Transcript ch12
Guide to TCP/IP, Third
Edition
Chapter 12:
TCP/IP, NetBIOS, and WINS
Objectives
• Discuss the history of NetBIOS
• Understand what NetBIOS is and its limitations
• Understand the role of NetBIOS in Windows 2000
and higher operating systems
• Understand the significance of NetBIOS over
TCP/IP on your network
• Understand how NetBIOS works
TCP/IP, NetBIOS, and WINS
2
Objectives (continued)
• Explore NetBIOS names, including structure and
types
• Explore the various ways of registering and
resolving NetBIOS names
• Understand naming conventions associated with
NetBIOS over TCP/IP
• Understand how NetBIOS names must change to
work with DNS name resolution
TCP/IP, NetBIOS, and WINS
3
Objectives (continued)
• Set up a WINS server for your network
• Integrate WINS services with DNS
• Troubleshoot WINS and NetBIOS errors with
commonly used tools
TCP/IP, NetBIOS, and WINS
4
History of NetBIOS
• NetBIOS
– Developed by Sytek in 1983
– Adopted by IBM and Microsoft for naming network
resources on small peer-to-peer networks
– Original was an Application Programming Interface
(API) used to call network resources
• NetBIOS Extended User Interface (NetBEUI)
– Extension of NetBIOS
TCP/IP, NetBIOS, and WINS
5
What is NetBIOS (and Why Do I care)
• NetBIOS operates by
– Maintaining a list of unique names assigned to
network resources
– Providing the services to establish, defend, and
resolve these names
– Carrying the needed communications between
applications that make use of these network
resources
TCP/IP, NetBIOS, and WINS
6
How Windows 2000, Windows XP, and
Windows Server 2003 Work with
NetBIOS
• Windows 2000
– First Microsoft operating system to use DNS
• When upgrading servers to Windows 2000 Server
or Windows Server 2003
– Determine if you will still need to support NetBIOS
names on your network
• If uncertain if your network requires NetBIOS
support
– You can use the WINS performance monitor counter
TCP/IP, NetBIOS, and WINS
7
NetBIOS and TCP/IP
• Using DNS Only
– Preferred form of networking in an all-Windows 2000
and/or Windows XP environment
• Direct hosting of the (SMB) protocol
• Using NBF Only
– To deliberately restrict resource sharing only to the
local network segment
• Bind Windows File and Print Sharing to NBF, but not
to TCP/IP
TCP/IP, NetBIOS, and WINS
8
Combining TCP/IP and NetBIOS
• NetBT or NBT
– NetBIOS over TCP/IP
• NetBIOS names
– Can be resolved by any of several combinations of
methods
• Default configuration for Windows 2000 and
Windows XP machines
– Have both NetBT and NBF enabled
TCP/IP, NetBIOS, and WINS
9
TCP/IP, NetBIOS, and WINS
10
How Does NetBIOS Work?
• NetBIOS
– Takes advantage of simple naming, address
handling, and message formatting conventions
– Supports connectionless datagrams as well as
connection-oriented session frames
– Supports simple name registration and challenge
mechanisms
TCP/IP, NetBIOS, and WINS
11
NetBIOS Traffic
• Consists of NetBIOS frames of one of two types
– Datagrams or session frames
• NetBIOS sessions
– Used in situations that require a reliable connection
• When NetBIOS is run over TCP/IP as NetBT
– Datagrams are carried in UDP packets and session
frames are carried in TCP packets
TCP/IP, NetBIOS, and WINS
12
How Does NetBIOS Work?
• Registering and Challenging NetBIOS Names
– Registration
• Process of asserting that a name exists and belongs
to a particular computer, user, process, or group
• Categories of name resolution methods
– Look up in a list of names on the local machine
– Broadcast queries on the local subnet
– Direct queries to name servers
TCP/IP, NetBIOS, and WINS
13
Other NetBIOS Services
• Name services
– The most important NetBIOS services
• NetBIOS datagram and session services
– Used by applications such as Applications such as
the Network Browser, LAN Manager
TCP/IP, NetBIOS, and WINS
14
TCP/IP, NetBIOS, and WINS
15
NetBIOS Names
• Based on
– User name during logon
– Information configured for the specific computer in
the Network applet in Control Panel
• NetBIOS names are of two general types
– Unique names and group names
• Unique names
– Resolve to a single address
TCP/IP, NetBIOS, and WINS
16
Structure of NetBIOS Names
• Group names
– May resolve to multiple addresses
• NetBIOS names
– 16 characters long, divided into two parts
– First 15 characters are the name itself
– Last character is a code describing the class of
resource to which the name belongs
TCP/IP, NetBIOS, and WINS
17
TCP/IP, NetBIOS, and WINS
18
TCP/IP, NetBIOS, and WINS
19
NetBIOS Scope Identifier
• NetBIOS
– Provides the NetBIOS scope identifier
• Scope identifier
– Adds a character string to end of the name,
separated from rest of name by a period (.)
