guide to tcp/ip, second edition

Guide to TCP/IP, Second Edition 1

Guide To TCP/IP, Second Edition

Chapter 12

TCP/IP, NETBIOS, And WINS


Objectives

• Discuss the history of NetBIOS• Understand what NetBIOS is and its limitations• Understand the role of NetBIOS in Windows 2000

and higher operating systems• Understand the significance of NetBIOS over

TCP/IP on your network• Understand how NetBIOS works


Objectives (cont.)

• Explore NetBIOS names, including structure and types

• Explore the various ways of registering and resolving NetBIOS names

• Understand naming conventions associated with NetBIOS over TCP/IP

• Understand how NetBIOS names must change to work with DNS name resolution

• Set up a WINS server for your network


Objectives (cont.)

• Integrate WINS services with DNS

• Troubleshoot WINS and NetBIOS errors with commonly used tools


History Of NetBIOS

• Developed by Sytek in 1983

• Adopted by IBM and Microsoft

• Small peer-to-peer networks

• Protocol and Application Programming Interface (API)

• NetBEUI and NetBT


What is NetBIOS (And Why Do I Care)?

• Maintains a list of unique names assigned to network resources

• Named resources include– Files– Services– Users– Computers– Workgroups and domains

• Names not addresses


How Windows 2000/ XP, And Windows Server 2003 Work With NetBIOS

• Windows 2000 and later use DNS as the preferred method of resolving names

• Enable NetBIOS name resolution for older versions of Windows

• WINS server• NetBIOS over TCP/IP• Windows Server 2003 DNS services are

compatible with WINS


NetBIOS and TCP/IP

• Using DNS only

• Using NBF only

• Combining TCP/IP and NetBIOS– NetBT and NBF enabled by default on

Windows 2000 and Windows XP

• WINS integrated with DNS

• LMHOSTS


NetBIOS and TCP/IP (cont.)

• NetBIOS emulator

• CIFS

• SMB

• Dynamic link library

• Network Driver Interface Specification (NDIS)


NetBIOS and TCP/IP (cont.)


How Does NetBIOS Work?

• NetBIOS takes advantage of– Simple naming– Address handling– Message format conventions

• NetBIOS supports– Connectionless datagrams– Connection-oriented session frames


How Does NetBIOS Work? (cont.)

• NetBIOS traffic– Datagrams

• Connectionless “announcement” type traffic

• Request and Response

– Session frames• Connection-oriented

• Interaction with a process running on another host



• Registering and Challenging NetBIOS Names– Name Registration Request packet

– Negative Name Registration Reply

• NetBIOS name resolution– Three categories

• Look up list of names on local host

• Broadcast queries on the local subnet

• Direct queries to name servers

• Other NetBIOS services


NetBIOS Names

• NetBIOS names are base on– Username during logon

– Information configured for the specific computer

• Structure of NetBIOS names– Two general types

• Unique names

• Group names

– 16 characters long


NetBIOS Names (cont.)

• NetBIOS name types and suffixes– NetBIOS names end with a one-character (2-

byte) suffix• Service or function called by that name

• Range from 00 to FF

• NetBIOS scope identifier– Back door to add further differentiation to

resource names


NetBIOS Name Registration And Resolution

• NetBIOS names are registered and resolved using a variety of methods– Node type– NetBIOS name cache and the LMHOSTS file– WINS servers configured as NetBIOS Name

Servers– DNS and the HOSTS file


Name Resolution Regimes by Node Type

• B-Node (Broadcast Node)– b-node registers and resolves names by using only

broadcasts

• P-Node (Peer Node)– p-node attempts to register and resolve names using the

local WINS server

• M-Node (Mixed Node)– The m-node is a mixture of the first two node types


Name Resolution Regimes by Node Type (cont.)

