Network Services

Hotspot Mikrotik 777

Technology has been used Bootstrap Compatible Mobile.

Design Hotspot-12 beautiful Server Mikrotik

Design Hot Spot Mikrotik Free

Hotspot login server free

Hotspot login server free.

Merge 2 lines in server Pfsense?

Merge 2 lines in server Pfsense server free.

setup squid cahce in Ubuntu

How to setup squid cahce in Ubuntu ?

Saturday, December 14, 2013

Design Hotspot-V1 Server Mikrotik


Design Hotspot-V1  Server Mikrotik




حمل من هنا 

رجاء تغيير بيانات الاتصال 

مع تحيات كنزى نت

Friday, December 6, 2013

Answers to Review Questions ( Network+ Chapter 3 )


Answers to Review Questions

1. D. Samba is installed on a UNIX server to allow Windows clients to be able to see the UNIX device as a server on the Windows network.

2. D. The NetBEUI/NetBIOS protocol stack does not contain a Network layer routing protocol because it was intended for LAN use only and, as such, cannot be routed.

3. B. The range of the numbers for the first octet in a Class B IP addressing scheme is 128–191. The range of 0–127 is for Class A, 192–223 is for Class C, and 224–255 is reserved for other classes
and purposes.

4. A. The purpose of a subnet mask is to separate the network portion and the host portion of an IP address. In the Internet Protocol addressing scheme, it is a group of selected bits whose values serve to identify a subnet. All members of the subnet share the mask value. Once each portion is identified using the mask, members of each subnet can be referenced more easily.

5. C. Port 80 is the TCP port number used to initiate HTTP connections between web client (browser) and web server. Port 23 is used for Telnet, port 25 is used for SMTP, and port 443 is
used for less common secure web server access using HTTPS.

6. D. The TCP port number used to initiate connections between POP3 clients and servers is 110. As previously mentioned, port 25 is used for SMTP, and port 80 is used for HTTP connections.
Port 100 is not normally used in typical Internet communications.

7. A. FTP clients connect to FTP servers using TCP port 21. As already mentioned, port 25 is used for SMTP, port 80 is used for HTTP, and port 110 is used for POP3 mail communications.

8. B. Internet e-mail servers send mail between themselves using the SMTP protocol. The SNMP protocol is used for the management and monitoring of various network devices. The POP protocol is used to download e-mail from mail servers. Telnet is used for remote terminal emulation.

9. C. 255.255.255.0 is the default subnet mask for a Class C address, 255.0.0.0 is the default for a Class A, 255.255.0.0 is the default for Class B, and 255.255.255.255 is the universal broadcast
address.

10. D. Most often, NAT is used in routers and firewalls to translate between two different IP addresses. 

11. B. All 1s in the host portion of an IP address represent the broadcast address for the corresponding subnet. All 0s in the host portion represent the identification of the network or subnet itself. Not being configured with the IP address of a DNS server or the default gateway will not completely disable network communications.

12. B. Of those listed, the only one that maintains a virtual “connection” is TCP. UDP and NetBEUI are both connectionless, and DDP is AppleTalk’s connectionless Datagram Delivery Protocol.

13. D. An extranet is basically an intranet with limited outside access granted to suppliers and affiliates. The Internet and an internet are far too broad to describe this type of network. Intranets, by definition, do not allow any outside access.

14. B. SMTP initiates connections between servers using TCP port number 25.

15. D. The correct acronym expansion for FQDN is Fully Qualified Domain Name. The FQDN is the complete name of an Internet host (e.g., www.sybex.com) that is used when referencing a host from outside that host’s LAN.

16. D. The refresh value in the SOA record of a zone file indicates how many seconds the secondary DNS server will wait before asking the primary server if the zone file has changed. Increasing this value will cause the secondary server to contain invalid information longer, but decreasing the refresh value, as in option A, by too much will generate unnecessary traffic. Option B would
occur by increasing the minimum TTL value in the SOA record and will simply cause resource records to expire less frequently, also increasing the likelihood that cached information will be
invalid. However, decreasing this value does not necessarily trigger a zone transfer for updated information, as decreasing the refresh value would.

17. A, C. Any time the IP address of a server that needs to be accessible from the Internet changes or is added, the entity responsible for maintaining the authoritative zone file for the domain that the server is on must be contacted to make changes to such records as the A record, the MX record, and the SOA record. Changing cabling or adding devices that do not need to be accessed
by name from the Internet are not situations that require a change to the DNS zone file.

