Microsoft Windows XP Networking Inside Out
.pdf
1: Windows XP Networking
Part 1: Windows XP Networking
2 Chapter
process called leasing. With DHCP leasing, a client requests IP configuration information, and the DHCP server allocates that client a particular IP address for a specified period of time, after which the client can release the address for other computers to use or renew the lease and continue to use it. In addition, DHCP servers can relate configuration data, such as preferred subnet masks and default gateways, as well as other information, such as DNS and WINS server addresses.
For users on a small business or home network, however, the benefits of DHCP might not justify the costs of a dedicated DHCP server. This is where Automatic Private IP Addressing (APIPA) comes into play. APIPA is an automatic IP addressing service that enables a Windows XP computer to auto-assign an IP address when no DHCP server is available. APIPA is active by default on all Windows XP computers. If the Windows XP computer fails to find a DHCP server to provide addressing information, the computer selects an address from a special range of IP addresses (169.254.0.1 through 169.254.255.254). This range of addresses is not used on the Internet and normally cannot be accessed over the Internet. The purpose of these addresses is to isolate a private LAN’s data from the world at large. Once the address is selected, the client checks the network to determine if another host is already using the address; if so, it selects another address and tries again until an unused address is found. APIPA provides a way for Windows XP computers to handle IP addressing so that users don’t have to be involved. This allows home and small office networks the functionality of dynamic IP configuration without requiring the overhead of DHCP.
Simple Network Monitoring Protocol (SNMP)
SNMP provides a standardized method of assessing information about the state of network components such as routers, switches, servers, and workstations. SNMP provides the ability to configure network attached devices as well as view information about their status. This protocol is widely used, and SNMP-enabled devices can be found on virtually every network.
Transport Layer Protocols
Transport layer protocols function at the transport layer and provide a way to move data from one computer to another. This section explores several important transport layer protocols you should become familiar with.
Transmission Control Protocol (TCP)
TCP was first developed to solve problems with the reliability of early networks. Frequently, the hardware used could not be trusted to reliably deliver data from one host to another. To solve this issue, TCP was developed to set rules for ensuring delivery of data across networks. Essentially, TCP builds in message delivery reliability by applying several techniques, most notably error detection and error correction.
28
1: Windows XP Networking
Chapter 2: Configuring TCP/IP and Other Protocols
Communicating by Port Numbers
Application layer protocols use port numbers (defined at the transport layer) to identify the network traffic specific to a particular application or protocol. Services using one of these protocols examine all network traffic being sent to them to determine the port number. There are default port numbers associated with all of the standardized services such as FTP, TFTP, and DNS. If the need arises, the default port numbers can be changed for security or development reasons. Some of the more common port numbers are 21 (FTP), 23 (Telnet), 25 (SMTP), 69 (TFTP), 80 (HTTP), and 161 (SNMP).
During the initial negotiation process, computers use TCP to come to agreement on several communications parameters. These parameters can include, for example, how large the segments can be and how many segments can be sent until an acknowledgment of receipt is required from the receiving station. Once these parameters are negotiated and agreed upon, the TCP controlled connection between the two computers is complete, which is called a virtual circuit. With the virtual circuit established, it is then possible to detect errors, correct errors if possible, and pass error messages to higherlayer protocols as required.
One of the significant features of TCP is flow control. When two computers establish a connection and begin to send data, there is a chance that the receiving computer might not be able to process the incoming data as rapidly as the sending host. To prevent a total collapse of the communications process, the receiving computer can use a halt signal to slow or alter the flow of data. For instance, if a faster computer (one with a faster network adapter or CPU, or one with a less burdened local network segment) sends data faster than a slower communications partner can process it, data will be lost because the faster computer overruns the slower one.
During flow control negotiations, the less capable participant can send a message that tells the sender to slow down and let the slower machine catch up. Either the transmission speed is reduced or the data has blank spaces (pauses) inserted into the data stream. The result is that the sending machine makes sure that the less capable computer has a chance to properly reassemble the received segments.
