smaller packets, combines small packets into larger ones for transmission, and reassembles incoming packets into the original sequence.
SESSION - The Session layer handles security and name recognition to enable two applications on different computers to communicate over the network. Manages dialogs between computers by using simplex(rare), half-duplex or full-duplex. The phases involved in a session dialog are as follows: establishment, data-transfer and termination.
PRESENTATION - The Presentation layer determines data exchange formats and translates specific files from the Application layer format into a commonly recognized data format. It provides protocol conversion, data translation, encryption, character-set conversion, and graphics-command expansion.
APPLICATION - The Application layer represents user applications, such as software for file transfers, database access, and e-mail. It handles general network access, flow control, and error recovery. Provides a consistent neutral interface for software to access the network and advertises the computers resources to the network.

Here is an idiotic, yet easy way to remember the 7 layers. Memorize the following sentence: All People Seem To Need Data Processing. The first letter of each word corresponds to the first letter of the layers starting with Application and ending with the physical layer.

Here are some examples of items that operate at each layer:
APPLICATION - AppleTalk, NFS
PRESENTATION - SMB, NCP
SESSION - NCP, Telnet
TRANSPORT - TCP, UDP, NetBEUI, SPX
NETWORK - IPX, IP
DATA LINK - Ethernet, Token Ring
PHYSICAL - Twisted Pair, Thinnet Coax, AUI, Network Interface Card

CABLING

The table below lists some of the various cable types.

Cable Type

Also Known As

Connector Maximum Length
10Base5 RG-8 or RG-11, Thicknet coax AUI/DIX 500 meters(1640 ft)
10Base2 RG-58, thinnet coax BNC connector 185 meters(607 ft)
10BaseT Cat 3, 4, 5 twisted pair RJ-45 100 meters(328 ft)
100BaseT Cat 5 twisted pair RJ-45 100 meters(328 ft)
10baseFL Fiber Optic Fiber Optic connector 2 Kilometers(6562 feet)



This next table lists the transmission speeds of the various cable types.

Cable Type

Transmission Speed

Thicknet 10mbps
Thinnet 10 mbps
cat 2 twisted pair 4 mbps
cat 3 twisted pair 16 mbps
cat 4 twisted pair 20 mbps
cat 5 twisted pair 100 mbps
Fiber Optic 100 mbps - 1 gbps


MISC CABLE INFO:
--Shielded twisted pair(STP) differs from UTP in that it has a foil jacket that helps prevent crosstalk. Crosstalk is overflow from an adjacent wire.

--The 5-4-3 rule: this rule states that on a 10base2 network can have 5 cable segment connected with 4 repeaters, but only 3 of these segments can be occupied by computers. There is also a maximum of 30 computers per segment.

--Thicknet cables are 0.5 inches thick and have a 50 ohm impedance.

--Thinnet cables are 0.25 inches thick and have a 50 ohm impedance.

--Plenum grade cabling is required if the cabling will be run between the ceiling and the next floor(this is called the plenum). Plenum grade is resistant to fire and does not emit poisonous gasses when burned.

--Thicknet is often used as a backbone. A transceiver with a vampire tap penetrates the core of the cable. From the transceiver a DB-15 connector plugs into the AUI port on a given device.

--Fiber Optic cabling has an built in security as you can't intercept data as you can with other cable mediums.

--Baseband= Digital, single frequency, bidirectional communications. Broadband= Analog, multiple frequencies, unidirectional communications, uses amplifiers to boost signals.

NETWORK HARDWARE

Below are some of the common hardware devices found on a network. NOTE: The higher the network device is in the OSI layer the more intelligent the device is.

NETWORK INTERFACE CARD: A NIC translates data from the parallel data bus to the serial bit stream.

HUBS: A hub is used to connect computers on an ethernet network. There are several different types of hubs as follows:

  • Passive - Receives data in one port and sends it out the other ports.
  • Active - Same as passive but contains a built-in repeater to boost the signal.
  • Hybrid - Contains ports for different cables(e.g. coax and UTP)

    SWITCHING HUB(Multiport Bridge): Determines the MAC addresses of devices connected to each port. As the data comes into the switch it only goes out to the port attached to the intended device not all ports(as with ordinary hubs)

    MULTISTATION ACCESS UNIT(MAU): A device similar to a hub that connects workstations on a Token Ring network.