18. D. The proper expansion of FTP is File Transfer Protocol. The abbreviation is more commonly used when referring to file-transferring protocols. There can be several protocols for transferring files between machines and/or networks. For example, FTAM provides file-transfer service for networks that use the OSI reference model, and FTP provides these services for TCP/IP protocols.

19. D. Proxy servers act on behalf of clients to provide Internet access and other Internet services. Generally speaking, however, a proxy server does not convert a nonroutable protocol to a
routable protocol.

20. C. Virtual LANs allow a network to be segmented virtually, inside a network switch, so that several ports are grouped together and function collectively as a network segment, possibly by
departmental or other logical groupings.

Exam Essentials ( Network+ Chapter 3 )


Exam Essentials

Be able to recognize the different protocols within TCP/IP and be able to define their purpose and function. The TCP/IP stack is made up of several protocols, which perform such functions as protocol transport, file access, file transfer, and mail transfer. These protocols include TCP, SMTP, IP, NNTP, HTTP, and FTP.
Be able to differentiate between the Internet, an internet, an intranet, and an extranet. When Internet is capitalized, it refers to the worldwide TCP/IP internetwork that we all know and love or hate, whereas internet is a more generic term referring to a network in which routers or other layer 3 devices are present. An intranet is an internetwork with well-defined administrative boundaries, while an extranet expands the intranet to include trusted outside networks. Be able to define the function of common TCP and UDP ports. You should know how to coordinate protocol name and function with port number. (Refer to Table 3.1 for specific examples.) Know how to identify IP addresses (IPv4, IPv6) and their default subnet masks. IPv4 =xxx.xxx.xxx.xxx, where xxx is a number from 0 to 255. The default subnet mask is 255.0.0.0
for a Class A address (IP range is 0.x.x.x to 127.x.x.x), 255.255.0.0 for a Class B (IP range is 128.x.x.x to 191.x.x.x), and 255.255.255.0 for a Class C (192.x.x.x to 223.x.x.x).
IPv6 = xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, where x is a hexadecimal digit. IPv6 has no address classes and thus no default subnet mask. Know how to identify the purpose of subnetting and of default gateways. The purpose of subnetting is to divide a network into two or more segments, gaining more addressable segments from a single address space and reducing congestion. Default gateways are configured so that a host has an address to send an encapsulated packet to when it doesn’t know a specific
route to the destination address. Know how to identify the difference between public and private networks. Public networks
are networks that are open to the general public and, as such, use valid IP addresses that can be “seen” by the general public. The Internet is an example of a public network. Private networks,
on the other hand, use addresses that cannot be seen by the general public and are not available for public use or allowed onto the Internet in any way. Your company’s LAN is an example of
     a private network. These addresses must be translated to public addresses in order to allow the internal devices to communicate on the Internet. Identify the purpose, benefits, and characteristics of using a proxy service. A proxy server keeps a LAN somewhat separated from the Internet. Doing so increases security and filtering control and has the tendency to speed up Internet access through caching of recently used web pages. Be able to describe the main characteristics of VLANs. Virtual LANs (VLANs) are a feature of network switches that allow machines on different physical network segments to be organized into a virtual segment, or VLAN.

Review Questions ( Network+ Chapter 3 )


Review Questions

1. Where should Samba be installed to allow a Microsoft operating system access to a UNIX operating system?
A. On the Microsoft client
B. On the Microsoft server
C. On the UNIX client
D. On the UNIX server

2. Which feature is not available in NetBEUI/NetBIOS?
A. It is self-tuning.
B. It is fast in small networks.
C. It requires little configuration.
D. It is routable.

