TechTutorials - Free Computer Tutorials  

TCP/IP Guide 

Added: 01/19/2001, Hits: 2,965, Rating: 0, Comments: 0, Votes: 0
Add To Favorites | Comment on this article
TCP/IP Addressing
Static Routing
Host Names

Local IP Address
When 2 computers try to communicate, an ARP request is initiated. If the IP address is on the local network, the source host checks its ARP cache to see if it already has the hardware address(MAC address) of the receiving host. If not, a broadcast is sent to all local hosts. If the receiving host finds that the IP address of the source host matches it's own then it sends a reply to the source host with it's hardware address. When received by the source host, it's ARP cache is updated to include this info. If no hosts respond to the broadcast then the request is discarded.

Remote IP Address
This is a little different. When the destination address is found to be a remote host, the source host checks the local routing table for a path to the recieving host. If one is not found then a broadcast is sent to the router(gateway). The router replies with its hardware address and then the packet is sent to the router. Essentially the router follows the same pattern. It checks its cache for a path to the recieving host. If one is found then it fowards the packet. If not, it sends a broadcast and waits for a reply from the host. It may again determine that it is a remote host and then the process repeats with a broadcast to the next router and so on and so forth. Once the recieving host gets the request, it sends an ICMP echo request.

Would You Like to Know More?
ARP entries can be static or dynamic. If a dynamic entry is not used within 2 minutes then it is deleted. If it is used then it will remain for 10 minutes. A static entry will hang around until the computer is rebooted, it is deleted with arp -d, or a new hardware address is received via broadcast in which case the entry becomes dynamic.

ARP Commands
1) arp -a or arp -g
Both of these commands do the same thing. They display the contents of your current arp cache.
2) arp -s ip_address hardware_address
This commands a static entry to the arp cache.
3) arp -d ip_address
Removes and entry from the arp cache.

IP is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP.

IP Header Structure
  • VERSION: This field uses 4 bits to denote the version of IP.

  • HEADER LENGTH: 4 bits denote the number of 32-bit words in the header. Them minimum length is 20 bytes.

  • TYPE OF SERVICE: 8 bits that indicate the quality of service that the packet should receive. Includes precedence, delay, throughput and reliability.

  • TOTAL LENGTH: 16 bits denote the total length of the packet.

  • IDENTIFICATION: 16 bits are used as a unique identifier so the packet can be reassembled in the event that it is fragmented.

  • FRAGMENTATION FLAGS: 3 bits used in the fragmentation process.

  • FRAGMENT OFFSET: 13 bits used to determine the location of the fragment in regards to the original IP packet.

  • TIME TO LIVE(ttl): 8 bits that indicate the maximum number of hops that a packet can travel before being thrown away. Asleep yet?

  • PROTOCOL: 8 bits are used to identify the original upper-layer protocol used.

  • HEADER CHECKSUM: 16 bits used to check for errors in the header only.

  • SOURCE ADDRESS: 32 bits that indicate the IP address of the sending host.

  • DESTINATION ADDRESS: 32 bits that indicate the IP address of the receiving host.

  • OPTIONS AND PADDING: stores IP options.

As opposed to IP, TCP is connection oriented and assures reliable delivery of packets. When the destination host receives a segment it sends back an acknowledgement(ack). If an ack is not received by the source host within a certain period of time then the data is retransmitted. TCP uses sockets and ports to exchange data between applications. Ports provide a specific and universal location for message delivery, while sockets use the host ip address, port number and the type of service (TCP or UDP) to create a reliable connection. TCP uses sliding windows to buffer data between hosts. A buffer that is too large or small can cause poor network performance.

Three-way Handshake
A TCP session begins with a three-way - Handshake that is. This process synchronizes the sending and receiving of data.
  1. The source host sends a segment with the SYN flag set "on".

  2. The destination host sends a reply with SYN flag "on", a sequence number and an ACK that relays the next packet that the destination host is expecting.

  3. The source host sends and ACK with received sequence number and an acknowledgement number. The session is ended with a similar process.

TCP Header Structure
  • SOURCE PORT: This is the TCP port of the source host.

  • DESTINATION PORT: TCP port of receiving host

  • ACKNOWLEDGEMENT NUMBER: The sequence number of the packet that the recieving host is expecting next.