• H-Node (Hybrid Node)– h-node is a hybrid that uses the p-node method

first and the b-node type second

• Enhanced B-Node– First uses the NetBIOS name cache, then the

LMHOSTS file, then tries normal b-node


NetBIOS Name Cache and LMHOSTS File

• NetBIOS name cache– Temporary file

– Resides in memory

– NetBIOS name to IP addresses

• LMHOSTS file– Plain text file

– Lists NetBIOS name to IP addresses

– Edit with plain text editor

– <windows root>\system32\drivers\etc


DNS And HOSTS File

• DNS is the preferred method of name resolution for Windows 2000 and Windows XP

• Some applications or clients attempt to resolve names with the HOSTS file

• HOSTS file lists IP name and IP address pairs• UNIX and Linux name resolution order

– Local host– HOSTS file– DNS– NetBIOS


NetBIOS Over TCP/IP

• NetBIOS had to accommodate TCP/IP’s conventions

• NetBIOS scope identifier was added

• Had to create a set of steps to make NetBIOS names and commands transportable—and translatable—over a TCP/IP connection


NetBIOS Over TCP/IP (cont.)


NetBIOS And DNS Name Resolution

• Creating a usable host name from a NetBIOS name– DNS name must be printable

– Encode NetBIOS names in 32-character ASCII string composed of capital letters “A” through “P”

• Converting an encoded NetBIOS name to a Fully Qualified Domain Name– Domain portion of the name had to be added

– NetBIOS scope identifier


NetBIOS And DNS Name Resolution (cont.)


Tools For Troubleshooting NetBIOS And WINS Problems

• NBTSTAT

• WINS and DNS Consoles

• Packet Analyzers


Tools For Troubleshooting NetBIOS And WINS Problems (cont.)



• Typical errors in NetBIOS and WINS– Misconfiguration of end nodes due to user error

– Incorrect network logon due to user error

– Wrong node type due to user error or misconfigured DHCP

– Timeouts set too low to allow for network latency

– Unwanted traffic due to misconfiguration of end nodes and/or servers, or client/server topology


• Typical errors in NetBIOS and WINS (cont.)– Malicious errors (intrusion, node

masquerading, forced name releases)– Unusual numbers of forced name releases due

to incorrect end node shutdown– Bogged-down servers due to incorrect

configuration or topology

• Security flaws in NetBIOS



Chapter Summary• NetBIOS was the native Windows approach to

networking, and it is still woven deep into the Windows approach to sharing network resources

• Whatever the theory or hope for the future, NetBIOS is still virtually indispensable in the Windows environment

• NetBIOS and NetBEUI (NBF) use a flat namespace and are inherently nonroutable

• NetBIOS must be bound to a routable network protocol such as TCP/IP (as NetBT or NBT) to be used across network boundaries


Chapter Summary (cont.)

• A NetBIOS name can be resolved in three ways: look it up in a locally held list, ask the server (WINS, DNS, or Samba), or ask the whole local network segment (using a broadcast)

• For a small network with static addresses and stable names, a list works well

• For larger networks or dynamic networks of any size, lists are impractical

• Again, for smaller networks with all end nodes on a single segment or subnet, broadcast name resolution may work well



• On larger networks, or networks requiring sharing across network boundaries, broadcasts do not work

• That leaves resolution through a name server as the only viable choice for larger networks, or for networks spread across multiple subnets

• The primary NetBIOS Name Server is WINS, but Microsoft's version of DNS can also use WINS to resolve NetBIOS names



• NetBIOS and WINS services are typically used in a mixed-network environment with Windows 2000 and Windows XP computers, as well as pre-Windows 2000 machines

• Pre-Windows 2000 machines use NetBIOS name resolution to communicate with other computers and to browse for and identify services

• However, even in an exclusive Windows 2000 and XP environment, NetBIOS and WINS might still be necessary for applications such as Network Browser, LAN Manager, Exchange, Systems Management Server (SMS), or Lotus Notes to use NetBIOS datagram and session services, as well as name services2



• Windows networking clients or end nodes can be configured to use one of four basic regimes of name registration and resolution

• These are referred to as the “node type” for the end node• WINS servers are like DNS servers designed to serve only the

NetBIOS namespace• When Microsoft’s own DNS servers are configured to query WINS to

resolve NetBIOS names, they begin to combine the best of both worlds

• Remember, however, that MS DNS can only resolve NetBIOS names for the zone root

• NetBIOS names only understand one network—this network

guide to tcp/ip, second edition

Documents

tcpip cont

netbios errors

namesenable netbios

netbios worksguide

significance of netbios

role of netbios

editionnetbios names

editionhow windows