    REPEATERS
    Boost signal in order to allow a signal to travel farther and prevent attenuation. Attentuation is the degradation of a signal as it travels farther from its origination. Repeaters do not filter packets and will forward broadcasts. Both segments must use the same access method, meaning that you can't connect a token ring segment to an Ethernet segment. Repeaters will connect different cable types.

    BRIDGES
    Functions the same as a repeater, but can also divide a network in order to reduce traffic problems. A bridge can also connect unlike network segments(ie. token ring and ethernet). Bridges create routing tables based on the source address. If the bridge can't find the source address it will forward the packets to all segments.
    Bridging methods:
  • Transparent - Only one bridge is used.
  • Source-Route - Bridging address tables are stored on each PC on the network
  • Spanning Tree - Prevents looping where there exists more than one path between segments

    ROUTERS
    A router will do everthing that a bridge will do and more. Joins smaller groups of computers on different logical networks or subnets and enables traffic that is destined for the networks on the other side of the router to pass through. Routers can connect networks that use disimilar protocols. Routers are used in complex networks because they do not pass broadcast traffic. A router will determine the most efficient path for a packet to take and send packets around failed segments. Unroutable protocols can't be fowarded.
    Below are the 2 different routing types:
  • Static - Routing tables must be updated manually
  • Dynamic - Routing tables are updated automatically by communicating to other routers using RIP or OSPF.

    4) BROUTERS
    A brouter has the best features of both routers and bridges in that it can be configured to pass the unroutable protocols by imitating a bridge, while not passing broadcast storms by acting as a router for other protocols.

    5) GATEWAYS
    Often used as a connection to a mainframe or the internet. Gateways enable communications between different protocols, data types and environments. This is achieved via protocol conversion, whereby the gateway strips the protocol stack off of the packet and adds the appropriate stack for the other side.

    FRAME TYPES

    802.1 Internetworking
    802.2 Logical link control - LLC adds header information that identifies the upper layer protocols sending the frame.
    802.3 Ethernet - Media Access Control (MAC) sub-layer uses Carrier Sense Multiple Access with Collision Detection(CSMA/CD)
    802.4 Token bus LAN
    802.5 Token Ring BUS
    802.6 Metropolitan Area network (MAN)
    802.7 Broadband
    802.8 Fiber optic
    802.9 Integrated voice/Data
    802.10 Network Security
    802.11 Wireless Networks
    802.12 Demand Priority. Like 100VG-Any LAN



    TCP/IP PROTOCOL SUITE

    TCP - A transport layer protocol that provides reliable, connection-based delivery. Uses ACKS to acknowledge successful receipt of data.
    UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery.
    ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities.
    ARP - provides IP-address to MAC address resolution for IP packets. Each computer stores an ARP cache of other computers ARP-IP combinations.
    SMTP - Used to reliably send and receive mail over the Internet.
    POP3 - Post Office Protocol. A POP3 mail server holds mail until the workstation is ready to receive it.
    SNMP - Provides a simple method for remotely managing any network device. Any computer running SNMP software is known as a Management System.
    FTP - File transfer protocol is used for transferring files between remote systems. Must resolve host name to IP address to establish communication.
    IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP.
    DHCP - Dynamic Host Control Protocol. Assigns IP addresses for clients that are configured to use DHCP and ensures that each IP address is unique.

    TCP/IP ADDRESSING

    Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts on the same network must have the same netid. Each of these hosts must have a hostid that is unique in relation to the netid. IP addresses are divided into 4 octets with each having a maximum value of 255. We view IP addresses in decimal notation such as 124.35.62.181, but it is actually utilized as binary data so one must be able to convert addresses back and forth.

