Home  >Administration  >Information Systems  >Tutorials  >TCP/IP Implementation

TCP/IP Implementation

TCP/IP Protocols IP Addressing Subnetting MS Network Monitor
DHCP NetBIOS WINS Internetwork Browsing Hosts DNS SNMP
Connecting NetBIOS Printing  Troubleshooting More on IP Addressing
cable.gif (2986 bytes)

TCP/IP Protocols

The Transmission Control Protocol/Internet Protocol (TCP/IP) standards are always published as RFCs (Request For Comment), but not all RFCs specify standards.

TCP/IP protocols follow the Department Of Defence (DOD) four-layer model:

Application/Process
Transport or Host-to-Host
Internet
Network Access

OSI Model

DOD Model

Application

 Application/Process

Presentation

Session

Transport

 Transport or Host-to-Host

Network

 Internet

Data Link

Network Access

Physical

The TCP/IP protocol suite consists of:

Application/Process Telnet FTP LPD SNMP
TFTP SMTP NFS X window
Host-to-Host

TCP

UDP
Internet ICMP BootP ARP RARP
IP
Network Access Ethernet Fast Ethernet Token Ring FDDI

 

At the Network layer IP uses NDIS (Network Device Interface Specification) to submit frames to the network layer.

The four protocols at the Internet layer are:

  1. IP. The Internet Protocol is a connectionless and unreliable protocol that addresses and routes packets between hosts. It contains the Source IP of the sender host, the destination IP, the transport protocol (TCP or UDP), checksum and Time to Live (TTL). The TTL is decremented by at least one second each time the IP datagram passes through a router. When TTL reaches zero, the packet is discarded. The default TTL in NT 4.0 is 128 seconds.
  2. ARP. The Address Resolution Protocol obtains the MAC addresse of a host on the same physical network by broadcast and maps it to the host's IP addresse. Once ARP obtains a hardware address, stores both the IP and the MAC address as one entry in the ARP cache. The cache maintains both static and dynamic entries. Dynamic entries are added and deleted automaticaly, where static entries remain in cache until the computer restarts. ARP always checks the cache before it initiates a broadcast. ARP allows two hosts on different subnets to communicate by broadcasting to the default gateway. Each ARP cache entry can live up to 10 minutes. If it is not used within 2 minutes, it is deleted; otherwise, if used, it is deleted after 10 minutes. By adding static ARP entries you decrease the number of ARP requests. To view the ARP cache use the arp -g command.
  3. ICMP. The Internet Control Message Protocol reports errors and control messages on behalf of IP. It is carried by IP datagrams and it is unreliable.
  4. IGMP. The Internet Group Management Protocol passes information to other routers so each router is aware of what hosts belong to what network. It is carried by IP datagrams and it is unreliable.

The two protocols at the Transport or Host-to- Host layer are:

  1. TCP. The Transmission Control Protocol is a reliable, connection-oriented delivery service. It uses byte-stream communications so data is treated as a sequence of bytes. For each data segment sent, the receiving host must return an acknowledgment within a specified period. If there is no acknowledgment, the data is retransmitted. A TCP session is initialized via a three-way handshake in order to synchronize the sending and receiving of data segments. All TCP data segments have two parts: data and header. Sockets applications use a unique port number. Port numbers for well-known server side applications are pre-assigned by IANA and do not change. Port numbers for client-side applications are dynamically assigned by the operating system. A socket is created by an application by specifying the IP of the host, the service type (TCP or UDP) and the port the applications is using.
  2. UDP. The User Datagram Protocol is an unreliable and connectionless datagram service. Is used by applications that do not require acknowledgment of data receipt such as NetBIOS name service and SNMP. UDP ports are separate from TCP ports even though some of them use the same port number.

At the Application layer Microsoft TCP/IP provides two interfaces for network applications: Windows Sockets and NetBIOS. Examples of sockets applications are FTP and Telnet. Examples of NetBIOS applications are net view, net use, etc.

