Guide to TCP/IP, Third Edition Chapter 12: TCP/IP, NetBIOS, and WINS

Guide to TCP/IP, Third Edition

Chapter 12: TCP/IP, NetBIOS, and WINS

TCP/IP, NetBIOS, and WINS 2

Objectives

• Discuss the history of NetBIOS

• Understand what NetBIOS is and its limitations

• Understand the role of NetBIOS in Windows 2000 and higher operating systems

• Understand the significance of NetBIOS over TCP/IP on your network

• Understand how NetBIOS works


Objectives (continued)

• Explore NetBIOS names, including structure and types

• Explore the various ways of registering and resolving NetBIOS names

• Understand naming conventions associated with NetBIOS over TCP/IP

• Understand how NetBIOS names must change to work with DNS name resolution


Objectives (continued)

• Set up a WINS server for your network

• Integrate WINS services with DNS

• Troubleshoot WINS and NetBIOS errors with commonly used tools


History of NetBIOS

• NetBIOS – Developed by Sytek in 1983– Adopted by IBM and Microsoft for naming network

resources on small peer-to-peer networks– Original was an Application Programming Interface

(API) used to call network resources

• NetBIOS Extended User Interface (NetBEUI)– Extension of NetBIOS


What is NetBIOS (and Why Do I care)

• NetBIOS operates by – Maintaining a list of unique names assigned to

network resources– Providing the services to establish, defend, and

resolve these names– Carrying the needed communications between

applications that make use of these network resources


How Windows 2000, Windows XP, and Windows Server 2003 Work with

NetBIOS• Windows 2000

– First Microsoft operating system to use DNS

• When upgrading servers to Windows 2000 Server or Windows Server 2003– Determine if you will still need to support NetBIOS

names on your network

• If uncertain if your network requires NetBIOS support– You can use the WINS performance monitor counter


NetBIOS and TCP/IP

• Using DNS Only– Preferred form of networking in an all-Windows 2000

and/or Windows XP environment• Direct hosting of the (SMB) protocol

• Using NBF Only– To deliberately restrict resource sharing only to the

local network segment• Bind Windows File and Print Sharing to NBF, but not

to TCP/IP


Combining TCP/IP and NetBIOS

• NetBT or NBT– NetBIOS over TCP/IP

• NetBIOS names– Can be resolved by any of several combinations of

methods

• Default configuration for Windows 2000 and Windows XP machines – Have both NetBT and NBF enabled



How Does NetBIOS Work?

• NetBIOS– Takes advantage of simple naming, address

handling, and message formatting conventions – Supports connectionless datagrams as well as

connection-oriented session frames– Supports simple name registration and challenge

mechanisms


NetBIOS Traffic

• Consists of NetBIOS frames of one of two types – Datagrams or session frames

• NetBIOS sessions – Used in situations that require a reliable connection

• When NetBIOS is run over TCP/IP as NetBT– Datagrams are carried in UDP packets and session

frames are carried in TCP packets


How Does NetBIOS Work?

• Registering and Challenging NetBIOS Names– Registration

• Process of asserting that a name exists and belongs to a particular computer, user, process, or group

• Categories of name resolution methods– Look up in a list of names on the local machine– Broadcast queries on the local subnet– Direct queries to name servers


Other NetBIOS Services

• Name services– The most important NetBIOS services

• NetBIOS datagram and session services– Used by applications such as Applications such as

the Network Browser, LAN Manager



NetBIOS Names

• Based on– User name during logon – Information configured for the specific computer in

the Network applet in Control Panel

• NetBIOS names are of two general types– Unique names and group names

• Unique names – Resolve to a single address


Structure of NetBIOS Names

• Group names – May resolve to multiple addresses

• NetBIOS names – 16 characters long, divided into two parts– First 15 characters are the name itself– Last character is a code describing the class of

resource to which the name belongs




NetBIOS Scope Identifier

• NetBIOS – Provides the NetBIOS scope identifier

• Scope identifier – Adds a character string to end of the name,

separated from rest of name by a period (.)

• NetBIOS scope– Identifies a logical community of network hosts

• DHCP scope– Identifies a range of IP addresses that a DHCP

server can assign to clients


NetBIOS Name Registration and Resolution

• NetBIOS names are registered and resolved using– Node type– NetBIOS name cache and the LMHOSTS file– WINS servers configured as NetBIOS Name Servers– DNS and the HOSTS file


Name Resolution Regimes by Node Type

• Four basic types of NetBIOS nodes– Broadcast node (b-node)– Peer node (p-node)– Mixed node (m-node)– Hybrid node (h-node)


NetBIOS Name Cache and LMHOSTS File

• NetBIOS name cache – Temporary file that resides in memory, pairing

NetBIOS names and IP addresses

• Names in the NetBIOS name cache– Times out after 10 minutes, by default

• LMHOSTS file – Plain text file that resides in the <windows root>\

system32\drivers\etc directory


WINS Name Registration and Resolution

• WINS servers – NetBIOS Name Servers that set up and maintain

database of NetBIOS names and their associated IP addresses

– Do not participate in broadcast or b-node name registration and resolution

• WINS servers – Support a special name registration regime called

burst mode


DNS and The HOSTS File

• Preferred configuration for Windows 2000 and Windows XP clients– Is to use DNS for name resolution

