IP ROUTING
Internet Protocol (IP) Routing is the process of delivering an IP packet to a host on a separate/remote PC. Windows NT Server has the abiltiy to be configured as a router. This is known as a multihomed computer. A multihomed computer must have at least two network interfaces connected to separate subnets. Each network interface is capable of having up to five IP addresses.
A Router builds Routing tables based on experience. Tries to deliver packets locally, if not found goes to a default gateway for delivery. If not found, either local or on the gateway an error message is returned.
DYNAMIC ROUTING
Routing tables are built dynamically and routers share information with other routers using one of the two types of protocols:
ROUTING INFORMATION PROTOCOL (RIP) A distance vectoring protocol, determines the number of hops needed to deliver a packet. Stores that information in its routing table.
OPEN SHORTEST PATH FIRST (OSPF) Creates less broadcast traffic because it only updates information when a change occurs.
STATIC ROUTING Requires routing tables to be built manually. Static routers are secretive, do not share routes or any other information
NAME RESOLUTION
Nave resolution is the method of resolving a computer name to ist IP address. The computer can have two names: a NetBIOS name and a Host name. NetBIOS name - Microsoft's naming system implemented with LAN Manager, Windows and Windows NT. Host name - an older naming system primarily used with UNIX Systems.
There are several files that are used to perform name resolution. These files are searched in different orders depending on which type of name resolution you are performing. In a Windows environment the search order is as follows:
NETBIOS NAME RESOLUTION
Local NetBIOS name (C)ache
(W)INS Server
(B)-node Broadcast
(L)MHOSTS file
(H)OSTS file
(D)NS Server
Mnemonic Can We Buy Large Hard Drives
The search order can be changed by redefining the type of resolution node the system will use.
LOCAL NETBIOS NAME CACHE
The NetBIOS name cache contains every NetBIOS name that was recently associated with an IP address. This local cache helps reduce network traffic by eliminating the nedd for broadcasting or WINS queries.
NETBIOS NAME RESOLUTION NODES
Note: regardless of which node the computer is using, the computer will always check the local NetBIOS name cache first, and the LMHOSTS file last.
| H-node | Hybrid node. The computer will first query the WINS Server for the mapping, then if not successful, will use (up to) 3 b-node broadcasts. By inserting the IP address of the WINS Server in the computer's network properties, it defaults to H-node |
| M-node | Mixed node. The computer will first use (up to) 3 b-node broadcasts, then if not successful, will query the WINS Server. |
| P-node | Point-to-point (Peer-to-Peer) The computer will only query the WINS Server. |
| B-node | Broadcast. The computer willsend out a broadcast to all computers on its local network to have the computer with the requested name send back a confirmation with its IP address. B-node is the default node method for non-WINS clients. |
You can alter which node you system uses by making the necessary changes in the DDHCP Server.
LMHOSTS FILE
The LMHOSTS file, originally used with MS-LAN Manager, contains a list of Net BIOS name to IP address mappings. It is a regular text file and is located in the %Systemroot%\system32\drivers\etc directory.
Example
131.107.2.200 Server1 #PRE#DOM:DOMAIN1 131.107.2.205 Computer1 131.107.2.206 Computer2 The tags (#) associated with the LMHOSTS file are as follows:
| #PRE | will cause the entry to be placed into the NetBIOS name cache. |
| #DOM: domain name | specifies the domain master browser in another domain. Must be preceded by the #PRE tag. |
| #INCLUDE:\\server\share\lmhosts | specifies the LMHOSTS file on another computer, and will parse it as if it were local. |
| #BEGIN_ALTERNATE | precedes multiple #INCLUDE statements. |
| #END_ALTERNATE | succeeds multiple #INCLUDE statements. |
HOST NAME RESOLUTION
UNIX machines use Host names instead of NetBIOS names. A host name is an assigned identifiere used to designate a specific TCP/IP machine. It can have many host names that are the same or different than its NetBIOS name.
HOST NAME RESOLUTION ORDER
(L)OCAL host name
(H)OSTS files
(D)NS Server
(W)INS Server
(B)-node Broadcast
(L)MHOSTS
Mnemonic: Large Hard Drives Will Be Likely
HOSTS FILE
The HOSTS file, originally used with UNIX systems, contains a list of host name to IP address mappings. It is a regular text file named HOSTS and is located in the %Systemroot%\system32\drivers\etc directory. The HOSTS file is not case sensitive.