TCP/IP enables you to connect dissimilar systems with utilities such as FTP and Telnet. On NT all TCP/IP utilities are implemented as client software except for FTP which is both client and server. Note that NT can be a SLIP client but not SLIP server, thus NT RAS servers do not accept SLIP client connections.

1. Data transfer utilities:

Trivial File Transfer Protocol (TFTP) works like FTP.
Remote Copy Protocol (RCP) copies files between NT and a Unix host.

  1. Remote execution utilities:

    Telnet provides terminal emulation.
    Remote Shell (RSH) which runs commands on a Unix host.
    Remote Execution (REXEC) which runs a process on a remote computer.

  2. Printing utilities:

    Line Printer Remote (LPR) prints a file to a host running the Line Printing Daemon (LPD) service.
    Line Printer Queue (LPQ) obtains status of a print queue on a host running the LPD service.

  3. Diagnostics utilities:

PING (Packet InterNet Groper)
IPCONFIG
Finger
NSLOOKUP
HOSTNAME
NETSTAT
NBTSTAT
Route
Tracert
ARP

TCP/IP configuration uses an IP address, subnet mask and default gateway to communicate with hosts. Each NIC in a computer that use TCP/IP requires these parameters.

An IP address is a logical 32-bit number that identifies a host. Each IP consists of the network ID and the host ID. The network ID identifies all hosts on the same physical network and the host ID identifies a host on the network.

A subnet mask blocks out a portion of the IP address so that TCP/IP can distinguish the network ID from the host ID. The subnet mask determines if the destination host is on a local or remote network. If a duplicate IP address is configured, the IP address appears as configured, but the subnet mask appears as 0.0.0.0

The default gateway receives all TCP/IP packets addressed to a remote network.

You can ping the loopback address 127.0.0.1 of any host to bypass the NIC and verify that TCP/IP is installed and loaded correctly.

IP Addressing

Each IP is 32 bits long and composed of four 8-bit fields called octets. Each octet can range from 0 to 255. When all bits of an octet are 0 then the value of the octet is 0. When all bits of an octet are 1 then the value of the octet is 255. The 32-bit IP addressing scheme supports a total of 3,720,314,628 hosts.

Each IP address has a network IP and a host IP part. All hosts on a network must have the same network ID in order to communicate. All TCP/IP hosts, including interface to routers, require unique host IDs.

IP addresses have five different classes. Each class defines the part of the IP which identifies the network ID and the part which identifies the host ID. You identify the class of an IP address by the number of the first octet.

Class A

High order bit = 0
Network ID = First octet
Range of network Ids = 1-126
Max networks = 126
Max hosts = approx. 17 million per network

Class B

High order bit = 10
Network ID = First two octets
Range of network Ids = 128-191
Max networks = 16,384
Max hosts = approx. 65,000 per network

Class C

High order bit = 110
Network ID = First three octets
Range of network Ids = 192-223
Max networks = approx. 2 million
Max hosts = 254 per network

Class D

High order bit = 1110
Use only for multicast group. There are no network or host bits in the multicast operations. WINS and Microsoft NetShow use multicast.

Class E

High order bit = 1111
Used for experimental purposes.

Some Addressing Rules

Subnet Mask

A subnet mask is a 32-bit address use to block a portion of the IP address to distinguish the network ID from the host ID. This way TCP/IP can determine whether an address is on a local or remote network. A default subnet mask is used on networks that are not devided into subnets.

In the subnet mask, all bits that correspond to the network ID are set to 1 (255) and all bits that correspond to the host ID are set to 0.

The host IP is ANDed with its subnet mask and the destination address of a packet is ANDed with the same subnet mask. If the result of ANDing the source and destination address match, then the packet belongs to a host on the local network. If the results do not match, the packet is sent to the default gateway (router).

To AND an IP to a subnet mask, multiply each bit in the IP with the corresponding bit in the subnet mask.