  • DATA LENGTH: Length of segment

  • RESERVED: Crappy explanations everywhere so it must not be important.

  • FLAGS: Denotes the content of the segment

  • WINDOW: Specifies how much space is left in the TCP window.

  • CHECKSUM: Makes sure that the header is not corrupted.

  • URGENT POINTER: If there is a flag in the flags section that indicates that there is urgent data included, this field shows where the end of this urgent data is.

UDP is a connectionless service that sends small amounts of data at one time and does not guarantee delivery. It is commonly used with applications such as NETSTAT, TFTP, SNMP, NETBIOS name service and NETBIOS datagram service. Like TCP, UDP uses ports to provide the location to send packets.

Header Structure
  • SOURCE PORT: UDP port of the source host

  • DESTINATION PORT: UDP port of receiving host

  • MESSAGE LENGTH: The total size of the UDP packet.

  • CHECKSUM: Verifies that the header is intact.

Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts on the same network must have the same netid. Each of these hosts must have a hostid that is unique in relation to the netid. IP addresses are divided into 4 octets with each having a maximum value of 255. We view IP addresses in decimal notation such as, but it is actually utilized as binary data so one must be able to convert addresses back and forth.

Converting IP Addresses
DECIMALBINARYWhen converting binary data to decimal, a "0" is equal to 0. "1" is equal to the number that corresponds to the field it is in. For example, the number 213 would be 11010101 in binary notation. This is calculated as follows: 128+64+0+16+0+4+0+1=213. Remember that this only represents 1 octet of 8 bits, while a full IP address is 32 bits made up of 4 octets. This being true, the IP address would look like 11010101 10000000 01000100 10000010.

A1-126IP addresses can be class A, B or C. Class A addresses are for networks with a large number of hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium to large networks with the first 2 octets making up the netid and the remaining 2 are the hostid. A class C is for smaller networks with the first 3 octets making up the netid and the last octet comprising the hostid.

A subnet mask blocks out a portion of an IP address and is used to differentiate between the hostid and netid. The default subnet masks are as follows:
Class A255.0.0.012616,777,214
Class B255.255.0.016,38465,534
Class C255.255.255.02,097,152254

In these cases, the part of the IP address blocked out by 255 is the netid.

Would You Like to Know More?
The table above shows the default subnet masks. What subnet mask do you use when you want more that 1 subnet? Lets say, for example, that you want 8 subnets and will be using a class C address. The first thing you want to do is convert the number of subnets into binary, so our example would be 00001000. Moving from left to right, drop all zeros until you get to the first "1". For us that would leave 1000. It takes 4 bits to make 8 in binary so we add a "1" to the first 4 high order bits of the 4th octet of the subnet mask(since it is class C) as follows: 11111111.11111111.11111111.11110000 = There is our subnet mask.
Lets try another one...Lets say that you are the network administrator for a chain of dry cleaning stores in New York and you have stores in 20 different neighborhoods and you want to have a separate subnet on your network for each store. It will be a class B network. First, we convert 20 to binary - 00010100. We drop all zeros before the first "1" and that leaves 10100. It takes 5 bits to make 20 in binary so we add a "1" to the first 5 high order bits which gives: 11111111.11111111.11111000.00000000 = The following table shows a comparison between the different subnet masks.


A router or gateway is a hardware device that fowards packets from one logical network to another. IP uses a routing table to determine which networks that packets can be forwarded to and will only forward them to networks that it has been configured to do so. When a packet is to be sent, IP determines whether or not the IP address is local or remote. If it is local, it forward the packet. If it is remote, it consults the routing table to determine the path to the remote host. If there is no entry in the routing table, then the default gateway is used instead. The routing table is checked at the router and the process repeats. A packet can be forwarded from router to router. Each one of these steps is called a "hop". If a route to the remote host is never found then an error message will return. On NT, multiple gateways can be configured and if "Dead Gateway Detection" is set to "on" then IP will attempt to use the next default gateway.

Would You Like to Know More?
Routing can be either static or dynamic. Static routing involves manually programming the routing table into the router. If you have a large network, this can be a real hassle especially if your network constantly changes and the tables have to keep getting updated. Let's look at how this all works...