    The following table explains how to convert binary into decimal and visa versa:

    DECIMAL BINARY When converting binary data to decimal, a "0" is equal to 0. "1" is equal to the number that corresponds to the field it is in. For example, the number 213 would be 11010101 in binary notation. This is calculated as follows: 128+64+0+16+0+4+0+1=213. Remember that this only represents 1 octet of 8 bits, while a full IP address is 32 bits made up of 4 octets. This being true, the IP address 213.128.68.130 would look like 11010101 10000000 01000100 10000010.
    128 10000000
    64 01000000
    32 00100000
    16 00010000
    8 00001000
    4 00000100
    2 00000010
    1 00000001



    IP addresses are divided into 3 classes as shown below:

    CLASS RANGE
    A 1-126 IP addresses can be class A, B or C. Class A addresses are for networks with a large number of hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium to large networks with the first 2 octets making up the netid and the remaining 2 are the hostid. A class C is for smaller networks with the first 3 octets making up the netid and the last octet comprising the hostid.
    B 128-191
    C 192-223


    A subnet mask blocks out a portion of an IP address and is used to differentiate between the hostid and netid. The default subnet masks are as follows:

    CLASS DEFAULT SUBNET # OF SUBNETS # OF HOSTS PER SUBNET
    Class A 255.0.0.0 126 16,777,214
    Class B 255.255.0.0 16,384 65,534
    Class C 255.255.255.0 2,097,152 254

    In these cases, the part of the IP address blocked out by 255 is the netid.

    In the table above, the it shows the default subnet masks. What subnet mask do you use when you want more that 1 subnet? Lets say, for example, that you want 8 subnets and will be using a class C address. The first thing you want to do is convert the number of subnets into binary, so our example would be 00001000. Moving from left to right, drop all zeros until you get to the first "1". For us that would leave 1000. It takes 4 bits to make 8 in binary so we add a "1" to the first 4 high order bits of the 4th octet of the subnet mask(since it is class C) as follows: 11111111.11111111.11111111.11110000 = 255.255.255.240. There is our subnet mask.
    Lets try another one...Lets say that you own a chain of stores that sell spatulas in New York and you have stores in 20 different neighborhoods and you want to have a separate subnet on your network for each neighborhood. It will be a class B network. First, we convert 20 to binary - 00010100. We drop all zeros before the first "1" and that leaves 10100. It takes 5 bits to make 20 in binary so we add a "1" to the first 5 high order bits which gives: 11111111.11111111.11111000.00000000 = 255.255.248.0. The following table shows a comparison between the different subnet masks.

    MASK # OF SUBNETS CLASS A HOSTS CLASS B HOSTS CLASS C HOSTS
    192 2 4,194,302 16,382 62
    224 6 2,097,150 8,190 30
    240 14 1,048,574 4,094 14
    248 30 524,286 2,046 6
    252 62 262,142 1,022 2
    254 126 131,070 510 Invalid
    255 254 65,534 254 Invalid


    NOTE: 127.x.x.x is reserved for loopback testing on the local system and is not used on live systems.

    TCP/IP PORTS

    Ports are what an application uses when communicating between a client and server computer. Some common ports are:

    • 20 FTP-DATA
    • 21 FTP
    • 23 TELNET
    • 25 SMTP
    • 69 TFTP
    • 70 GOPHER
    • 80 HTTP
    • 110 POP3
    • 137 NetBIOS name service
    • 138 NetBIOS datagram service
    • 139 NetBIOS
    • 161 SNMP

    DHCP

    DHCP stands for Dynamic Host Configuration Protocol and provides a solution that automatically assigns IP addresses to computers on a network. When a client is configured to receive an IP address automatically, It will send out a broadcast to the DHCP server requesting an address. The NT server will then issue a "lease" and assign it to that client. The time period that a lease will last can be specified on the server. Some of the benefits of DHCP include the following:

    • Prevents computer illiterates from making up their own IP addresses.
    • Prevents incorrect gateway or subnet masks from being entered by your helplessdesk.
    • Decreases amount of time spent configuring computers especially in environments where computers get moved around all the time(I think that is everywhere, isn't it?).
    • Handy in situations where you have a large sales staff that only have to work 1 day a week. On that one day they bring their laptops and they can just plug them into the network and they are all set.