Subnetting

A subnet is a physical segment in a TCP/IP environment that uses IP addresses derived from a single network ID. Subnetting requires that each segment use a different network ID, or subnet ID. A subnet ID is created by partitioning the bits in the host ID into two parts. One part is used to identify the segment as a unique network, and the other part to identify the hosts. Subnetting is not necessary for private networks. By using more bits for the subnet mask, more subnets are available, but fewer hosts are available per subnet.

Before subnetting you need to define:

To find the subnet mask:

  1. Count the number of physical segments in your network.
  2. Convert the above number to binary.
  3. Count the number of bits required to represent the above number in binary.
  4. Convert the required number of bits to decimal in high order (left to right).

For example if you have a class B network and you want to create 6 subnets:

The binary value of 6 is 110. So 6 requires 3 bits. The third octet of a class B network is the first octet of the host ID. This octet now becomes 11100000 in order to represent the subnet mask (remember that the subnet mask portion of a network ID must have all bits equal to 1). The binary 11100000 is equal to 224 decimal. So the new subnet mask is 255.255.224.0 for your subneted class B network.

You can subnet using more that one octet or more that 8 bits. This way you can create more subnets with more addressing flexibility.

Use the following table to simplify the additions:

128
    +64=192
             +32=224
                      +16=240
                                + 8=248
                                        + 4=252
                                                + 2=254
                                                         + 1=255

Formula for subnetting a class C network

If Subnet Bits = z (borrowed from the first octet of the host ID portion)
Number of possible subnets = 2z-2 (all possible combinations of subnet bits, exluding the all 0 and all 1)
Hosts per Subnet = 28-z-2 (all possible combinations of remaining host bits, excluding the all 0 and all 1)
Total Hosts = (Number of subnets) x (Hosts per subnet)
Networks = The decimal value of the subnet bits in high order
Valid Subnetwork IDs = 28-z = net1
                                        net1+28-z =net2
                                        net2+28-z =net3 etc…
Valid Hosts per Subnet = (net1+1) to (net2-2) etc…

Example: You want to divide a class C network into 4 subnets.
Subnet bits = 3
Number of subnets = 23-2 = 8-2 = 6
Hosts per subnet = 28-3-2 = 32-2 = 30
Total hosts = 6x30 = 180
Netmask = 11111111.11111111.11111111.11100000 = 255.255.255.224
Valid subnet IDs = 28-3 = 32
                                32+32= 64
                                64+32= 96
                                98+32= 128
                                130+32=160
                                162+32=192

Valid hosts per subnet = (32+1) to (32-2) = 33 to 62
                                                                      65 to 94
                                                                      97 to 126
                                                                      129 to 158
                                                                      161 to 190
                                                                      193 to 222

 

Microsoft Network Monitor

Is limited to only capturing data for the local computer. It works by configuring the NIC to capture all incoming and outgoing packets. Is installed as a service via Control Panel.

It works in three steps:

  1. Start the capture process
  2. Generate network traffic
  3. Stop capturing and review the data

Dynamic Host Configuration Protocol (DHCP)

DHCP is an extension of the BOOTP protocol. BOOTP enables diskless workstations to start up and auto configure TCP/IP.

DHCP can provide IP addressing, subnet mask, default gateway, DNS address and NetBIOS name server address to a client. All DHCP communication is done over UDP ports 67 and 68.

In a computer with multiple NICs, the DHCP process occurs separately over each adapter. A unique IP will be assigned to each NIC.

Most DHCP messages are broadcasts. In order for DHCP clients to communicate with a DHCP server on a different subnet, the IP routers must support forwarding DHCP broadcasts.