3. The Class B address range for the first octet is ________.
A. 1–127
B. 128–191
C. 192–223
D. 224–255

4. What does a subnet mask allow a TCP/IP device to differentiate?
A. Network ID and host ID
B. Workgroups from each other
C. Host IDs
D. All the above

5. HTTP usually connects to a web server on port number __.
A. 21
B. 25
C. 80
D. 443

6. The port number for POP3 mail is ___________________.
A. 25
B. 80
C. 100
D. 110

7. FTP usually connects to the server on port number ________.
A. 21
B. 25
C. 80
D. 110

8. Internet mail is sent between mail servers via which protocol?
A. SNMP
B. SMTP
C. POP
D. Telnet

9. What is the default subnet mask for a Class C address?
A. 255.0.0.0
B. 255.255.0.0
C. 255.255.255.0
D. 255.255.255.255

10. Network Address Translation, or NAT, is found in ______.
A. Hubs
B. Transceivers
C. NIC protocol drivers
D. Routers

11. Joe’s computer has been configured with an IP address in which the host bits are all binary 1s. Joe can’t seem to communicate on the network at all. What is the most likely problem?
A. Joe’s computer is configured with an IP address that conflicts with another device.
B. Joe’s computer is configured with the broadcast address for his subnet.
C. Joe’s computer needs to be configured with the IP address of a DNS server.
D. Joe’s computer needs to be configured with the address of the default gateway.

12. Which protocol is considered connection-oriented?
A. DDP
B. TCP
C. NetBEUI
D. UDP

13. What type of network includes limited outside access to internal corporate resources?
A. The Internet
B. An internet
C. An intranet
D. An extranet

14. SMTP normally operates through port number __________.
A. 21
B. 25
C. 80
D. 110

15. FQDN is an acronym for ___________________.
A. Fully Qualified Division Name
B. Fully Qualified DNS Name
C. Fully Qualified Dynamic Name
D. Fully Qualified Domain Name

16. What is the result of increasing the refresh value in the SOA record of a zone file on a primary DNS server?
A. The secondary DNS servers will be updated with changes to the zone file more quickly and more often.
B. The minimum time to live for resource records without a TTL setting will be increased.
C. The time after a secondary DNS server receives a zone transfer when it considers the zone information to be invalid increases.
D. The secondary DNS servers will be updated with changes to the zone file less quickly and less often.

17. Which of the following changes would require an administrator to contact the service provider that hosts the primary DNS server for the administrator’s DNS domain? (Choose all that apply.)
A. The company changed IP addressing schemes, and the web server’s address changed as a result.
B. The company added 15 new client PCs to the network.
C. The company added a new mail server.
D. The company upgraded from Category 3 cabling to Category 5e.

18. FTP is the abbreviation for ___________________.
A. Formal Transfer Protocol
B. Full Transfer Protocol
C. Final Transfer Protocol
D. File Transfer Protocol

19. Which of the following is not a feature of a proxy server?
A. It can reduce Internet traffic requests.
B. It can assist with security.
C. It can reduce user wait time for a request.
D. It can convert a nonroutable protocol to a routable protocol.

20. What is the primary purpose of a VLAN?
A. Demonstrating the proper layout for a network
B. Simulating a network
C. Segmenting a network inside a switch or device

Understanding Subnets


Understanding Subnets

 The IP addressing scheme provides a flexible solution to the task of addressing thousands of networks, but it is not without problems. The original designers did not envision the Internet growing
as large as it has; at that time, a 32-bit address seemed so large that they quickly divided it into different classes of networks to facilitate routing rather than reserving more bits to manage the
growth in network addresses. To solve this problem, and to create a large number of new network addresses, another way of dividing the 32-bit address was developed, called subnetting. An IP subnet modifies the IP address by using host ID bits as additional network address bits. In other words, the dividing line between the network address and the host ID is moved to the right, thus creating additional networks but reducing the number of hosts that can belong to each network. When IP networks are subnetted, they can be routed independently, which allows a much better use of address space and available bandwidth. To subnet an IP network, you define a bit mask, known as a subnet mask, in which a bit pattern of consecutive 1s followed by consecutive 0s is ANDed with the IP address to produce a network address with all 0s in the host ID.
Working out subnet masks is one of the most complex tasks in network administration and is not for the faint of heart. If your network consists of a single segment (in other words, there
are no routers on your network), you will not have to use this type of subnetting, but if you have two or more segments (or subnets), you will have to make some sort of provision for distributing
IP addresses appropriately. Using a subnet mask is the way to do just that. The subnet mask is similar in structure to an IP address in that it has four parts, or octets, but it works a bit like a template that, when superimposed on top of the IP address, indicates
which bits in the IP address identify the network and which bits identify the host. In binary, if a bit is on (set to 1) in the mask, the corresponding bit in the address is interpreted as a network
bit. If a bit is off (reset to 0) in the mask, the corresponding bit in the address is part of the host ID. The 32-bit value may then be converted to dotted decimal notation for human consumption.
Sometimes, you will use only one subnet mask to subnet your network. Variable Length Subnet Masking (VLSM) is the practice of using more appropriate varied subnet masks with the same
classful network for the different subnet sizes. A classful network is one subnetted to the default boundaries of network and host bits, based on the class of IP address. A subnet is only known and understood locally; to the rest of the Internet, the address is still
interpreted as a classful IP address (and maybe even as a group of classful addresses) if an entity has administrative control over a contiguous block of such addresses. Table 3.2 shows how this
works for the standard IP address classes. Routers then use the subnet mask to extract the network portion of the address so that they can compare the computed network address with the routing table entry corresponding to the mask used and send the data packets along the proper route on the network.