    DHCP IN ACTION:
    It all happens in 4 steps.
    1) The client sends a broadcast that says "Hey, I need an IP address over here". Since it is not configured for TCP/IP yet it uses a source address of 0.0.0.0 and a destination address of 255.255.255.255. The broadcast contains the computer's name and the MAC address so the DHCP server knows where to reply. This is called the IP lease request.
    2) The DHCP server/s send an offer. This broadcast contains the IP address, client's hardware address, subnet mask, duration of lease and the IP address of the responding DHCP server. This process is called a IP lease offer.
    3) The client takes a look at the first offer that it receives and sends a message to all DHCP servers to let them know that it has chosen an offer. This is known as the IP lease selection.
    4) The DHCP server then sends an ack to the client, all other DHCP servers withdraw their offers and cry in the corner and the clients got some ill communication. If an unsuccessful ack is received then the client sends out another lease request. Easy eh? For all of you registry nuts, the client stores its IP info in HKEY_LOCAL_MACHINE\SYSTEM\CurrentConrolSet\Services\adapter\Parameters\Tcpip.

    LEASE RENEWAL:
    DHCP clients will attempt to renew their leases when %50 of the lease has expired. The client will send a DHCPREQUEST message to the server that assigned the lease. Assuming the DHCP server isn't on fire or anything it will send out a DHCPACK with the new lease. If the server is unavailable, then the client can continue functioning as it has %50 remaining still. The client will continue as normal until the lease reaches %87.5 used at which time it broadcast to all DHCP servers and attempt to get a new lease. If the client receives a DHCPNACK message or the lease expires then the client must start all over again and will get a different IP address. If the lease expires and the client is unable to get a new one then the user will be whining to their IS dept. about it because they will not be able to communicate over the network.

    SETTING UP A DHCP SERVER:
    We have discussed how DHCP works for the clients, so now we should look at what happens on the rest of the network. First question to ask yourself is how many subnets will the DHCP server serve. If it is more than 1 then you have to make sure that all routers are configured as DHCP relay agents or else only the local subnet will get leases. Next the "scope" needs to be defined. If there multiple DHCP servers then each one will need to have a unique scope of IP addresses since DHCP servers do not share information about leases with each other. According to Microsoft, each DHCP server should be configured with %75 of the scope reserved for the local subnet and the remaining %25 for remote subnets. This provides redundancy in case a client can't obtain a lease from the local server, then it can get one from a remote server. Also, keep in mind that a DHCP server cannot also be a DHCP client, meaning that the DHCP server must have static entries for its IP settings. Below are the basic steps to set up a DHCP server:

    1) The DHCP server service must be installed.
    2) A scope must be defined. Note that each DHCP server must have unique scopes defined or else duplicate IP addresses may be assigned. There are 3 scope options:

    • Global - This option is used when all DHCP clients will use the same IP setting, such as the same subnet mask.
    • Scope - These options are only available to clients that are using an address specified by the scope.
    • Client - Used for clients that use reserved addresses.

    3) The server may be configured to always assign a particular address to a client.
    4) "Map out" any static IP addresses on the network in the "exclusion range" fields.
    The DHCP server database is backed up every hour(default) and can be restored when needed. It can also be compacted in order to keep it running efficiently. NT 4.0 does this automatically, whereas it must be done manually with earlier versions of NT.

    NETBIOS NAME RESOLUTION

    There are several different methods of resovling names to IP addresses. Before getting into the different methods, it is important to understand the role of NetBIOS. When talking about Netbios, we typically refer to the concept of Netbios name which is the name assigned to your computer. Netbios allows applications to talk to each other using protocols such as TCP/IP that support Netbios. Netbios is also a session/transport layer protocol that is typically seen in other forms such as Netbeui and NetBT. These are the main functions that Netbios serves:

    • Starting and stopping sessions.
    • Name registration
    • Session layer data transfer(reliable)
    • Datagram data transfer(unreliable)
    • Protocol driver and network adapter management functions.