All DHCP communications are in four parts:

  1. IP lease request by the client (DHCPDISCOVER message)
  2. IP lease offer by all DHCP servers available (DHCPOFFER message)
  3. IP lease selection by the client (DHCPREQUEST message)
  4. IP lease acknowledgment by the server (DHCPACK message)

The first time a client initializes, since it does not yet have an IP address and it does not even know the IP address of a DHCP server, it requests to lease an IP by broadcasting a request to all DHCP servers and using the 0.0.0.0 (this network) as the source address, and 255.255.255.255 (broadcast) as the destination.

If an offer is not received after four request, the client will retry every five minutes.

The client stores the IP address, subnet mask and other IP addressing information in its registry.

All DHCP clients attempt to renew their lease after 50% of the lease time has expired. When a client restarts, it attempts to lease the same IP from the original DHCP server. If the lease is not renewed, the client can still use its IP for the remaining 50% of the lease.

The client will attempt again at 87.5% of the lease time. If the lease expires without being able to renew it, communication via TCP/IP stops until a new IP can be assigned to the client.

Use the ipconfig /all command to obtain detailed IP configuration of a computer (winipcfg for Win 95 machines). The ipconfig /renew command forces a client to renew its IP lease. The ipconfig /release command forces a client to give up its IP lease.

If a client remains off for the length of its lease, it is possible for the DHCP server to assign that client's IP to a different client after the lease expires.

All clients that require static IP addresses need to be excluded from the IP range of the DHCP server.

If a DHCP server will supply IPs to multiple subnets, then any routers connecting subnets should be able to act as DHCP relay agents (or BOOTP relay agents). A relay agent relays DHCP broadcast messages between DHCP clients and servers on different IP networks. It runs as a service via Control Panel/Services/DHCP Relay Agent. It is configured with the IP of the DHCP server so the agent will know where to forward requests from clients on its subnet.

If your routers cannot act as DHCP relay agents, then one DHCP server is needed for every subnet with DHCP clients.

Since DHCP servers do not share scope information with each other, it is necessary to create unique IPs for each server to assign to clients.

A scope is a range of IP addresses that are available for lease to clients. Every DHCP server requires at least on scope.

The scope needs to be activated before it is available for lease (indicated by the yellow light bulb next to it.) From the DHCP scope exclude any static IP addresses assigned to workstations.

In an internetwork it is advisable to follow the following:

This way a client can still receive an IP if its local DHCP server is down (assuming that the router is a DHCP relay agent.)

Any NT server can become a DHCP server (it is not necessary to be a domain controller.)

A DHCP server needs static IP parameter configuration (it cannot also be a DHCP client.)

Any Windows NT 4.0 server or Workstation, Win 95 , WFW, MS-DOS and LAN Manager computer can become a DHCP client.

The DHCP server can be configured to always assign the same IP to the same DHCP client (client reservation.) Client reservation is necessary for network with clients which are not WINS enabled and use the LMHOSTS file to resolve NetBIOS computer names. If you have multiple DHCP servers in the internetwork, all DHCP servers should have the same client reservations. In order to add a client reservation you will need the MAC address of the client which you can obtain with the command arp -a.

There are three levels of scope options:

Microsoft DHCP clients can accept only the following options:

The DHCP database (Dhcp.mdb)is automatically backed up every 60 minutes, compacted and if corrupted it gets restored automatically when the DHCP service restarts. The backup copies are stored in the \Winnt\System32\Dhcp\Backup\Jet directory. To manually restore the DHCP database copy the contents of the \Winnt\System32\Dhcp\Backup\Jet to the \Winnt\System32\Dhcp directory and restart the DHCP service.

NetBIOS over TCP/IP

NetBIOS is a session level API and a session/transport protocol.

The name assigned to your computer and the group or domain are all NetBIOS names. NetBIOS names are 16-byte long (15 characters plus a hexadecimal number). Network services are identified by the unique 16th character. All NT Server services and NT commands such as net use register NetBIOS names. Use the nbtstat -n command to view a computers NetBIOS name.