In this example you can see that our router is actually a computer. If one adds 2 network adapters to an NT server, it can be used as a router. A computer that acts as a router in this way is called multihomed. The default gateway of Host A in this example would be the local side of the router which would be Conversely, Host B's gateway would be

Route Commands
  • route add (IP_Address) mask (Subnet_Mask) (Gateway_address) - Add a route.

  • route -p add (IP_Address) mask (Subnet_Mask) (Gateway_address) - Add a persistent route. This type of entry is stored in the registry and are not affected by a power cycle.

  • route delete (Subnet_Mask) (Gateway_address) - Delete a route.

  • route change (Subnet_Mask) (Gateway_address.) - Change a route.

  • route print - Shows the contents of the routing table.

  • route -f - Erases all routes.

This is a continuation of the routing discussion, but now we will be focusing on dynamic routing which uses the Routing Information Protocol(RIP). RIP measures the distance from source to destination by counting the number of hops(routers or gateways) that the packets must travel over. RIP sets a maximum of 15 hops and considers any larger number of hops unreachable. RIP's real advantage is that if there are multiple possible paths to a particular destination and the appropriate entries exist in the routing table, it will choose the shortest route. Like me, RIP is all about the path of least resistance. RIP uses an update interval which broadcasts its routing table over UDP port 520 after a specified period of time. Here is how it works...
OK...Router 1 and router 2 would broadcast their routing tables to each other every x seconds depending on what the update interval is set to. Each router would then add any new routes to its table. If a route already exists then the router would see if the new route has less hops then the one it currently has stored.

Would You Like to Know More?
The Microsoft text claims that RIP is best used on smaller networks. This is because larger networks can have a crap-load of entries in their routing table. Due to the fact that RIP packets can be a maximum of 512 bytes, larger tables would have to be sent as multiple packets which can bog down the network.

DHCP stands for Dynamic Host Configuration Protocol and provides a solution that automatically assigns IP addresses to computers on a network. When a client is configured to receive an IP address automatically, It will send out a broadcast to the DHCP server requesting an address. The NT server will then issue a "lease" and assign it to that client. The time period that a lease will last can be specified on the server. Some of the benefits of DHCP include the following:
  • Prevents users from making up their own IP addresses.

  • Prevents incorrect gateway or subnet masks from being entered.

  • Decreases amount of time spent configuring computers especially in environments where computers get moved around all the time.

  • Handy in situations where you have a large sales staff that work remotely. On that one day they bring their laptops and they can just plug them into the network and they are all set.

How Does This Crazy Thing Work?
It all happens in 4 steps.
  1. The client sends a broadcast that says "Hey, I need an IP address over here". Since it is not configured for TCP/IP yet it uses a source address of and a destination address of The broadcast contains the computer's name and the MAC address so the DHCP server knows where to reply. This is called the IP lease request.

  2. The DHCP server/s send an offer. This broadcast contains the IP address, client's hardware address, subnet mask, duration of lease and the IP address of the responding DHCP server. This process is called a IP lease offer.

  3. The client takes a look at the first offer that it receives and sends a message to all DHCP servers to let them know that it has chosen an offer. This is known as the IP lease selection.

  4. The DHCP server then sends an ack to the client, all other DHCP servers withdraw their offers and cry in the corner and the clients now have an IP address. If an unsuccessful ack is received then the client sends out another lease request.

Easy eh? For all of you registry nuts, the client stores its IP info in:

Lease Renewal
DHCP clients will attempt to renew their leases when %50 of the lease has expired. The client will send a DHCPREQUEST message to the server that assigned the lease. Assuming the DHCP server isn't on fire or anything it will send out a DHCPACK with the new lease. If the server is unavailable, then the client can continue functioning as it has %50 remaining still. The client will continue as normal until the lease reaches %87.5 used at which time it broadcast to all DHCP servers and attempt to get a new lease. If the client receives a DHCPNACK message or the lease expires then the client must start all over again and will get a different IP address. If the lease expires and the client is unable to get a new one then the user will be whining to their IS dept. about it because they will not be able to communicate over the network.

Below are the ipconfig switches that can be used at a command prompt.
  • ipconfig /all will display all of your IP settings.