    NETBIOS NAMING:
    A Netbios name is either a unique name or a group name, the difference being that a unique name is is used for communication with a specific process on a computer, whereas a group name is for communication with multiple clients. Netbios name resolution resolves a computer's Netbios name to an IP address. Microsoft offers several different ways to resolve Netbios names and each will be disscussed below.

    • LOCAL BROADCAST - If the destination host is local, then first the Netbios name cache is checked and a broadcast is not sent. If it is not found here, then a name query broadcast is sent out that includes the destination Netbios name. Each computer that receives the broadcast checks to see if it belongs to the name requested. The computer that owns the name then uses ARP to determine the MAC address of the source host. Once obtained a name query response is sent. NOTE: Some routers do not support the fowarding of these broadcasts as they use UDP ports 137 and 138.
    • NETBIOS NAME SERVER - When using a Netbios name server, the cache is checked first and if the name is not found the destination host's name is sent to the name server. After the name server resolves the name to an IP address, it is returned to the source host. When the source host receives the information it uses ARP to resolve the IP address of the destination host to it's MAC address.
    • LMHOSTS FILE - More on this later...
    • HOSTS FILE - More on this later...
    • DNS - More on this later...

    LMHOSTS:
    An lmhosts file is a text file that is used to manually configure Netbios names. In NT, it is located in the \system32\Drivers\Etc directory. The file is configured with the keywords listed below:

    • #PRE - Denotes entries to be preloaded to the cache, which cuts down on broadcast traffic.
    • #DOM:domain name - provides logon validation, browsing and account syncronization.
    • #BEGIN_ALTERNATE and #END ALTERNATE - Provides alternate locations for other lmhosts files using a UNC path.
    • #INCLUDE - Uses Netbios entries located in a different lmhosts file such as one that is centrally shared.
    • #MH - For multi-homed computers, this adds extra entries.

    Each entry in the lmhosts file must be unique, have a valid IP address for the Netbios name and be spelled correctly.

    WINS:
    Microsoft's definition of WINS is "An enhanced NetBIOS Name Server(NBNS) designed by Microsoft to eliminate broadcast traffic associated with the B-node implementation of NetBIOS over TCP/IP. It is used to register NetBIOS names and resolve them to IP addesses for both local and remote hosts." If a WINS server is configured, then name resolution requests are sent directly to it and in turn the WINS server will send the IP address to the requesting client. If the WINS server can't resolve the name for some reason, then it will use a broadcast to try to resolve the name. A secondary WINS server can be configured to prevent such situations. WINS is dynamically updated which gets rid of the need to screw around with lmhosts files. If a client is configured to use WINS then it will register it's name and IP address with the WINS server. When the computer is turned off, it releases its lease on that name which may be used by a different computer. Microsoft recommends 1 primary and secondary WINS server per 10,000 clients. Name registrations on the WINS server do not last forever and have a "time to live" or TTL. After 1/8th of the TTL the client will attempt to refresh its name with the server. If it is unable to do this it will try again every 2 minutes until 1/2 the TTL is expired at which point it will start barking at the secondary WINS server if one is present. It will attempt to register with the secondary WINS server 4 times(every 1/8th of the TTL until half is expired). After a successful refresh it will attempt another at 1/2 TTL from there on out. When a computer is shutdown normally(i.e. doesn't crash), it will make a request to the WINS server that its name be released. If the server detects an error it will tell the client "no". If everything checks out ok, the server will send a positive response and releases the name making it available to other clients.

    HOST NAME RESOLUTION

    Host names can be mapped to IP addresses to make referencing hosts easier as you don't have to remember an IP address. A host name can be any string 256 characters or less and does not have to match the NetBIOS name. There are several different ways that host names can be resolved to IP addresses. Below are the standard methods:

    • HOSTS FILES - A text file that can be edited to manually map the host name to an IP address.
    • DNS SERVER - A database of name/address mapping stored on a computer as is done with WINS.
    • LOCAL HOST NAME - Unless configured otherwise, the default name is the host name of the computer.