Example:
131.107.2.200 freetests.tripod.com #source server 104.107.2.205 x.tripod.com #x client host
ADDRESS RESOLUTION PROTOCOL (ARP)
ARP resolves IP addresses to hardware addresses. Each network adapter has a unique hardware address (or MAC address) which it uses for identification on the network.
TCP/IP communication begins with ARP. ARP resolves IP addressed to the machines network adapter(MAC) addresses for outgoing packets. Checks its cache for a correct entry. If no entry is found in the cache, broadcasts a request to the local subnet. ARP will resolve the MAC address to the gateway router address if the packet is not local.
ARP CACHE
All ready resolved addresses are stored in a part of the computers memory known as the ARP Cache. Entries can be static or dynamic. Static entries remain in memory until power is turned off. Dynamic entries remain for two minutes if not accessed and for ten minutes if accessed.
Example:
131.107.2.200 FF-0E-4B-89-C6-34 dynamic 131.107.2.201 AA-B0-76-8E-99-78 dynamic 131.107.2.209 90-57-A3-C4-07-39 static
WINS - WINDOWS INTERNET NAMING SERVICES
WINS is a dynamic database located on a windows NT Server, which stores NetBIOS names to IP address mappings.
WINS REPLICATION
WINS operates with a push\pull replication method. WINS databases can be configured as one or the other, or both.
Push - The server will send its database changes once the number of changes meet a predetermined value in the push settings. This could cause traffic at the wrong time of day, and is not recommended over WAN links.
Pull - The server will pull database changes from another server at a predetermined time of day, or at regular timely intervals, as determined in the pull settings. Is recommended for WAN links, as it can be set up to pull changes after hours or at times of day which traffic is not as heavy.
WINS PROXY
A WINS Proxy is an NT computer which is not all ready a WINS Server, that listens for b-node broadcasts from non WINS computers. Once a b-node broadcast is detected, it intercepts the broadcast, and checks its local NetBIOS cache for the requested computer name. If the computer name is not found in the proxy's cache, it forwards the request to a WINS Server. The WINS Server then returns the mapping for the name, and the WINS Proxy forwards its findings to the requesting non WINS computer.
Non WINS computers can have their NetBIOS name mappings stored in the WINS Servers database by being manually added. If your network was using LMHOSTS files before adding the WINS Server, you can import it into the database in the Add Static Mappings option.
DNS - DOMAIN NAME SERVICES
Domain Name Services is a hierarchical server database that contains host name to static IP address mappings. DNS can be used to resolve NetBIOS names, but only when the box is checked to enable DNS for NetBIOS name resolution in TCP\IP properties of the Network configuration window. Windows NT is able to list up to three DNS Servers in its network properties.
DNS SERVER TYPES
Primary: A DNS Server can be set up to be a zone transfer server. Zone transfer will allow the DNS Server to query other DNS Servers if it is unable to resolve the request.
Secondary: A secondary DNS Server uses Zone Transfers to collect the DNS database from its Primary DNS Server.
Caching: A Caching DNS Server does not maintain any static DNS records. All of the records are created by resolving DNS queries to a Primary or Secondary DNS SERVER. Caching DNS Servers add redundancy to the DNS namespace.
DNS RECORD TYPES
Mail Exchange(MX): Identifies the host process mail on the server.
CNAME: A method of DNS aliasing. It is normally used to alias a server as www or ftp.
The NSLOOKUP diagnostic tool allowing users to interact with a DNS Server to display resource records from the DNS Servers.
DHCP - DYNAMIC HOST CONFIGURATION PROTOCOL
DHCP is a server based administration utility used to automatically assign IP addresses to clients. DHCP clients communicate with DHCP Servers via BOOTP broadcast messages which can only cross routers if the router is an RFC1542 compliant router, and has BOOTP forwarding enabled. When a DHCP Server recieves a request for an IP address, it selects from a pool of available addresses and offers a lease to the client. If no address exists in the pool, the client cannot initialize TCP/IP.