  • ipconfig /renew forces the DHCP server, if available to renew a lease

  • ipconfig /release forces the release of a lease.

Setting Up a DHCP Server
We have discussed how DHCP works for the clients, so now we should look at what happens on the rest of the network. First question to ask yourself is how many subnets will the DHCP server serve. If it is more than 1 then you have to make sure that all routers are configured as DHCP relay agents or else only the local subnet will get leases. Next the "scope" needs to be defined. If there multiple DHCP servers then each one will need to have a unique scope of IP addresses since DHCP servers do not share information about leases with each other. According to Microsoft, each DHCP server should be configured with %75 of the scope reserved for the local subnet and the remaining %25 for remote subnets. This provides redundancy in case a client can't obtain a lease from the local server, then it can get one from a remote server. Also, keep in mind that a DHCP server cannot also be a DHCP client, meaning that the DHCP server must have static entries for its IP settings. Below are the basic steps to set up a DHCP server:

  1. The DHCP server service must be installed.

  2. A scope must be defined. Note that each DHCP server must have unique scopes defined or else duplicate IP addresses may be assigned. There are 3 scope options:
    • Global - This option is used when all DHCP clients will use the same IP setting, such as the same subnet mask.

    • Scope - These options are only available to clients that are using an address specified by the scope.

    • Client - Used for clients that use reserved addresses.

  3. The server may be configured to always assign a particular address to a client.

  4. "Map out" any static IP addresses on the network in the "exclusion range" fields.
    The DHCP server database is backed up every hour(default) and can be restored when needed. It can also be compacted in order to keep it running efficiently. NT 4.0 does this automatically, whereas it must be done manually with earlier versions of NT.

DHCP Relay Agent
This service is used when routers separate clients from a DHCP server. An NT server on the same subnet as the clients can be configured so that it automatically sends all DHCP messages directly to the DHCP server. Included in the message to the server is the address of the originating client so that the DHCP server can respond directly back to the client. This service is basically a middle-man.

Get ready, because it is time to take it to the next level. When talking about Netbios, we typically refer to the concept of a Netbios Name which is the name assigned to your computer. Netbios allows applications to talk to each other using protocols such as TCP/IP that support Netbios. Netbios is also a session/transport layer protocol that is typically seen in other forms such as Netbeui and NetBT. These are the main functions that Netbios serves:
  • Starting and stopping sessions.

  • Name registration

  • Session layer data transfer(reliable)

  • Datagram data transfer(unreliable)

  • protocol driver and network adapter management functions.

A Netbios name is either a unique name or a group name, the difference being that a unique name is is used for communication with a specific process on a computer, whereas a group name is for communication with multiple clients. Netbios name resolution resolves a computer's Netbios name to an IP address. Microsoft offers several different ways to resolve Netbios names and each will be disscussed below.
  • LOCAL BROADCAST - If the destination host is local, then first the Netbios name cache is checked and a broadcast is not sent. If it is not found here, then a name query broadcast is sent out that includes the destination Netbios name. Each computer that receives the broadcast checks to see if it belongs to the name requested. The computer that owns the name then uses ARP to determine the MAC address of the source host. Once obtained a name query response is sent. NOTE: Some routers do not support the fowarding of these broadcasts as they use UDP ports 137 and 138.

  • NETBIOS NAME SERVER - When using a Netbios name server, the cache is checked first and if the name is not found the destination host's name is sent to the name server. After the name server resolves the name to an IP address, it is returned to the source host. When the source host receives the information it uses ARP to resolve the IP address of the destination host to it's MAC address.

  • LMHOSTS FILE - More on this later...

  • HOSTS FILE - More on this later...

  • DNS - More on this later...

NBSTAT Commands
  • nbstat -n - Lists all registered Netbios names.

  • nbstat -c - Shows the Netbios cache.

  • nbstat -R - Reloads the Netbios name cache from the lmhosts file.

An lmhosts file is a text file that is used to manually configure Netbios names. In NT, it is located in the system32DriversEtc directory. The file is configured with the keywords listed below:
  • #PRE - Denotes entries to be preloaded to the cache, which cuts down on broadcast traffic.

  • #DOM:domain name - provides logon validation, browsing and account syncronization.