TCP uses a process called segmentation to better facilitate reliable data delivery. Often, applications will request or move large chunks of data from one location to another. If the entire file is sent as a single block, any interruption in the transmission would require that the entire block of data be retransmitted. To avoid this problem, TCP breaks larger pieces of data into smaller, sequentially numbered segments. The segments are then transmitted sequentially to the destination computer. Upon receipt, the receiving computer reassembles them for use by higher-layer protocols. Any segments that are not acknowledged are retransmitted until the receiving host indicates that the segments were successfully received.
Chapter 2
29
1: Windows XP Networking
Part 1: Windows XP Networking
What Does TCP Really Do?
2 Chapter
TCP is a connection-oriented protocol. When one computer wants to send data to another using TCP, a connection is negotiated between the two. The negotiation involves a three-way communications process (also known as a handshake) that goes something like this:
1Computer 1: “Hey computer 2! Are you available to communicate?”
2Computer 2: “Yes, fire away!”
3Computer 1: “Here comes the data!”
These three steps are officially known as the connection request, connection granted, and acknowledgment. But as you can see, they simply provide a way for two computers to get in touch with each other before sending data.
Features of the User Datagram Protocol
Like TCP, UDP also provides transport layer functions to higher-layer protocols and services. However, this is the only similarity they share. UDP is as featureless as a transport layer protocol can be and still be useful.
When a UDP process initiates communications, it immediately starts sending data to its communication partner. There are no negotiations, such as a handshake, or any establishment of parameters at the beginning of a transmission. There are no message acknowledgments during the communications process. This can result in lost data, but it does provide low-latency network communications (network communications with little delay between partners). UDP is completely unaware of the connection state of its communication partners. If a server were hosting a UDP-enabled application that had multiple clients connected at the same time, UDP would not provide a method for determining the availability of any particular client. Additionally, should the receiving computer become overwhelmed by the stream of data being transmitted, no mechanism exists in UDP to allow the receiving computer to send a stop signal. These features are left to services and protocols operating elsewhere.
note The most noteworthy benefit of UDP is that because connection negotiations do not occur with UDP, it has far less overhead than TCP. Several popular protocols and Internet services, including streaming multimedia, Internet telephony, DNS, and SNMP, are perfect matches for this service. UDP’s inability to know when a packet hasn’t been received and when to resend it explains the source of some of the dropped frames experienced in streaming video and sound dropouts encountered in streaming audio.
30
1: Windows XP Networking
Chapter 2: Configuring TCP/IP and Other Protocols
UDP has gained wide acceptance because the reliability of networking equipment that operates on the physical layer has greatly improved. This effectively minimizes the detrimental effects of UDP’s inability to correct errors. Many protocols and applications that rely on UDP perform their own error detection/correction to make up for this behavior. This allows the application or protocol to take advantage of UDP’s greater efficiency while minimizing its downside.
Network Layer Protocols
The network layer (layer 3) of the OSI model is primarily focused on finding the best path over the network for data transmission. There are several important TCP/IP protocols that function at this layer, and these are explored in this section.
Address Resolution Protocol (ARP)
Information passed down to IP at the network layer (layer 3) from upper-layer protocols includes the network (IP) address of the destination. For IP to send this information using a data-link layer protocol (such as Ethernet), the destination MAC address must first be resolved. Because upper-layer protocols and services are not aware of the MAC address, IP uses ARP to resolve the MAC address for a next-hop IP address. ARP is used to actively maintain a table that lists recently accessed IP addresses and their corresponding physical addresses. To build or maintain this ARP cache, ARP sends out a broadcast message to all computers on the network segment using the targeted computer’s IP address and asks for the physical address (MAC address) of that computer’s network adapter. This process is initiated whenever an ARP cache entry for a needed IP address is not present in the ARP cache. The targeted computer replies with its physical address, which is placed in the ARP cache and is sent back to the ARP requester. If the ARP broadcast fails to determine the MAC address of the targeted computer, an error is indicated, and the upper-layer process or application must decide whether to reattempt the communication or give up.