Configuration information supplied to DHCP clients by a DHCP server include:
IP address
Subnet Mask
Default gateway address
Domain Name Server(DNS) address
NetBIOS Name Server address
DHCP clients automatically attemp to renew their IP address lease after 50% of the lease has expired. It will broadcast to the DHCP Server for a renewal. If the DHCP Server is not available to renew the IP address, the client will wait until 87.5%(7/8) of the lease has expired, and send a broadcast to all DHCP Servers for a renewal.
SCOPES
Scope options are available for using custom settings. A scope is a range of IP addresses for a subnet. There are three options for scope settings:
Global - Changes made here affect all scopes available in the DHCP Server.
Scope - Changes made here affect only the highlighted scope.
Client - Changes made here affect only the specified client.
Client Reservations must be made for DHCP clients that require a static IP address reserved, so that no DHCP clients attempt to take that address, such as Domain controllers, member servers, web servers, etc.
In the scope options, options are available to let DHCP automatically update the client with addressing for WINS Servers, default gateways, etc.
If you have NT Server set up at home, make sure that you get familiar with this box and learn where everything goes when setting up various scopes. You need to be familiar with this dialog box and what information goes where.
DHCP RELAY AGENT
BOOTP (DHCP) relies on broadcast. If a broadcast cannot pass a router, then routers must act as a BOOTP(DHCP) relay agent. On NT Server, this is enabled as a service through control panel, network. If routers do not support BOOP relay, you need a DHCP Server on each subnet.
DNS vs WINS vs DHCP
DNS and WINS are really for doing two different things. But, each has been co-opted to assist the other in some cases and as a last resort. Domain Naming System (DNS) servers, resolve Domain Naming System names (host names) to IP addresses.
Windows Internet Naming Services(WINS) servers resolve NetBIOS names to IP addresses. The NetBIOS protocols require that NetBIOIS nodes 'defend' their name from other machines attempting to use the same name.
Likewise, a 'HOSTS" file resolves DNS names to IP addresses while an "LMHOSTS" file resolves NetBIOS names to IP addresses. So you can see the DNS server maps to the HOSTS file, and the WINS server maps to the LMHOSTS file.
The order of use of these name resolutions is dependent on various host options, check boxes, and the method will be used as a back-up resolution method. Conversely, the DNS server can be selected, or on some OS versions defaults, to backing up the WINS/LMHOSTS resolution for NetBIOS names. The exact order of each separate method is dependent on which NetBIOS node types you are using as well.
The most important advantage of using WINS name resolutions is that WINS is integrated with DHCP. DHCP 'leases' IP addresses to stations when they are initializing their TCP/IP software. This leasing means centrally administered on the DHCP server, and the software will correctly configure the address and other parameters at boot time.
DHCP communicates dynamic assignments to the WINS server, thus making these dynamically assigned addresses resolvable. DNS is largely a fixed, static database. With the integration of WINS and DNS, even DNS clients can participate in this name resolution scheme. DHCP will offer addresses to WINS, which is supporting the DNS server, which means that addresses can be dynamically allocated and resolved with both methods.
SNMP - SIMPLE NETWORK MANAGEMENT PROTOCOL
SNMP is a management tool used to monitor and control remote network devices. It can be used to poll specific information from the agent. SNMP must be installed on a Windows NT computer to enable Performance Monitor to monitor TCP/IP activity to and from your computer.
An SNMP community is a functional group of SNMP agents and managers. Agents recieve requests and report information to the SNMP managers fro the communities the agents belongs to. An SNMP trop is an alert, that under predefined conditions or thresholds, the SNMP agent sends to the SNMP manager.
It is important to understand that the SNMP Manager controls the information that is provided by the SNMP Agent through a series of "GET" commands. TYhe only message initiated by the SNMP Agent is the "TRAP">
SNMP SECURITY
SNMP Agents allow you to set a couple of parameters that are very helpjul in managing your system security.
SEND AUTHENTICATION TRAP - sends a message to the trap destinations if it receives a request with an incorrect community name.
ONLY ACCEPT SNMP PACKETS FROM THESE HOSTS - allows agent to accept only packets from defined hosts. Defined hosts are known by either their IP or IPX addresses or by their host name.
PRINTING IN A UNIX ENVIRONMENT
It is important to understand that the LPD refers to a UNIX print device. LPR is the command issued from a Workstation to print to this device, and LPQ is the command to display the print queue where these print jobs are spooled. In order to print to a UNIX device, you must install TCP/IP Printing Support(DLC)
COMMANDS AND UTILITIES
You need to know what all of these commands and utilities are used for.