NetBIOS works with broadcasts. You can segment the NetBIOS namespace by using the scope ID. Using a scope ID will not increase performance, but it will reduce the number of packets that are accepted and evaluated by a host. The scope ID is a character string appended to the NetBIOS name that segments the 16-character flat namespace. With scopes a NetBIOS name needs to be unique only within that particular scope and not across the entire namespace.

The NetBIOS scope allows computers to use the same NetBIOS name as long as they have a different scope ID. For example \\comp1.apps and \\comp2.apps belong to the same scope and can communicate.

Resolving a computer's NetBIOS name to an IP address is called NetBIOS name resolution.

The order of address resolution is:

  1. NetBIOS name resolution to IP address
  2. IP address resolution to MAC address (ARP)

Methods of NetBIOS name resolution:

Order of Microsoft NetBIOS name resolution process

When a user types a net use comand then:

  1. The local NetBIOS name cache is checked first.
  2. Then three attempts are made to contact the WINS server (primary first and then secondary).
  3. Then three broadcast are generated on the local network.
  4. Then the local LMHOST is parsed.

    If the Enable DNS for Windows Resolution check box in the WINS page is checked then:

  5. The local HOSTS file is parsed.
  6. Then the DNS server is checked.

Node Types

An NT system defaults to Microsoft enhanced B-node if there are no WINS servers configured. If there is at least on WINS server configured, then the system defaults to H-node.

You can configure which NetBIOS name resolution method a host will use by modifying the registry.

Use the nbtstat -c command to display the NetBIOS cache, the nbtstat -r command to display name resolution and registration statistics and the nbtstat -R to purge the NetBIOS name cache.

Windows Internet Name Service (WINS)

WINS is used to register NetBIOS computer names and resolve them to IP addresses for local and remote hosts. The WINS server maintains a dynamic database of NetBIOS to IP names so client requests for computer name resolution are sent directly to the WINS server thus avoiding broadcasts. WINS is a flat name space and requires that each WINS server maintain a complete database of entries through replication. If the WINS server is not available then the client can still use broadcast. If you use WINS you do not need LMHOST files.

At startup each WINS client registers its name with WINS. All NetBIOS names are registered on a temporary basis with the WINS server. The client attempts to renew its WINS lease first after 1/8 of its TTL.

When a WINS client shuts down, sends a message to the WINS server to release its NetBIOS name.

All WINS communications are done using UDP port 137 and can be routed.

Every WINS client can be configured for a primary and a secondary WINS server.

One WINS server and a backup server can serve 10,000 WINS clients.

The WINS service runs on NT Servers (it does not need to be on domain servers) with preferably static IP parameters.

You can configure static NetBIOS names to IP mappings for non-WINS clients. This way you do not have to maintain LMHOSTS files.

A WINS proxy agent extends the name resolution capabilities of a WINS server to non-WINS clients by listening for broadcast name registrations and broadcast resolution requests and then forwarding them to a WINS server. You will need at least one or a maximum of two proxy agents per subnet with non-WINS clients. The proxy agent must be a WINS client but cannot be a WINS server. You enable a computer to become a WINS proxy agent from the registry HKEY_LOCAL_MACHIN\SYSTEM\CurrentControlSet\Services\NetBT\Parameters and set the EnableProxy to 1.

To configure a DHCP client to automatically receive WINS support, you use the DHCP Manager and add the following two DHCP scope options:

  1. 044 WINS/NBNS Servers that configures the primary and secondary WINS servers on the client
  2. 046 WINS/NBT Node that configures the client to H-node.

WINS Replication

All WINS servers on a network can be configured to propagate WINS registrations to each other. They only replicate new database entries. A pull partner requests WINS new database entries. A push partner sends a message to its pull partners notifying them that its WINS database has changed. Replication requires at least one push partner and one pull partner.

Be default, when the WINS Server service is started it automatically pulls database entries from its push partner. You can also pre-configure replication at time intervals or force it through the WINS Manager Replication Partners dialog box. If the network supports multicasting, the WINS server can be configured to automatically find other WINS server on the same network by multicasting to the 224.0.1.24 address.