Internet Protocol (IP)
IP addressing is by far the most widely used method of addressing computers today. As such, it is the default addressing method used by Windows XP. Each computer in an IP network is uniquely identified with an IP address. All of the higher-level protocols in the TCP/IP suite (such as HTTP or FTP) depend on the services of IP to deliver packets to a destination computer. The IP communication process receives segments or messages from transport layer protocols such as TCP or UDP. The IP process packages these segments into packets for delivery to the data-link layer protocols.
Chapter 2
31
1: Windows XP Networking
Part 1: Windows XP Networking
Internet Control Message Protocol (ICMP)
2 Chapter
ICMP is used to provide diagnostic and error reporting for IP networks. For example, the ping utility uses ICMP Echo messages to test reachability to a specified destination.
To learn more about the ping utility and other troubleshooting tools, see “Using Commandline Tools Included in Windows XP,” page 345.
Reverse Address Resolution Protocol (RARP)
A diskless computer (one with no hard disk drive) that is part of a network needs to have a method for obtaining its operating code from the network and thus needs to know its assigned IP address. Hardware on the computer is able to determine the MAC address of the computer’s network adapter; however, to get the operating code from the network, the computer must join the network. RARP helps accomplish this task. As its name implies, it performs the opposite lookup function performed by ARP.
The diskless computer sends a RARP broadcast message indicating that it has a MAC address and that it needs to know its IP address. A RARP server responds with the IP address the computer is supposed to use. With its IP address known, the computer can then join the network and go about performing its tasks, such as downloading the code it needs to provide to a user environment.
Internet Protocol Addressing
IP addresses contain two pieces of information: the network ID and the node ID. A node is any device connected to an IP network. IP addresses are 32 bits long and are made up of four 8-bit octets. For the most part, IP addresses are displayed in the decimal equivalent of the binary data contained in each octet. For example, the userfriendly IP address of 192.168.34.9 is actually 11000000101010000010001000001001 in binary form. Each octet is capable of representing decimal values between 0 and 255, or 00000000 and 11111111 binary.
The good news is that you do not have to worry about IP address binary formats and conversions—that task is usually left to network planners and administrators of large Windows networks. Because the functionality of TCP/IP is the same whether binary or decimal equivalents are used, decimal equivalents will be used in the following discussion.
Understanding how to use binary numbers in relation to the IP address is only essential when advanced subnetting is required. Subnetting is discussed in “Applying the Subnet Mask,” opposite.
32
1: Windows XP Networking
Chapter 2: Configuring TCP/IP and Other Protocols
Classifying IP Addresses
To manage the distribution of IP addresses and to establish a standard for interpreting IP addresses, five IP address classes (A, B, C, D, and E) were originally developed. IP address Classes A, B, and C, shown in Table 2-1, were originally defined for assignment by Internet service providers (ISPs) and businesses for use on their networks.
Class D addresses are reserved for multicasting, and Class E addresses are reserved for research purposes.
Table 2-1. IP Address Classes and Their Network ID Ranges
IP Address Class |
IP Network ID Range |
A |
1.0.0.0 through 126.0.0.0 |
|
|
B |
128.0.0.0 through 191.255.0.0 |
|
|
C |
192.0.0.0 through 223.255.255.0 |
|
|
Chapter 2
Each IP address class has a pattern for the number of octets used to represent each of the two parts of an address. The Class A network address uses one octet on the left (8 bits) for the network ID and the other three octets (24 bits) for the node ID. A Class B address uses the first two octets (16 bits) for the network ID and the last two octets for the node ID. A Class C IP address uses the first three octets (24 bits) for the network ID and the last octet (8 bits) for the node ID. The numbers of octets used for the network ID and for the node IDs are important because the number of octets reserved for nodes determines the number of devices that can be attached to a single network ID. For example, in a Class C network with one node octet, only 254 devices can be connected to a network segment (because there can only be 254 unique IP addresses in a single octet). In contrast, on a Class B network segment with two node octets, over 65,534 devices can be connected.