    Microsoft adds several more options which follow:

    • LOCAL BROADCAST - A broadcast on the local network that attempts to discover the IP address for the destination computer's NetBIOS name.
    • LMHOSTS FILES - Like a hosts file, this can be configured for name resolution.
    • NetBIOS NAME SERVER - Pretty self-explanatory. Microsoft uses WINS for this.

    HOSTS FILE:
    The hosts file is a little different than the lmhosts file in that it will resolve both local and remote names. If the host name can't be resolved and no other alternative name resolution processes are in place, the user will receive an error. Once the host name is parsed from the host file, ARP takes over and attempts to resolve the IP address to a MAC address. Like the lmhosts method, this is static name resolution.

    DNS:
    The internet used to use a hosts file to resolve IP addresses to host names or domain names. The internet grew to the point where the administration and the traffic needed to maintain this file became unbearable and DNS was born. A DNS client(aka resolver) sends requests to the DNS nameserver which responds with the requested info, another server to pester or a failure message. This process is very similar to calling information. You call them with a name, they check their database and give you the phone number. There are 3 types of queries that a host will send to its DNS servers and they are inverse, iterative and recursive. When the nameserver resolves a request it is cached and given a TTL. There are a variety of roles a nameserver can satisfy within the zone that they are responsible for:

    • PRIMARY NAMESERVER - Gathers DNS information from local files and is a focal point for adding hosts and domains.
    • SECONDARY NAMESERVER - Gathers the data for its' zone(s) from another DNS server. Secondary nameservers provide redundancy, traffic on primary server and quicker access for locations that are remote in regards to the primary server.
    • CACHING ONLY SERVERS - These do not have a zone that they are responsible for. Their databases only contain info that is received from resolutions that it has made since the the server was last started.

    Nameservers are distributed into tiers called domains which will be covered in a moment as soon as I figure out why my shirt is chaffing me.

    DOMAINS:
    Microsoft discusses domains in terms of a hierarchical "domain name space" which they refer to as being like a tree structure. This probably makes a lot of sense to those of you migrating from the clunky, yet powerful Netware side of things. There are several different domain levels as listed below:

    • ROOT LEVEL DOMAINS - The top of the tree.
    • TOP LEVEL DOMAINS - These are divided into different categories. Com, net, mil, edu, org and gov are the most common.
    • SECOND LEVEL DOMAINS - These domains make up the rest of networks as all sub-domains are categorized under this heading. So if you visit Intel's site, you are visiting the sub-domain intel.com. Within intel.com many other sub-domains may also exist.
    • HOSTS - Hosts are the final level in the hierarchy as they are the individual computers that occupy or comprise a domain.

    THE FILES:
    Normally, a DNS server will use 4 different files to resolve names. These are the database file, reverse lookup file, cache file and boot file. Each of these will be discussed in detail below.

    • THE DATABASE FILE - This file will actually be called yourzone.dns and it is responsible for storing DNS records. This is a file that replication servers push/pull from the primary server in order to update their databases. This file contains several different entries. The first thing that will be seen in this file is the "Start of Authority"(SOA)which defines a zone's parameters. Next, there should be an entry called "Name Server Record" which lists other namerservers on the network. Next, the "Host Record" is a static mapping of host names to IP addresses and should list all of the hosts in a given zone. Finally, there is a "Canonical Name"(CNAME) entry that allows one to assign multiple host names to an IP address, or in other words, create aliases.
    • REVERSE LOOKUP FILE - This file allows for reverse DNS lookups. Somebody correct me if I am wrong on this point, but I believe that is does this by mapping a host name to a backwards IP address. For example, 192.62.70.50 would become 50.70.62.192. This is accomplished by using "Pointer" records.
    • CACHE FILE - The cache.dns file is required as it contains the records of the root domain servers. The default file that is included with NT 4 contains all of the root internet servers.
    • BOOT FILE - The boot file controls the start-up characteristics of a DNS server on the Berkley Internet Name Daemon(BIND).

    TCP/IP UTILITIES

    ARP: Provides a mapping from the logical 32-bit TCP/IP address to the physical 48-bit MAC address (i.e. translates a IP address into MAC address).
    Options:
    -a Gives the MAC addresses of recently browsed machines.