  • #BEGIN_ALTERNATE and #END ALTERNATE - Provides alternate locations for other lmhosts files using a UNC path.

  • #INCLUDE - Uses Netbios entries located in a different lmhosts file such as one that is centrally shared.

  • #MH - For multi-homed computers, this adds extra entries.

Each entry in the lmhosts file must be unique, have a valid IP address for the Netbios name and be spelled correctly.

Microsoft's definition of WINS is "An enhanced NetBIOS Name Server(NBNS) designed by Microsoft to eliminate broadcast traffic associated with the B-node implementation of NetBIOS over TCP/IP. It is used to register NetBIOS names and resolve them to IP addesses for both local and remote hosts." If a WINS server is configured, then name resolution requests are sent directly to it and in turn the WINS server will send the IP address to the requesting client. If the WINS server can't resolve the name for some reason, then it will use a broadcast to try to resolve the name. A secondary WINS server can be configured to prevent such situations. WINS is dynamically updated which gets rid of the need to screw around with lmhosts files. If a client is configured to use WINS then it will register it's name and IP address with the WINS server. When the computer is turned off, it releases its lease on that name which may be used by a different computer. Microsoft recommends 1 primary and secondary WINS server per 10,000 clients.

Name Renewal and Release
  • RENEWAL - Name registrations on the WINS server do not last forever and have a "time to live" or TTL. After 1/8th of the TTL the client will attempt to refresh its name with the server. If it is unable to do this it will try again every 2 minutes until 1/2 the TTL is expired at which point it will start barking at the secondary WINS server if one is present. It will attempt to register with the secondary WINS server 4 times(every 1/8th of the TTL until half is expired). After a successful refresh it will attempt another at 1/2 TTL from there on out.

  • RELEASE - When a computer is shutdown normally(i.e. doesn't crash), it will make a request to the WINS server that its name be released. If the server detects an error it will tell the client "no". If everything checks out ok, the server will send a positive response and releases the name making it available to other clients.

  • NON-WINS CLIENTS - Static mappings should be made for non-WINS clients other wise a lmhosts file must be configured. Once this is done you will want to set up a proxy agent to that name registration requests are sent to the server. The proxy can be enable by editing the following registry key:


    Once at this key, change the value for EnableProxy to 1.

  • DATABASE REPLICATION - If multiple WINS servers exist on a network, it is possible to configure them to replicate each others databases for redundancy. In order for this small miracle to happen each WINS server must be configured as a "push" or "pull" partner. Basically, a push partner sends it's database entries to the pull partners. This happens after a certain number of changes have occured in the push partners database and for that reason is not recommended for larger networks as it could start replication during peak traffic times. A pull partner will grab the changed database entries after a configurable amount of time. Servers can also be configured as both push and pull partners which will cause them to replicate their entries with each other.

  • BACKUP, RESTORING AND COMPACTING - A directory for the backup needs to be established. Once this occurs, the database will be backed up every 24 hours. If the database gets hosed and needs to be restored, you can do so by going to the WINS Manager "mappings" menu and select "restore database". The database is compacted automatically.

This section is about Microsoft's browsing service. Pay attention as browsing problems can be difficult to fix. A select few computers on the network have the priveledge of being browsers, which means that they are responsible for tracking the shared resources on a network. They obtain their lists of resources from NetBIOS broadcasts.
There are 3 different types of browsers:
  • MASTER BROWSER - The king of browsing. This computer keeps track of the list in it's domain as well as keep a browse list on file for the other domains. It is also responsible for making sure that the backup browsers have copies of the list.

  • BACKUP BROWSER - Upon request, this computer sends the list that it recieves from the master browser to clients.

  • DOMAIN MASTER BROWSER - This one takes the browse lists from the master browsers on the network and makes sure that they match.

Due to the fact that NetBIOS broadcasts are not typically routed because it can bog down the network with traffic,
WINS or lmhosts files need to be used to allow browsing across subnets. When WINS is used, the destination host's IP address is retrieved directly from the WINS database. For clients not using WINS, an lmhosts file must be configured with the name and address of the browsers on the network.