• HOSTS file – Static list of IP name and address pairs, located in

the <windowsroot>\system32\driver\etc directory


NetBIOS Over TCP/IP

• To coexist with TCP/IP, NetBIOS had to accommodate TCP/IP’s conventions– NetBIOS scope identifier was added as a sort of

analog of the TCP/IP domain– Set of steps created to make NetBIOS names and

commands transportable over a TCP/IP connection



NetBIOS and DNS Name Resolution

• To convert NetBIOS name into name that is recognizable and routable by DNS– NetBIOS name had to become a usable host name– Domain portion of the name had to be added


Creating a Usable Host Name from a NetBIOS Name

• NetBIOS name– Has to be restated in a way that replaces any

characters not recognizable by DNS

• DNS names must be printable

• In the ASCII code set– None of these characters is printable



Converting an Encoded NetBIOS Name to a Fully Qualified Domain

Name• To convert the (translated) NetBIOS name into a

fully qualified domain name (FQDN)– Domain portion of name has to be added as well

• NetBIOS scope identifier – User-configurable string– Adds only one level of hierarchy

• Internet domain names– Regulated and restricted– Conform to a deeper and rigorously enforced

hierarchy



WINS Servers

• WINS– A server service– Runs under Windows NT Server, Windows 2000

Server, or Windows Server 2003

• WINS server– Registers NetBIOS names and IP addresses– Can be configured to return the IP address

associated with a resource name or– The NetBIOS names associated with an IP address


Different WINS Configurations

• WINS servers – Can be deployed in several different ways to meet

the needs of different networks

• Netsh command-line tool in Windows Server 2003 – Helpful for WINS servers over WAN links to better

manage slower network connections


Different WINS Configurations (continued)

• Administrator-level access to the WINS server allows you to– Check server statistics– Check the database and version numbers for

consistency– Mark records for eventual deletion (called

“tombstoning” the records)– Remove old records (scavenge the database)


WINS Proxy

• WINS clients – Available for recent versions of DOS, OS/2, and all

versions of Windows– Available for Linux and UNIX machines running

Samba

• You can configure any Windows 2000, Windows Server 2003, or Windows XP computer to– Be a WINS proxy by setting the Enable Proxy

parameter in the Registry to 1



Integrating WINS and DNS

• The Microsoft DNS server implementation (MS DNS)– Can be configured to use WINS to resolve NetBIOS

names in the primary or root zone domain

• MS DNS – Cannot resolve NetBIOS names that are not direct

children of the zone root or primary DNS domain




Reverse DNS Lookup for NetBIOS Names

• MS DNS servers in the in-addr.arpa domain – Provide reverse lookup

• MS DNS servers in the reverse look-up zone root – Can be configured to use WINS-R to find NetBIOS

resources associated with an IP address

• WINS server – Uses a NetBIOS Adapter Status Query to find the

name(s) associated with a given IP address


Windows Server 2003 WINS Improvements

• Two improvements in WINS have been added to Windows Server 2003– Filtering records– Accepting replication partners

• With improved filtering and search functions– You locate records by showing only the records

fitting the criteria you specify


Troubleshooting WINS and NetBIOS

• Errors in Windows name resolution fall into two broad categories– Outright failure – Degradation of service

• Accumulation of several instances of degradation– Seldom leads to outright failure of the service


NBTSTAT

• Command-line program that returns statistics on NetBIOS

• A fast way to check the status of a particular NetBIOS host, or– Get a quick snapshot of NetBIOS name resolution

activity on the local network segment


WINS and DNS Consoles

• WINS Console– Can search for active registrants by name or owner

• DNS Console in Windows 2000 and Windows Server 2003 – More geared to monitoring and system diagnostics

than the WINS server

• WINS operating parameters– Are stored in a Management Information Base (MIB)


Typical Errors in NetBIOS and WINS

• Misconfiguration of end nodes due to user error

• Incorrect network logon due to user error

• Wrong node type due to user error or misconfigured DHCP

• Timeouts set too low to allow for network latency

• Unwanted traffic due to misconfiguration of end nodes and/or servers, or client/server topology


Security Flaw in NetBIOS

• Security Bulletin MS03-034– Details flaw in NetBIOS that could result in

disclosure of information from your computer

• Operating systems are affected– Windows NT 4.0– Windows NT 4.0 Terminal Server Edition– Windows 2000– Windows XP– Windows Server 2003


Summary

• NetBIOS – Native Windows approach to networking

• NetBIOS and NetBEUI (NBF) – Use a flat namespace and are inherently non-

routable

• NetBIOS name can be resolved in three ways– Look it up in a locally held list– Ask the server (WINS, DNS, or Samba), or – Ask the whole local network segment


Summary (continued)

• NetBIOS and WINS services – Typically used in a mixed-network environment

• Windows networking clients or end nodes – Can be configured to use one of four basic regimes

of name registration and resolution

• WINS servers – Are like DNS servers designed to serve only the

NetBIOS namespace

Documents

Guide to TCP/IP, Third Edition Chapter 12: TCP/IP, NetBIOS, and WINS