Tftp. Provides bidirectional file transfers between a Windows NT computer and a TCP/IP host running TFTP server software. Communicates via messaging using UDP instead of TCP.
Diagnostic utilities. TCP/IP diagnostic utilities to detect, resolve, and prevent TCP/IP networking problems.
Arp. Resolves hardware or MAC addresses to IP addresses.
Hostname. Returns the computer host name for authentication by the RCP, RSH, and REXEC utilities.
Ipconfig. This is similar to winipfg in Windows 95/98 but, quite frankly, is not as robust. Part of the problem is that ipconfig is still character based and its reports are somewhat limited. By contrast, winipcfg is GUI-based and more pleasant to work with.
Lpq. Obtains status of print queue on a host running LPD service.
Nbtstat. Returns a list of NetBIOS computer names that have been resolved to IP addresses.
Ping. Tests connectivity and verifies configurations.
Route. Modifies or returns the local routing table.
Secret: This can be used to set up a static route. A static route is extremely valuable in certain conditions. If you are working with multiple subnets and multiple routers, it’s likely you will learn this command.
Tracert. Displays the path taken by a packet to its destination host. Here again, you will use this utility extensively in your TCP/IP travels. Tracert is frequently employed when resolving possible WAN failures or router configuration errors.
Internet support. Support for Internet, internet, and intranet-based computers. This support includes:
Internet Information Server. Used for Web publishing and administration
Windows Internet Naming Service (WINS). For dynamically registering and querying NetBIOS computer names
Domain Name System (DNS). A service for registering and querying DNS domain names
TCP/IP printing. For accessing UNIX-defined printers or network printers directly connected via a network adapter card (such as HP’s JetDirect card, which now uses TCP/IP printing—as an aside, HP’s JetDirect card used the DLC protocol almost exclusively back in the “old days”)
Tip: It is a common mistake for Window NT Server newbies to overload the services required to effectively manage and optimize their network. TCP/IP printing services are often loaded without any reason. I suspect this occurs during setup because it looks like the kind of service you should “just load.” Know your services and don’t overload your Windows NT Server unnecessarily.
Simple Network Management Protocol (SNMP) agent. Remote management of your Windows NT computer is possible by loading this service and using a management tool such as HP Open View. SNMP support is also included for DHCP and WINS servers with Microsoft’s TCP/IP protocol stack.
Simple Protocols. Simple protocols to respond to simple requests—Microsoft’s TCP/IP protocol suite allows Windows NT to respond to computers that request and support the following:
Character Generator
Daytime
Discard
Echo
Quote of the Day
Path MTU Discovery. Provides the capability to determine the datagram size for all routers between Windows NT–based computers and other computers on the WAN.
Internet Group Management Protocol (IGMP). Microsoft TCP/IP supports IGMP. It is typically used by workgroup software products at the upper layers of the OSI model.
Many of these TCP/IP utilities and commands are discussed at length in Chapter 7, “Troubleshooting TCP/IP.”
THE TCP/IP SETTINGS IN WINDOWS NT SERVER
Where are the Windows NT TCP/IP settings stored? In the Windows NT Registry, of course! Typically modified via GUI-based applications such as the Network property sheet—Protocol tab sheet, basic TCP/IP configuration parameters are fairly straightforward. However, what about modifying parameters such as Time to Live (TTL)? The TTL value is 32 seconds or 32 hops, whichever comes first (see Figure 4-16). It is effectively the number of routers that a packet may pass through before being discarded.
Many TCP/IP parameters may only be modified via the Registry. Quite frankly, most parameters are configured under the Parameters key. The Parameters subkey (see Figure 4-17) houses most of the important TCP/IP configuration parameters that you should be concerned with.
Here are important existing values within the Parameters subkey:
DataBasePath. Used by the Windows Sockets interface, this specifies the path to such standard Internet database files as HOSTS, LMHOSTS, networks, and protocols.
Domain. This is the domain entry you make in the TCP/IP Protocol Properties dialog box on the DNS tab sheet (see Figure 4-18). This value is used by the Windows Socket interface. The Domain is the name of the Internet domain that your computer belongs to. As you know, a domain is nothing more than a group name that has computers associated with it.