Push partners need fast link connections since push replication occurs when the configured number of updated WINS database entries is reached.

Pull partners are configured over WANs because pull replication can be configured to occur at specific time intervals (at night).

Each WINS server can be configured to be both push and pull partner so they can replicate database entries between them.

WINS Manager allows you to view the content of the WINS database. You can remove obsolete database entries manually or automatically. NT 4.0 server automatically compacts the WINS database , after you define a backup directory it backs it up every 24 hours and, if corrupted, restores it at startup.

IP Internetwork Browsing

The Computer Browser service uses NetBIOS broadcasts to obtain lists of network resources. Because NetBIOS broadcasts are not usually routed you must configure hosts to use WINS or an LMHOSTS file (especially for non-WINS clients) to enable browsing and domain activity across subnets.

In a Windows NT network other broadcasts include:

If you do not use WINS server, use the #DOM entry in an LMHOST file to enable broadcast messages to a domain which spans different subnets.

Example of an LMHOSTS file:

        1. lab1 #PRE #first computer in lab
        2. lab2 #DOM:academic #academic subnet

Hosts

A host name is an alias assigned to a computer running TCP/IP. The host name does not have to match the NetBIOS name of the computer and can be up to 256 characters long. For example a host name can be lab12.compscience.chaminade.org. Multiple host names can be assigned to the same host. A host name can substitutes the computer's IP address for TCP/IP utilities such as PING.

A host name is stored in a HOSTS file or on a DNS or WINS server or an LMHOSTS file.

The HOSTS file maps host names of both local and remote hosts to their IP addresses. The LMHOSTS file is used only for remote hosts.

The HOSTNAME utility will display the host name assigned to a computer. By default, the host name is the NetBIOS computer name of an NT computer.

A Windows NT host can be assigned a host name, but this name can be used with TCP/IP utilities only. NT 4.0 allows to connect to another NT host by using its TCP/IP address. For example, \net use z:\\38.246.176.82\share_name.

The search order for a PING hostname command is:

  1. Check local host name
  2. Check local HOSTS file
  3. Check DNS server
  4. Check local NetBIOS name cache
  5. Check WINS server
  6. Broadcast
  7. Check local LMHOSTS file

The HOSTS file is located in the \winnt\System32\Drivers\Etc directory.

The most used host names should be near the beginning of the HOSTS file.

Each entry is limited to 255 characters and is not case sensitive.

All HOSTS file have the entry 127.0.0.1 localhost by default.

Example of HOSTS entries:

        1. lab1.chaminade.org #CD-ROM server

38.246.176.30 asced.chaminade.org #Internet router

Domain Name System (DNS)

DNS is a distributed database using a hierarchical name structure. It uses UDP and TCP protocols. Its purpose is to translate host names into IP addresses.

It has three components:

  1. Resolvers (DNS clients)
  2. Name servers (receive name requests from resolvers and, if necessary, forward requests to other name servers. They are grouped in domains)
  3. Domain name space

 

Domains define different levels of authority in a hierarchical structure. The top domain is called the root and is reference by a period (.).

Top-Level Domains are .com, .edu, .org, etc.
Second-Level Domains can contain both hosts and other domains called subdomains.

Specific servers are responsible for a portion of the domain name space called zones of authority.

A single DNS server can be configured to manage multiple zine files.

DNS servers can be:
Primary Name Servers obtain data from local files
Secondary Name Servers obtain zone data by zone transfers from the server that has authority for that zone.

You need at least one primary and one secondary DNS server for each zone. A DNS server can be primary for a certain zone and secondary for another zone.

When a secondary name server starts, it contacts its master name server and initiates a zone transfer with it.

Caching-only servers only perform queries, cache the answers and return the results. They are not authoritative for any domains (no zone data is kept locally). Since they do not initiate zone transfers, caching-only servers are good for DNS resolution over slow WAN links.