• NetBIOS scope
– Identifies a logical community of network hosts
• DHCP scope
– Identifies a range of IP addresses that a DHCP
server can assign to clients
TCP/IP, NetBIOS, and WINS
20
NetBIOS Name Registration and
Resolution
• NetBIOS names are registered and resolved using
–
–
–
–
Node type
NetBIOS name cache and the LMHOSTS file
WINS servers configured as NetBIOS Name Servers
DNS and the HOSTS file
TCP/IP, NetBIOS, and WINS
21
Name Resolution Regimes by Node
Type
• Four basic types of NetBIOS nodes
–
–
–
–
Broadcast node (b-node)
Peer node (p-node)
Mixed node (m-node)
Hybrid node (h-node)
TCP/IP, NetBIOS, and WINS
22
NetBIOS Name Cache and LMHOSTS
File
• NetBIOS name cache
– Temporary file that resides in memory, pairing
NetBIOS names and IP addresses
• Names in the NetBIOS name cache
– Times out after 10 minutes, by default
• LMHOSTS file
– Plain text file that resides in the <windows
root>\system32\drivers\etc directory
TCP/IP, NetBIOS, and WINS
23
WINS Name Registration and
Resolution
• WINS servers
– NetBIOS Name Servers that set up and maintain
database of NetBIOS names and their associated IP
addresses
– Do not participate in broadcast or b-node name
registration and resolution
• WINS servers
– Support a special name registration regime called
burst mode
TCP/IP, NetBIOS, and WINS
24
DNS and The HOSTS File
• Preferred configuration for Windows 2000 and
Windows XP clients
– Is to use DNS for name resolution
• HOSTS file
– Static list of IP name and address pairs, located in
the <windowsroot>\system32\driver\etc directory
TCP/IP, NetBIOS, and WINS
25
NetBIOS Over TCP/IP
• To coexist with TCP/IP, NetBIOS had to
accommodate TCP/IP’s conventions
– NetBIOS scope identifier was added as a sort of
analog of the TCP/IP domain
– Set of steps created to make NetBIOS names and
commands transportable over a TCP/IP connection
TCP/IP, NetBIOS, and WINS
26
TCP/IP, NetBIOS, and WINS
27
NetBIOS and DNS Name Resolution
• To convert NetBIOS name into name that is
recognizable and routable by DNS
– NetBIOS name had to become a usable host name
– Domain portion of the name had to be added
TCP/IP, NetBIOS, and WINS
28
Creating a Usable Host Name from a
NetBIOS Name
• NetBIOS name
– Has to be restated in a way that replaces any
characters not recognizable by DNS
• DNS names must be printable
• In the ASCII code set
– None of these characters is printable
TCP/IP, NetBIOS, and WINS
29
TCP/IP, NetBIOS, and WINS
30
Converting an Encoded NetBIOS
Name to a Fully Qualified Domain
Name
• To convert the (translated) NetBIOS name into a
fully qualified domain name (FQDN)
– Domain portion of name has to be added as well
• NetBIOS scope identifier
– User-configurable string
– Adds only one level of hierarchy
• Internet domain names
– Regulated and restricted
– Conform to a deeper and rigorously enforced
hierarchy
TCP/IP, NetBIOS, and WINS
31
TCP/IP, NetBIOS, and WINS
32
WINS Servers
• WINS
– A server service
– Runs under Windows NT Server, Windows 2000
Server, or Windows Server 2003
• WINS server
– Registers NetBIOS names and IP addresses
– Can be configured to return the IP address
associated with a resource name or
– The NetBIOS names associated with an IP address
TCP/IP, NetBIOS, and WINS
33
Different WINS Configurations
• WINS servers
– Can be deployed in several different ways to meet
the needs of different networks
• Netsh command-line tool in Windows Server 2003
– Helpful for WINS servers over WAN links to better
manage slower network connections
TCP/IP, NetBIOS, and WINS
34
Different WINS Configurations
(continued)
• Administrator-level access to the WINS server
allows you to
– Check server statistics
– Check the database and version numbers for
consistency
– Mark records for eventual deletion (called