EnableSecurityFilters. If the entry value is 1, Windows NT Server filters all incoming UDP datagrams, raw IP datagrams, and TCP SYNs (connection requests). Accepted values may be defined via these keys: UdpAllowedPorts, TCPAllowedPorts, and RawIpAllowedProtocols. Interestingly, incoming packets are filtered with respect to the local computers. Packets destined for other computers are not filtered.
ForwardBroadcasts. This entry specifies if broadcasts should be forwarded between two or more adapters. The enabled state has visible broadcasts forwarded.
Secret: The ForwardBroadcasts value entry is not supported in Windows NT Server 4.0. It may be safely removed. In any event, the system ignores it.
Hostname. This is the name entered in the Host Name field in the TCP/IP Protocol Properties dialog box on the DNS tab sheet. It is the DNS host name of the system. Whenever a Windows Sockets application issues the hostname command, this name will be returned.
IPEnableRouter. A value of “1” indicates that the system can route IP packets between networks that is it connected to. Packets are not routed if the value is 0.
NameServer. Lists the DNS servers that will resolve names when queried by Windows Sockets.
Secret: This value overrides the value in the DhcpNameServer value field (a value supplied to DHCP clients via a scope).
SearchList. Lists domain name suffixes to try when an unsuffixed name cannot be resolved by using DNS. This information is used by the Windows Sockets interface.
Adding Registry Values. Other values that you may add to HKEY_LOCAL _MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters are:
ArpCacheLife. Specifies how long entries will remain in the ARP cache table. An entry remains in the ARP table until it expires or the table entry is reused.
DefaultTTL. Is the default Time to Live (TTL) value found in the header of outgoing IP packets. TTL is the number of seconds that an IP packet can live on a network without reaching its destination.
KeepAliveInterval. Calculates the interval between keep-alive retransmissions until a received response. Basically calculates the wait until the next keep-alive transmission. After the number of transmissions specified in TcpMaxDataRetransmissions are unanswered, the connection will abort.
KeepAliveTime. Specifies the interval that TCP sends a keep-alive packet to verify a connect is still intact.
TcpMaxConnectRetransmissions. Is the number of times that TCP retransmits a connect request before aborting its attempts. Interestingly, this value is doubled with each attempt from its default three seconds.
TcpMaxDataRetransmissions. Is the number of times that a data segment will be retransmitted by TCP before aborting.
TcpNumConnections. Is the maximum number of open TCP connections that can occur simultaneously.
TcpTimedWaitDelay. Determines how long a connection stays in a wait state known as TIME_WAIT before being closed.
TcpUseRFC1122UrgentPointer. Defines how TCP defines urgent. “1” is based on RFC 1122. “0” or no entry in the Registry uses the “mode” from Berkeley-derived BSD systems.
A DAY IN THE LIFE OF A TCP/IP PACKET
Remember the famous photo essay book A Day in the Life of America, which showed a snapshot of life in America? It was interesting and introspective. I thought you might enjoy getting into the details of a day in the life of a packet in a similar manner. As stated in RFC 791, which relates to the IP portion of the packet:
“The implementation of a protocol must be robust. Each implementation must expect to interoperate with others created by different individuals. While the goal of this specification is to be explicit about the protocol there is the possibility of differing interpretations. In general, an implementation must be conservative in its sending behavior, and liberal in its receiving behavior. That is, it must be careful to send well-formed datagrams, but must accept any datagram that it can interpret.”
When you get down to packet analysis, you are often left thinking that it’s amazing this stuff works as well as it does. That said, many have asked over the years just how do you “read” a TCP/IP packet. Well, this is how you do it!
IP
First, examine the IP portion of the TCP/IP network packet, because it comes first in the packet (see Figure 4-19).
Version: 4 bits
The Version field indicates the format of the internet header. As you can see in Figure 4-19, this is version 4.
Internet Header Length (IHL): 4 bits
Internet Header Length is the length of the internet header in 32-bit words and points to the beginning of the data. The minimum value for a correct header is 5.
Microsoft Learning Snack - Green IT Through Virtualization Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.
Order Your Fundamentals CD Today! Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Microsoft Learning Snack - Virtualization Basics With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.
Microsoft Learning Snack - Virtualization Basics With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.
Empower Your Processes with PowerShell 201 Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!
Microsoft Learning Snack - Green IT Through Virtualization Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.
New Release: Windows IT Pro Master CD 13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro
Register