TABLE 3 . 2 Default Subnet Masks for Standard IP Address Classes

Because pretty much all the Class A and Class B networks are taken, you are most likely to encounter subnet-related issues when working with a Class C network or with any private address space. In the next section, you’ll get a detailed look at how to subnet a Class C network.

Why Subnet?
When faced with the choice of whether or not to subnet your network, you must remember several of the advantages to subnetting. The following list summarizes the advantages of the subnetting solution:
  • It minimizes network traffic, decreasing congestion.
  • It isolates networks from others.
  • It increases performance.
  • It optimizes use of IP address space.
  • It enhances the ability to secure a network.


Simple Mail Transfer Protocol (SMTP)


Simple Mail Transfer Protocol (SMTP)

Simple Mail Transfer Protocol (SMTP) allows for a simple e-mail service and is responsible for moving messages from one e-mail server to another. The e-mail servers run either Post Office
Protocol (POP) or Internet Mail Access Protocol (IMAP) to distribute e-mail messages to users.

Summary ( Chapter 3 )

Summary

In this chapter, you learned the basics of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. First of all, you learned how TCP/IP works and about the various parts that
make up TCP/IP. Then you learned about the Transport Control Protocol, the first part of TCP/IP, and how it is used to transport data within TCP/IP. Following that, you learned how the Network
layer protocol IP is used.
     In addition to these two protocols, you learned of the various application protocols (like SMTP, FTP, and HTTP) and how they work. Relating very closely to that was the idea of ports and sockets for each protocol and how each port is mapped to a specific protocol or is specified for each.
One concept that gives many people trouble is the concept of TCP/IP addressing, which was covered in this chapter for both IPv4 and IPv6. Also, those addresses must be resolved into “friendly” names, a detail which was covered in the section “Name Resolution Methods.” Also in this chapter, you learned how to configure TCP/IP on a Windows-based workstation.
Finally, you learned about Virtual LAN (VLAN) technologies and how they work within a network.

Thursday, December 5, 2013

Zero Configuration (ZeroConf)


Zero Configuration (ZeroConf)

As anyone who’s ever tried to hook their laptop to someone else’s to use TCP/IP to play video games, transfer files, or whatever, will tell you…it’s a pain. Even though computer manufacturer’s
and software programmers will tell you that networking is supposed to be simple, it really isn’t. You need to configure several parameters (IP address, DNS or host name, etc.) properly
or you won’t be able to communicate. These parameters are usually no problem for network technicians, but what about the average person? Configuring peer-to-peer or small network networking usually involves a game of “What should my IP address be?” between the people that want to network.
Enter the Internet Engineering Task Force (IETF) and the Zero Configuration (ZeroConf) initiative. The primary goal was to make networking via TCP/IP extremely easy and “hands off” for small networks. Ideally, two computers could be connected through Ethernet jacks with only a crossover cable and be able to communicate without any further configuration. In order
to accomplish this, the ZeroConf working group of the IETF had four main areas of focus:

1. Automatic Interface address configuration
2. Automatic Multicast address configuration
3. Translation of addresses to names and names to addresses
4. Service location

In order for the ZeroConf initiative to be successful, each of these components must be implemented in the ZeroConf protocol.