A resolver (client) can make recursive, iterative and inverse queries to a DNS server. Resolved queries are placed in a cache on the server and the resolver for future requests.

The special domain in-addr.arpa enables inverse queries of IP addresses to host names.

A DNS server has a database file, a reverse lookup file, cache file and boot file.

The Database file stores resource records for a domain (adomain.com.dns). This is the file that replicates between master and secondary name servers.

Start Of Authority (SOA) is the first resource record.

Name Server (NS) record lists the additional name servers.

Host (A) record associates a host name to its IP address.

Canonical Name (CNAME) record associates more that on host name with an IP address (aliasin).

In order for an organization to connect to the Internet as a second-level domain , the InterNIC must be informed of its domain name and the IP addresses of at least two DNS servers that service the domain. The organization’s DNS servers need also to be registered with the DNS server that is above in the hierarchical naming structure of DNS.

The NSLOOKUP utility is the primary diagnostic tool for DNS and it displays resource records on DNS servers.

The nslookup hostx command resolves the host’s name to its IP address.

You can administer the Microsoft DNS server either by using the DNS Manager or by manually editing the DNS configuration files. The DNS server has no initial information about a user’s network, installs as a caching-only name server for the Internet, and contains only information on the Internet root servers.

The DNS files are located in \winnt\System32\Dns. You can edit these files and configure the DNS server manually.

The first step in configuring a DNS server is to determine the hierarchy for the DNS domains and zones. Then resource records are added.

DNS can be integraded with WINS. Since WINS allows machines to register their name-to-address mappings dynamically, it requires less administration but each WINS server needs to maintain a complete database of entries through replication.

By enabling WINS Lookup through the Zone Properties dialog box in DNS manager, DNS can be configured to submit queries to a WINS server when a name-to-address mapping cannot be resolved by the DNS server. The DNS server converts the host portion of the name to a NetBIOS name and sends a request for this NetBIOS name to the WINS server. The WINS server resolves the name and returns the IP to the DNS server.

Connecting NetBIOS hosts with other types of hosts

All Microsoft networking uses the Sever Message Block (SMB) file sharing protocol. UNIX clients use the Network File System (NFS) protocol.

Microsoft TCP/IP allows connectivity to many other non NetBIOS based systems, such as OS/2, UNIX, VMS, Solaris, running client/server applications at both ends. This is possible because many vendors have implemented NetBIOS over TCP/IP and SMB servers on their operating systems.

All connected hosts need to use the same transport driver, such as TCP/IP, NBF or IPX and SMB connectivity.

Remote Execution Utilities

REXEC tcpiphost command (provides authentication)
RSH unixhost command (no authentication; needs .rhosts entry)
Telnet (needs a Telnet server running as a daemon on the remote system. Microsoft provides the client part, but not the server part of Telnet. Provides authentication.)

Data Transfer Utilities

RCP host1.user1:source host2.user2:destination (used to copy files between a local and remote UNIX host or two remote hosts. No authentication; needs .rhosts entry.)

FTP uses the TCP transport protocol and provides binary and text file transfers with an FTP server. The FTP server and host are provided with NT. It needs authentication or it can accept anonymous connections.

FTP get copies a remote file to a local host.
FTP put copies a local file to a remote host.
!command executes command from the local host’s command prompt

You can use the netstat command to check the status of FTP ports.

TFTP (Trivial File Transfer Protocol) uses the UDP connectionless protocol and does not support authentication. Microsoft provides only the TFTP client software and not the server deamon.

Web Browsers and servers

Use the Hypertext Transfer Protocol (HTTP) in a client/server model. Each object in an HTTP document requires a separate connection. Web browsers support many data types such as text, graphics, video, sound, etc. They also support several data transfer protocols, including FTP, Gopher, HTTP, and Network News Transfer Protocol (NNTP).