Along with an IP address, there are two other parameters specified for members of a TCP/IP network: the subnet mask and the default gateway.
Applying the Subnet Mask
TCP/IP networks are divided into different portions called subnets. Depending on the client’s IP address, the client belongs to a certain IP class and a certain default subnet. The subnet mask helps computers know which part of the IP address refers to the network ID and which part of the address is used to refer to the clients. The subnet mask is another 32-bit, dotted-decimal number that is combined mathematically (in binary form) with the IP address. The result identifies the network ID. A subnet mask is assigned along with each IP address.
33
1: Windows XP Networking
Part 1: Windows XP Networking
2 Chapter
For example, if an IP address of 192.168.0.50 uses a subnet mask of 255.255.0.0, the portion of the IP address masked by 255.255, which is 192.168 in this case, identifies the network ID portion of the address. The 0.0 segment of the subnet mask represents the unmasked portion and identifies the digits of the IP address that uniquely identify each client machine on the network, in this case 0.50. In this scenario, all IP addresses of computers on the network segment must begin with 192.168., but the remaining digits can range from 0.1 to 255.254. All machines using addresses in this range will be able to communicate with each other over the network segment without requiring a router. Table 2-2 shows the default subnet masks for each IP address class.
Table 2-2. IP Address Classes and Their Default Subnet Masks
IP Address Class |
Default Subnet Mask |
A |
255.0.0.0 |
|
|
B |
255.255.0.0 |
|
|
C |
255.255.255.0 |
|
|
note In fact, the use of IP addresses with subnet masks can be more complicated than the preceding simple example because the addresses must be translated to binary and dealt with in that format. However, for the most common subnetting schemes, simply masking in between the dotted-decimal values is sufficient.
Using Default Gateways
In addition to the IP address and subnet mask, a TCP/IP configuration might also have a default gateway. Although clients reside on a certain subnet, they sometimes need to communicate with another client on a different subnet (for example, often computers using TCP/IP are on a routed network such as the Internet). The client must know the computer (or router) to send its traffic to so the traffic can leave the local subnet and travel to another. This computer or router is known as the default gateway, and the IP address of the gateway is essential information for a client to send and receive data beyond the bounds of the local subnet. Depending on the network configuration, however, a default gateway might not be necessary. For example, if your network has one subnet and you do not connect to any other subnets, you have no need for a default gateway because your network clients never access other subnets. This is common primarily in small office and home network environments (although with the tremendous popularity of the Internet, even these scenarios commonly require a gateway device for the Internet connection).
34
1: Windows XP Networking
Chapter 2: Configuring TCP/IP and Other Protocols
Understanding Public and Private IP Addresses
Early on in IP networking, it became apparent that there was a need for specialized, private, address groups. These addresses would be used for internal networks, whereas connectivity to the rest of the world would be accomplished through a router that had a public IP address. This ensured that the finite number of IP addresses would not be consumed by (nor have to be uniquely registered and assigned to) the millions of private home and business networks operating worldwide. Because the private addresses are not reachable from the public Internet, they can be reused by all the private networks at will without those networks colliding with one another, thereby saving the vast majority of IP addresses for providing the unique public addresses needed by Internet-connected devices. The private IP address ranges are
Chapter 2
●10.0.0.0 through 10.255.255.255
●172.16.0.0 through 172.31.255.255
●192.168.0.0 through 192.168.255.255
IP routers on the Internet will not route traffic across the Internet using one of these IP addresses. If, however, someone wants to provide Internet access to hosts using a private IP network, a network address translation (NAT) device is used. NAT devices forward the appropriate traffic sent from the private IP addresses through a single or a few public addresses—typically the IP address of a router that securely links the private network (LAN) to the public network (Internet)—and maintain an internal table that allows response traffic to be routed to the proper initiating private host.