NBTSTAT - Displays protocol statistics and current TCP/IP connections using NetBIOS. It is also used to display NetBIOS name cache.
NETSTAT - Display protocol statistics and current TCP/IP connections. Netstat shows statistics since the server was booted.
Netstat
-e = To monitor Ethernet traffic,
-s = TCP/IP UDP stats,
-p = (protocol type) = view stats for a particular protocol,
-r = Show routing (similar to route print),
-a = Displays protocol stats and current activity of tcp and udp ports,
ARP - Used to display and edit the ARP cache. It is
used to resolve IP addresses to hardware addresses.
-a to view arp cache,
-d to purge the contents of the arp cache.
TRACERT - Is used to determine what route a packet takes to get from the source to the destination.
ROUTE - Used to display and edit static routing tables.
IPCONFIG - Quickly displays Windows IP configuration settings.
LPQ - Displays status of a remote LPD print queue.
LPR - Sends a print job to a remote print queue.
PERFORMANCE MONITOR - Monitors network and computer statistics. It is able to log the data and export it for spreadsheet usage.
Performance monitor : Keywords = Chart, Spreadsheet, SNMP, export to other applications
NETWORK MONITOR - Monitors network activity and is able to
capture and look at packets of data sent over the network.
Network monitor : Keywords = Capture, Decode, Analyze, Capture filters, Display
filters, Able to analyze protocols,
IP -> MAC resolution on outgoing packets, Must run on each computer
individually.
JETPACK.EXE - Used to compact the DHCP database when database size exceeds 30MB
FTP - FILE TRANSFER PROTOCOL
FTP is used to transfer files from a computer to a server, or vice versa. FTP is a fast, error free method of communication.
Passwords are always sent to the FTP server unencrypted. To prevent disclosure of passwords, check the box "Allow Anonymous connections only" in the FTP Service properties box within the network properties window. "Allow Anonymous Connections" must first be enabled, by checking its box, before being able to "Allow Anonymous connections only". Default anonymous user names are "Anonymous" and "ftp".
IP ADDRESSING FUNDAMENTALS
A host is a computer or device on a TCP/IP network. Every TCP/IP host is uniquely identified by an IP address. An IP address consists of a network ID and a host ID. If two different hosts belong to the same network, they have the same network ID. The two hosts will have different host ID's and can communicate with each other locally without going through a router. If two host have different network ID's, they belong to different segments on the network. They must communicate with each other remotely through a router or default gateway.
An IP address consists of 32 binary bits, where each bit is either a 0 or 1. We first write the 32 bits into four 8-bit numbers (octets) separated by a period.
Example: 11000001 11100010 00000001 11111100
To convert the IP address form binary to decimal form, we convert each of the four 8-bit numbers according to the following table:
| DECIMAL VALUE | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
| OCTET VALUE | X | X | X | X | X | X | X | X |
So the first octet in the first binary value would be translated as:
| DECIMAL VALUE | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
| OCTET VALUE | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
Everywhere a 1 appears in the table, the decimal value in that column is added to determine the decimal value of the entire octet. 128+64+1=193
Using the same table to translate the other three octets would give us the following result.
11100010 = 128+64+32+2 = 226
00000001 = 1
11111100 = 128+64+32+16+8 = 248
So in decimal form it would be: 193.226.1.248
An IP address consists of two parts. One identifies the network and one identifies the host. The Class of the address determines which part is the network address and which part is the host address.
There are 5 different address classes. Classes can be distinguished by decimal notation of the very first octet. The following Address Class table illustrates how you can determine to which class an address belongs.
| CLASS | FIRST OCTET | NETWORK ID | DEFAULT SUBNET MASK | AVAILABILITY |
| A | 1-126 | first octet | 255.0.0.0 | AVAILABLE |
| B | 128-191 | first 2 octets | 255.255.0.0 | AVAILABLE |
| C | 192-223 | first 3 octets | 255.255.255.0 | AVAILABLE |
| D | 224-239 | N/A | N/A | RESERVED FOR MULTICASTING |
| E | 240-255 | N/A | N/A | RESERVED |
127 is reserved for loopback and is used for internal testing on the local machine.