“tombstoning” the records)
– Remove old records (scavenge the database)
TCP/IP, NetBIOS, and WINS
35
WINS Proxy
• WINS clients
– Available for recent versions of DOS, OS/2, and all
versions of Windows
– Available for Linux and UNIX machines running
Samba
• You can configure any Windows 2000, Windows
Server 2003, or Windows XP computer to
– Be a WINS proxy by setting the Enable Proxy
parameter in the Registry to 1
TCP/IP, NetBIOS, and WINS
36
TCP/IP, NetBIOS, and WINS
37
Integrating WINS and DNS
• The Microsoft DNS server implementation (MS
DNS)
– Can be configured to use WINS to resolve NetBIOS
names in the primary or root zone domain
• MS DNS
– Cannot resolve NetBIOS names that are not direct
children of the zone root or primary DNS domain
TCP/IP, NetBIOS, and WINS
38
TCP/IP, NetBIOS, and WINS
39
TCP/IP, NetBIOS, and WINS
40
Reverse DNS Lookup for NetBIOS
Names
• MS DNS servers in the in-addr.arpa domain
– Provide reverse lookup
• MS DNS servers in the reverse look-up zone root
– Can be configured to use WINS-R to find NetBIOS
resources associated with an IP address
• WINS server
– Uses a NetBIOS Adapter Status Query to find the
name(s) associated with a given IP address
TCP/IP, NetBIOS, and WINS
41
Windows Server 2003 WINS
Improvements
• Two improvements in WINS have been added to
Windows Server 2003
– Filtering records
– Accepting replication partners
• With improved filtering and search functions
– You locate records by showing only the records
fitting the criteria you specify
TCP/IP, NetBIOS, and WINS
42
Troubleshooting WINS and NetBIOS
• Errors in Windows name resolution fall into two
broad categories
– Outright failure
– Degradation of service
• Accumulation of several instances of degradation
– Seldom leads to outright failure of the service
TCP/IP, NetBIOS, and WINS
43
NBTSTAT
• Command-line program that returns statistics on
NetBIOS
• A fast way to check the status of a particular
NetBIOS host, or
– Get a quick snapshot of NetBIOS name resolution
activity on the local network segment
TCP/IP, NetBIOS, and WINS
44
WINS and DNS Consoles
• WINS Console
– Can search for active registrants by name or owner
• DNS Console in Windows 2000 and Windows
Server 2003
– More geared to monitoring and system diagnostics
than the WINS server
• WINS operating parameters
– Are stored in a Management Information Base (MIB)
TCP/IP, NetBIOS, and WINS
45
Typical Errors in NetBIOS and WINS
• Misconfiguration of end nodes due to user error
• Incorrect network logon due to user error
• Wrong node type due to user error or
misconfigured DHCP
• Timeouts set too low to allow for network latency
• Unwanted traffic due to misconfiguration of end
nodes and/or servers, or client/server topology
TCP/IP, NetBIOS, and WINS
46
Security Flaw in NetBIOS
• Security Bulletin MS03-034
– Details flaw in NetBIOS that could result in
disclosure of information from your computer
• Operating systems are affected
–
–
–
–
–
Windows NT 4.0
Windows NT 4.0 Terminal Server Edition
Windows 2000
Windows XP
Windows Server 2003
TCP/IP, NetBIOS, and WINS
47
Summary
• NetBIOS
– Native Windows approach to networking
• NetBIOS and NetBEUI (NBF)
– Use a flat namespace and are inherently nonroutable
• NetBIOS name can be resolved in three ways
– Look it up in a locally held list
– Ask the server (WINS, DNS, or Samba), or
– Ask the whole local network segment
TCP/IP, NetBIOS, and WINS
48
Summary (continued)
• NetBIOS and WINS services
– Typically used in a mixed-network environment
• Windows networking clients or end nodes
– Can be configured to use one of four basic regimes
of name registration and resolution
• WINS servers
– Are like DNS servers designed to serve only the
NetBIOS namespace
TCP/IP, NetBIOS, and WINS
49