Printing Utilities

Windows NT provide the Line Printer Deamon (LPD) service and the Line Printer Remote (LPR) client.

LPD enables any computer running TCP/IP and LPR to send print jobs to the computer running LPD.

LPR is the client printing application that enables NT clients to print to any host running LPD.

Line Printer Query (LPQ) is another client application that can be used to query the printer after print jobs have been submitted.

For NT to accept print jobs from LPR clients, the TCP/IP Printer Server service (LPDSVC) needs to be installed and running.

A Windows NT with TCP/IP computer running LPD can perform two gateway functions. First it can receive print jobs from Microsoft clients and forward them automatically to a TCP/IP base print server running LPD. The client does not require LPR or TCP/IP.

Second an NT computer can receive print jobs from any LPR client and then forward them to any visible printer.

The lpr.exe command line utility can submit print files to the LPD service running on a Windows NT server or a UNIX host. (lpr -Sipaddress -Pprintername filename)

You can use the LPQ (lpq.exe) utility to check the status of a print queue (lpq -Sipaddress -Pprintername -L). The -S and -P are case sensitive in both commands above.

Simple Network Management Protocol (SNMP)

SNMP allows NT computers to be monitored and to alert management systems of events.

SNMP consists of management systems and agents. A management system requests information from an agent. A management system runs SNMP management software and it can initiate the get, get-next and set operations in order to obtain a specific value from an agent. An agent is any computer running SNMP agent software, typically a server or router. Agents can only initiate traps that alert management systems of an event such as a password violation.

The Microsoft SNMP service is SNMP agent software only. It is written to the Windows Sockets API and allows calls from management systems written the Windows Sockets. It uses UDP on port 161. The information that a management system can request from an agent is defined in a Management Information Base (MIB). Third parties can develop their own Management Information Bases (MIBs) for use with the Microsoft SNMP service.

SNMP management systems and agents share a common understanding of MIB objects. The SNMP service supports Internet MIB II, LAN Manager MIB II, DHCP MIB, and WINS MIB. Each MIB defines a number of objects to be monitored.

The name space for MIB objects is hierarchical and each manageable object can be assigned a globally unique name. Authority for parts of the name space is assigned to individual organizations. This allows organizations to assign names without consulting an Internet authority.

In order to monitor TCP/IP with Performance Monitor, you need to install the SNMP service. Also in order to use a third-party application to monitor an NT computer, you need to configure the SNMP service.

An SNMP community is a group to which hosts running the SNMP service belong. Communities are identified by a community name. Before you install SNMP you need to define an SNMP community. An agent will not accept a request from a management system outside its configured community. Only the agents and managers that are members of the same community can communicate with each other. An SNMP agent can be a member of multiple communities at the same time, thus communicating with managers from various communities. The default community name for all hosts is Public.

When you install the SNMP service, you must determine the Send Trap and Trap Destination parameters.

SNMP provides primitive security and context checking for agents that receive requests and initiate traps, and for management systems that initiate requests and receive traps. NT sends an authentication trap by default. SNMP agent service gives an NT computer the ability to provide a management system with activity information at different layers of the TCP/IP protocol suite. All SNMP service error messages are documented in the Event Viewer.

The snmputil.exe is provided with the NT Resource Kit and enables you to make the same SNMP calls as an SNMP management station.

TCP/IP Troubleshooting

Use PING to verify communication between the Network Interface and Internet layers.

  1. Ping 127.0.0.1 (loopback Address)
  2. Ping your IP address
  3. Ping IP of default gateway
  4. Ping IP of a remote hosts (WAN)
  5. Ping the host name to verify that HOSTS file is correct

Verify communication between the Network Interface and the Application layer by establishing a NetBIOS over TCP/IP session (net use, net view), and/or a Windows Socket session (FTP, Telnet).

Excerpt from Computer Intelligent Agents Manual
Last revision August 19, 1999
© Copyright Yannis & Patti Grammatis 1997
All rights reserved