Configuring an LMHOSTS File
For a master browser, the file would be configured as follows:
(ip_address)(domain_master_browser_name) #PRE #DOM (domain_name)

A domain master browser would be configured as follows:
(ip_address)(master_browser_name) #DOM (domain_name)
If you are on a large network, it is better to use WINS. Imagine trying to configure lmhosts files for 1,000 computers. Job security for sure, but what a pain.

Host names can be mapped to IP addresses to make referencing hosts easier as you don't have to remember an IP address. Personally, it isn't any easier for me, but Microsoft is the boss. A host name can be any string 256 characters or less and does not have to match the NetBIOS name. There are several different ways that host names can be resolved to IP addresses. Below are the standard methods:
  • HOSTS FILES - A text file that can be edited to manually map the host name to an IP address.

  • DNS SERVER - A database of name/address mapping stored on a computer as is done with WINS.

  • LOCAL HOST NAME - Unless configured otherwise, the default name is the host name of the computer.

Microsoft adds several more options which follow:

  • LOCAL BROADCAST - A broadcast on the local network that attempts to discover the IP address for the destination computer's NetBIOS name.

  • LMHOSTS FILES - Like a hosts file, this can be configured for name resolution.

  • NetBIOS NAME SERVER - Pretty self-explanatory. Microsoft uses WINS for this.

Hosts File
The hosts file is a little different than the lmhosts file in that it will resolve both local and remote names. If the host name can't be resolved and no other alternative name resolution processes are in place, the user will receive an error. Once the host name is parsed from the host file, ARP takes over and attempts to resolve the IP address to a MAC address. Like the lmhosts method, this is static name resolution.

The internet used to use a hosts file to resolve IP addresses to host names or domain names. The internet grew to the point where the administration and the traffic needed to maintain this file became unbearable and DNS was born. A DNS client(aka resolver) sends requests to the DNS nameserver which responds with the requested info, another server to pester or a failure message. This process is very similar to calling information. You call them with a name, they check their database and give you the phone number. There are 3 types of queries that a host will send to its DNS servers and they are inverse, iterative and recursive. When the nameserver resolves a request it is cached and given a TTL.
There are a variety of roles a nameserver can satisfy within the zone that they are responsible for:
  • PRIMARY NAMESERVER - Gathers DNS information from local files and is a focal point for adding hosts and domains.

  • SECONDARY NAMESERVER - Gathers the data for its' zone(s) from another DNS server. Secondary nameservers provide redundancy, traffic on primary server and quicker access for locations that are remote in regards to the primary server.

  • CACHING ONLY SERVERS - These do not have a zone that they are responsible for. Their databases only contain info that is received from resolutions that it has made since the the server was last started.

Nameservers are distributed into tiers called domains which will be covered in a moment.

Microsoft discusses domains in terms of a hierarchical "domain name space" which they refer to as being like a tree structure. This probably makes a lot of sense to those of you migrating from the clunky, yet powerful Netware side of things. There are several different domain levels as listed below:
  • ROOT LEVEL DOMAINS - The top of the tree.

  • TOP LEVEL DOMAINS - These are divided into different categories. Com, net, mil, edu, org and gov are the most common.

  • SECOND LEVEL DOMAINS - These domains make up the rest of networks as all sub-domains are categorized under this heading. So if you visit Intel's site, you are visiting the sub-domain Within many other sub-domains may also exist.

  • HOSTS - Hosts are the final level in the hierarchy as they are the individual computers that occupy or comprise a domain.

DNS Files
Normally, a DNS server will use 4 different files to resolve names. These are the database file, reverse lookup file, cache file and boot file. Each of these will be discussed in detail below.
  • THE DATABASE FILE - This file will actually be called yourzone.dns and it is responsible for storing DNS records. This is a file that replication servers push/pull from the primary server in order to update their databases. This file contains several different entries. The first thing that will be seen in this file is the "Start of Authority"(SOA)which defines a zone's parameters. Next, there should be an entry called "Name Server Record" which lists other namerservers on the network. Next, the "Host Record" is a static mapping of host names to IP addresses and should list all of the hosts in a given zone. Finally, there is a "Canonical Name"(CNAME) entry that allows one to assign multiple host names to an IP address, or in other words, create aliases.