    RARP: Translates a MAC address into a IP address.

    TELNET: Provides a virtual terminal or remote login across the network that is connection-based and handles its own session negotiation. The remote server must be running a Telnet service for clients to connect. Defaults settings are Port 23 VT100 terminal emulation.

    NBTSTAT: Is used to troubleshoot connectivity problems between 2 computers communicating via NetBT, by displaying protocol statistics and current connections. NBTSTAT examines the contents of the NetBIOS name cache and gives MAC address.
    Options:
    -A 10.0.0.3 statistics for remote machine (Adaptor) given its IP address.
    -c lists the remote name cache.
    -n lists local NetBIOS names.
    -r lists names resolved by broadcast and by WINS.
    -R Reloads the remote cache name table.
    -S lists Sessions table with destination IP addresses.
    -s lists sessions table converting IIP addresses to host names via HOSTS file.

    TRACERT: By sending out ICMP packets, it determines the path taken by a data packet to reach it’s destination and can help determine at what point a network connection is now longer active. Can help troubleshoot network response time issues.
    Options:
    -d do not resolve addresses to host names.
    -h max hops.
    -w change timeout value.
    -j route via the specified router.

    NETSTAT: Displays in-depth detail about TCP/IP protocol status and statistics.
    Options:
    -a displays all connections.
    -e displays ethernet connections.
    -n displays addresses in numerical form rather than doing name-lookups.
    -s displays statistics for the given protocol only (default is all protocols).
    -p displays connections for the given protocol.
    -r displays routing table.

    WINIPCFG: Displays current TCP/IP configurations on the local workstation(see also IPCONFIG on Windows NT).

    IPCONFIG: Below are the ipconfig switches that can be used at a command prompt.
    - ipconfig /all will display all of your IP settings.
    - ipconfig /renew forces the DHCP server, if available to renew a lease.
    - ipconfig /release forces the release of a lease.

    FTP: Used for transferring data across a network from a server to a client. FTP uses TCP port 20 as the data transfer channel(known as DTP - Data Transfer Process) and uses TCP port 21 for commands(known as the PI - Protocol Interpreter).

    PING: Uses ICMP to verify a connection to a remote host by sending echo requests and "listening" for reply packets.
    Options:
    -t keeps pinging until interrupted.
    -a do not resolve addresses to host names.
    -n number of echo counts (default 4).
    -l length of echo packets (default 64).
    -f do not let gateways fragment the packets (good for stress-testing).
    -i sets TTL (Time To Live).
    -v sets TOS (Type of Service).
    -j packets must go thru listed hosts (i.e. routers).
    -k packets must not go thru listed hosts.
    -w timeout interval.

    TCP/IP TROUBLESHOOTING STEPS

    1. Check TCP/IP configuration (WINIPCFG) - check IP address, subnet mask, default gateway.
    2. Ping loopback address (PING 127.0.0.1 or PING loopback) - problem with TCP/IP protocol
    3. Ping local address (PING 203.5.171.20) - problem with NIC
    4. Display then clear local ARP cache (ARP -a, ARP -d 203.5.171.20)
    5. Ping the default gateway if host is on a remote subnet (PING 203.5.171.1)
    6. Trace a route to the remote host (TRACERT 203.5.171.20) - connection or bandwidth problems
    7. Check IP security on the server, including port settings (TELNET 203.5.171.20,80)
    8. Can connect via IP but not by name - check host/NetBIOS names, DNS, WINS, HOSTS & LMHOSTS

    REMOTE CONNECTIVITY

    SLIP(Serial Line Internet Protocol): Used for making a TCP/IP connection over a serial interface to a remote network. Does not provide error checking and is rarely used anymore.

    PPP(Point to Point Protocol): A Data Link Layer protocol used to encapsulate higher protocols to pass over synchronous or asynchronous communication lines. PPP is capable of operating across any DTE/DCE device, most commonly modems, as long as they support duplex circuits. There are 3 components to PPP.