NAT can be used to maintain a subnet of private network IP addresses hidden from the public Internet. This is a useful safety feature, and some home and small office networking hardware, such as residential gateways, use NAT. You can learn more about these options in Chapter 3, “Creating Network Connections.”
Configuring IP Settings in Windows XP
The TCP/IP protocol suite is installed by default on all Windows XP installations. There is a wide array of configurable settings, and the options of each setting as well as the procedures for making changes to them will be explored. To access the TCP/IP properties, follow these steps:
1Log on as a user with administrative privileges.
2Open Network Connections. From the default Windows XP Start menu, choose Connect To, Show All Connections; from the Classic Windows XP Start menu, choose Settings, Network Connections.
35
1: Windows XP Networking
Part 1: Windows XP Networking
2 Chapter
3Locate the connection to the network. It will probably be labeled with the default name, Local Area Connection.
tip If you do not see any connection listed under the heading LAN Or High-Speed Internet in the Network Connections window, there is probably no network adapter installed on the computer. See Chapter 3, “Creating Network Connections,” to learn more about installing and configuring network adapters.
4Right-click the Local Area Connection icon, and choose Properties from the shortcut menu.
5On the General tab, select Internet Protocol (TCP/IP), and click Properties. The Internet Protocol (TCP/IP) Properties dialog box opens, as shown in Figure 2-1.
Figure 2-1. The TCP/IP configuration is accessed through the Local Area Connection Properties dialog box.
In this dialog box, the computer can be configured to use static or dynamic addressing. The default is dynamic addressing (Obtain An IP Address Automatically). If a change is not required, this setting should be left as is. It is also possible to configure the DNS settings (the address of the DNS server) from this dialog box. If both DNS and IP addressing options are set to automatic settings, the computer will use the DNS settings provided by a DHCP server. For computers not connected to a domain, the DNS servers are usually provided by your ISP. It is possible to select automatic addressing for the IP address and to manually specify a DNS server address. If no DHCP server is available to provide the IP address, APIPA will automatically configure the IP address and subnet mask. For a single subnet network that does not contain a router, APIPA should be used unless you have a specific reason to manually enter each computer’s IP address.
36
1: Windows XP Networking
Chapter 2: Configuring TCP/IP and Other Protocols
newfeature!
If you selected automatic addressing on the General tab, you’ll see the Alternate Configuration tab in the Internet Protocol (TCP/IP) Properties dialog box. This tab represents a new feature in Windows XP: Alternate IP Configuration. This feature allows an automatically assigned IP address if a DHCP server is available, and a static IP configuration when a DHCP server is not available. This enables you to connect to two different networks (for example, your home network and your employer’s network) and get the appropriate address assigned. If you’re not connecting to two networks, you can leave the setting as Automatic Private IP Address on this tab. If you want to configure a static IP configuration for a second network, select User Configured, as shown in Figure 2-2, and enter the appropriate settings.
Chapter 2
Figure 2-2. Use the Alternate Configuration tab if you want to connect to a second network.
Configuring Advanced TCP/IP Options
Under most circumstances, you do not need to manually configure TCP/IP settings. After all, in networks that use DHCP, the server leases all of the necessary TCP/IP configuration settings. In networks with no DHCP server, APIPA can handle the auto-addressing. However, Windows XP allows you to tailor the TCP/IP settings to your specific needs. It is important to always question why you are manually configuring TCP/IP and whether the manual configuration is necessary. Why would someone want to manually configure TCP/ IP settings? In environments that do not use DHCP, you might want a particular IP address configuration to be used, or you might want to specify certain DNS or WINS servers. You might also want to configure some TCP/IP filtering options for added security.
To manually configure these advanced settings, return to the Internet Protocol (TCP/ IP) Properties dialog box. On the General tab, click the Advanced button to open the Advanced TCP/IP Settings dialog box, as shown in Figure 2-3 on the next page. It is here that an administrator gains access to the details of the Windows XP TCP/IP configuration.
37