  • REVERSE LOOKUP FILE - Up to now we've talked of the mapping of names to addresses. But, what happens if you have the IP-address and you want to know the name of this domain? A Reverse Lookup is the process of translating a numeric IP address (i.e. back into a readable name (i.e. Translating the numeric address into the name is referred to as a 'reverse' lookup because the standard lookup that the DNS system does is to translate the name into the numeric address. To solve this problem the "" domain was created. This domain is called reverse domain and the resolution of IP-addresses to domain names is named reverse map (reverse mapping or reverse lookup). The reverse domain name is created by putting the numbers of the IP-address in reverse order and adding to the end. Example: The IP-address of is "". The domain "" would then have the reverse domain name of: "".

  • CACHE FILE - The cache.dns file is required as it contains the records of the root domain servers. The default file that is included with NT 4 contains all of the root internet servers.

  • BOOT FILE - The boot file controls the start-up characteristics of a DNS server on the Berkley Internet Name Daemon(BIND).

Final Thoughts on DNS
DNS can be configured to use WINS in such a way that if the DNS can't solve the request, it will query the WINS server for the information. In order for this to work a WINS -R(reverse lookup) record must be created.

No, it is not a venereal disease! SNMP(Simple Network Management Protocol) is a part of the TCP/IP stack that allows for monitoring and status information on a network. SNMP can commuicate with other NT computers, routers, gateways, mainframes, LAN manager servers, terminal servers and wiring hubs. This service allows open files, arp tables, IP addresses, disk space, etc. to be monitored. In order to do this, 3 basic commands are used.
  • GET - This command requests a specific value.

  • GET-NEXT - Allows for the next value to be viewed and is used for navigation.

  • SET - Allows a value to be altered. Most values are read only and can't be changed.

An SNMP agent sends out reports of events(traps) to as many hosts are configured to receive them. 3rd party Management Information Bases(MIBs) can be used with the Microsoft SNMP service. A MIB contains the information that the agent can request. It essentially defines the scope of the types of requests that can be made.

The following is a guide to the tools and techniques for troubleshooting TCP/IP. Although this is not the largest section of the study guide, it is probably one of the more important. First, we will list the tools that Windows NT/2000 offers and a description of what they are for.

PINGProbably the most important. This verifies that TCP/IP is configured correctly and that a connection can be made.
IPCONFIGAllows you to view TCP/IP settings and configuration.
TRACERTEnables you to view the route to a specified host. This will show how many hops the packets have to travel and how long it takes.
ROUTEView or change entries in the routing table.
ARPView and add entries to the ARP cache.
NETSTATDisplay protocol information and connection status
NBTSTATCheck NETBIOS connections and update LMHOSTS cache.
NSLOOKUPFind all of the mistakes that you made when setting up a DNS server.
SNMPManage status information with computers running an SNMP service.
EVENT VIEWERView service events and error messages.
PERFORMANCE MONITORFind out how well your network is performing and where the problems are.
NETWORK MONITORBasically a sniffer trace used to capture and analyze packets.

Verifying Communications
Billy Gates INC recommends that you troubleshoot networking problems from the bottom layer and move toward the top. The first step is to always ping whatever it is you can't connect to. Next attempt to establish a session of some sort.
Now I will show you why the ping utility is so important. For communication problems, if you follow a logical order, you can narrow down the trouble spot as shown below.
  1. Ping - This is the loopback address and verifies that the computer that you are pinging from can communicate via TCP/IP with its own ethernet adapter.

  2. Ping own IP address - Verifies that a valid IP address was entered for this computer.

  3. Ping default gateway - Typically this would be the near side of a router. If you can ping this address, then you should be able to ping other hosts on your same subnet.

  4. Ping far side of router - This will verify that the routing table is correct.

  5. Ping remote host - If this works then it would appear that there are valid communications.

  6. Ping host names - If all of the above work, try each again using the host name instead of the IP address.

Once this is completed, attempt to establish a session by using the following methods:
  1. See if a session can be established using the Net View or Net Use commands

  2. Try a Telnet or FTP session.

If the above are unsuccessful, check the following:
  • Double check that the target host is using Netbios.

  • Make sure that the source and target host's scope IDs match.

  • Make sure that you are using the correct Netbios name.

Comments (0)

Be the first to comment on this article

Related Items

7 Seconds Resources, Inc.

IT Showcase