    • HDLC(High-level Data Link Control) - Encapsulates the data during transmission.
    • LCP(Link Control Protocol) - Establishes, tests and configures the data link connection.
    • NCPs(Network Control Protocols) - Used to configure the different communication protocols, allowing them on the same line simultaneously. Microsoft uses 3 NCPs for the 3 protocols at the Network Layer (IP, IPX and NetBEUI)

    PPP communication occurs in the following manner: PPP sends LCP frames to test and configure the data link. Next, authentication protocols are negotiated to determine what sort of validation is used for security. Below are 2 common authentication protocols:

  • PAP is similar to a network login but passwords are sent as clear text. It is normally only used on FTP sites.
  • CHAP uses encryption and is a more secure way of sending passwords.
    Then NCP frames are used to setup the network layer protocols to be used. Finally, HDLC is used to encapsulate the data stream as it passes through the PPP connection.

    PPTP(Point to Point Tunneling Protocol): PPTP provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol Virtual Private Network(VPN) by encapsulating PPP packets into IP datagrams. There are 3 steps to setup a secure communication channel:
    1. PPP connection and communication to the remote network are established.
    2. PPTP creates a control connection between the client and remote PPTP server
    3. PPTP creates the IP datagrams for PPP to send.

    The packets are encrypted by PPP and sent through the tunnel to the PPTP server which decrypts the packets, disassembles the IP datagrams and routes them to the host. Setting Up PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS).

    ISDN(Integrated Services Digital Network): ISDN is comprised of digital telephony and data-transport services offered by regional telephone carriers. ISDN involves the digitalization of the telephone network, which permits voice, data, text, graphics, music, video, and other source materials to be transmitted over existing telephone wires. There are 2 types of ISDN channels:

  • B (bearer) - Transfers data at 64Kps
  • D (data) - Handles signalling at either 16Kps or 64Kps(sometimes limited to 56Kps) which enables the B channel to strictly pass data
    An ISDN usually contains 2 B channels and one D channel and uses one of the following standard interfaces:
  • BRI (Basic Rate Interface) - Contains 2x64 B channels and 1x16 D channel and uses existing wiring. BRI subscribers must be within about 5.5 kms of the telephone exchange and must have a ISDN Terminal Adapter and ISDN router.
  • PRI (Primary Rate Interface) - Contains 23x64 B channels and 1x64 D channel.

    ISDN Identifiers:
  • SPID (Service Profile ID) - unique throughout the whole switch - provided by the provider when the service is first set up
  • DN (Directory Nbr) - 10-digit phone nbr - can be used for multiple channels or devices.
  • TEI (Terminal Endpoint ID) - identifies the particular ISDN device to the switch.
  • SAPI (Service Address Point ID) - identifies the interface on the switch that the devices are connected to.
  • BC (Bearer Code) - an identifier made up of the TEI and SAPI and is setup for each call.

    Advantages of ISDN Over Analog:
  • Speed: no analog-digital converting & faster connect time, D channel takes care of overhead, 2Gbps v 56Kbps max speed
  • Can use multiple digital channels simultaneously
  • Can use bind channels together to get a higher bandwidth
  • Supports multiple devices per line

    NETWORK DIAGNOSTIC TOOLS

    NETWORK MONITOR: Tracks usage of network resources(good for establishing a network baseline).

    PERFORMANCE MONITOR: Tracks usage of various resources over time(good for establishing a general baseline).

    TONE GENERATOR: Used to test cabling. Identifies which cable or wire is being tested by generating different tones.

    TDR (Time Domain Reflectometer): Sends a signal down a cable and measures the distance that the signal travelled before bouncing back(like sonar). Used to find opens and shorts in cables.

    OSCILLOSCOPE: Tests cable by determining where there are shorts, crimps or attenuation.

    PROTOCOL ANALYZERS: - Monitor network traffic and display packet and protocol statistics and information.

 

Home | Free Mail | Forum | ePals | eCards | Chat | Downloads | Education | Music | Horoscope | Magic | Email us

 

© 2004 Whoo-ee!. All rights reserved.

For your suggestions: suggestion@whoo-ee.com