Using this table we can see the IP address in our above example is a Class C address. We can also see which part of that IP address is the Network ID and which is the Host ID.
NETWORK ID: 193.226.1
HOST ID: 248
Whenever you want to refer to your entire network with an IP address, the host section is set to all 0's(binary=00000000). For example 193.226.1.0 specifies the network for the above address. When the host section is set to all 1's(binary=11111111)=255, it specifies a broadcast that is sent to all hosts on a network. 193.226.1.255 specifies a broadcast address for our example IP address.
SUBNETTING
Memorize this table to determine number of addresses, subnets and block size. The block size is the number of host ID's per subnet.
| SUBNET MASK | MAX SUBNETS | BLOCK SIZE | NUM OF A IP ADDRESSES | NUM OF B IP ADDRESSES | NUM OF C IP ADDRESSES |
| 192 | 2 | 64 | 4,194,302 | 16,382 | 62 |
| 224 | 6 | 32 | 2,097,150 | 8190 | 30 |
| 240 | 14 | 16 | 1,048,574 | 4094 | 14 |
| 248 | 30 | 8 | 524,286 | 2046 | 6 |
| 252 | 62 | 4 | 262,142 | 1022 | 2 |
| 254 | 126 | 2 | 131,070 | 510 | 0 |
| 255 | 254 | 1 | 65,534 | 254 | 0 |
Memorize and write this table down before you take the test as well
| BLOCK SIZE 64 | BLOCK SIZE 32 | BLOCK SIZE 16 |
| 0-63 | 0-31 | 0-15 |
| 64-127 | 32-63 | 16-31 |
| 128-191 | 64-95 | 32-47 |
| 192-255 | 96-127 | 48-63 |
| 128-159 | 64-79 | |
| 160-191 | 80-95 | |
| 192-223 | 96-111 | |
| 224-255 | 112-127 | |
| 128-143 | ||
| 144-159 | ||
| 160-175 | ||
| 176-191 | ||
| 192-207 | ||
| 208-223 | ||
| 224-239 | ||
| 240-255 |
These columns represent the block sizes for the subnets. The addresses in red cannot be used so that's why when you look at the chart above this one you can see a subnet of 192 only has two subnets. The address ranges for the first subnet in the 192 mask would be 64 -127 and in the second address range they would be 128 - 191. You can extend this chart if you want to all the way out to the 1 block size, whatever you feel comfortable with, but these are the main ones here.192.226.1 So if you wanted to take the first example of the network address and subnet it you would end up with 192.226.1.64 through127 and the second subnet would be 192.226.1.128through191. This is a class C address so you would lose the 248 host ID and get the two subnets with hosts on the above address ranges. It's a little confusing but with practice you'll get the hang of it.
To construct this table you just take the block size and start at 0 and then add the block size to it and then subtract 1. So with the 64 block size you go like this. (0 + 64) - 1 = 63. So you've got 0-63. Then you've got (64+64)-1 = 64-127. Or what I do is take the block size, make the columns that you want and then start everything at zero along the top, then just go down the rows until you get to 255. example for the class C.
| block size 64 | block size 64 |
| 0 = | 0 - 63 |
| 64 = | 64 - 127 |
| 128 = | 128 - 191 |
| 192 = | 192 - 255 |
64 + 64 is 128 but 128 is your next starting point so you stop at 127 and on the end 192 + 64 is 256 but there is no 256 so you stop at 255.
Now, the best way to memorize the first table with all the information is to go like this:
| column 1 | column2 | column3 | column4 | column5 | column6 |
| 255 | 254 | 1 | 65534 | 254 | 0 |
| col1-col3 | Half-1 | double | double+2 | double+2 | col3-2 |
So once you've memorized these numbers you need to know these formulas:
(Column 1 minus Column 3) (Half minus 1) (double) (double plus 2) (Column 3 minus Column 2)
So you use the formulas with the numbers and you have the table all filled in like what I did in the beginning.
Look for these key phrases in your scenario questions.. and you will get them
all right
NO HOST = Required +1
HOST = Required Only
Reservation = REQUIRED AND ALL
No Reservation on a DHCP question = Required +1
Static Mappings = Required +1
Static Mappings with DNS and Wins in same sentence... = Required + ALL
PPTP = Required +1