Note:
Apple Computer has been a large participant in the design of the ZeroConf protocol.
It has its own protocol, called Rendezvous, which itself is an open Zero-Conf protocol that has been submitted to the IETF for approval.
Automatic Local Interface Configuration
As you may already know, a computer must have a local IP address in order to communicate. Instead of relying on static addressing (too much work and too much to know) or dynamic addressing (other hardware required), ZeroConf allows for automatic configuration by the two communicating entities themselves. In the absence of a manually configured address or a DHCP server, the communicating entities will “figure out” their own local IP addresses (known as linklocal addresses) as follows: First, for each interface, each computer chooses a random TCP/IP address somewhere in the address space 169.254.1.0 to 169.254.254.255 (that is 169.254.0.0/ 16 with the top and bottom 256 addresses reserved for future use). Then, the computer configures its local interface with this address. Of course, it wouldn’t do any good if both computers chose the same address. So, two things happen to prevent that. First of all, the random number used to select the IP address is based on several computer-specific items (including the MAC address, real time clock, etc.) so that each computer is guaranteed a unique address. In addition, after the unique address is selected, it must be tested to ensure that no other device is using the same link-local address. To do this, the computer uses ARP to tell the other computers on the network segment connected to the interface being configured what IP address it intends to use. If no devices respond that they are already using that address, the interface is configured with the chosen address and communication
can take place.

Note:
 Windows has had this capability since Windows 98. Microsoft calls it Automatic
Private IP Addressing, or APIPA. The basics of this capability have been
incorporated into the ZeroConf proposed standard.

Multicast Address Selection
Another requirement of the ZeroConf initiative is that there is a mechanism for automatically choosing multicast addresses for the network. The IETF has defined the standard for the Zero- Conf Multicast Address Allocation Protocol (ZMAAP). This protocol is used to allocate multicast addresses among the various peers in small, peer-to-peer networks.
This protocol is the polar opposite of the multicast address assignment protocol known as MADCAP, which stands for Multicast Address Dynamic Client Allocation Protocol. Where
MADCAP is a client-server multicast address allocation scheme, ZMAAP is a peer-to-peer allocation scheme. Essentially, each node on a ZeroConf network is running its own little multicast 
allocation service (called a mini-MAAS in ZeroConf parlance). Any entity that needs a multicast address will make a request to its local mini-MAAS, which will then select an address and, before permanently allocating it, inform the other local mini-MAASs of its choice. If there are any objections, the originating mini-MAAS will rechoose the address. Otherwise, it will go ahead and allocate the address.

Name Resolution
You might think that there isn’t a way around name resolution, apart from constantly exchanging HOSTS files or some other silliness. In actuality, ZeroConf relies on standard TCP/IP protocols, including one known as Multicast DNS. Traditional DNS relies on centralized servers to answer DNS queries. But the addresses of these servers must be configured (and the goal is zero
configuration), so the designers of ZeroConf decided to use Multicast DNS. Multicast DNS was a little-used protocol until ZeroConf came along. 
       Traditional name resolution works much like asking the host at a party to introduce you to the people in the party you don’t know. Let’s say you wanted to know which person in the room was named John. With the traditional DNS model, you would ask the party host (the “DNS server” in our scenario). If you were to use Multicast DNS in the same scenario, you would simply
shout in the room, “Hey, is there a John in here?”
       Multicast DNS essentially puts out a multicast transmission that asks for the address of the network name being requested. This works great in small networks, but the amount of traffic required and the introduced delays make Multicast DNS impractical for larger networks, such as the Internet.

Service Location
The final aspect of ZeroConf is service location. It is important on networks to be able to locate services. AppleTalk is the master of finding services on a network without configuration. Apple
designed it so that whenever you plugged a printer into an AppleTalk network, it would advertise itself on the network and you could just choose it. This traditionally has been difficult on
TCP/IP networks. Furthermore, the chatty nature of such services would not be welcome on large networks.
       The IETF has designed a protocol specifically for locating services on a ZeroConf network.
That protocol is known as DNS Service Discovery, or DNS-SD. DNS-SD allows clients to use regular DNS queries, without the need for a new DNS message structure, to find a list of names

of particular types of services provided within a particular domain.

The Windows Registry


The Windows Registry

All of this TCP/IP configuration information is stored in the Windows Registry database, along with lots of other hardware and software configuration information. You can change most of the
TCP/IP parameters by using the Network applet in Control Panel as you have just seen. Certain parameters, however, such as Time to Live and the default Type of Service, can be changed only by using the Registry Editor (regedit.exe or regedit32, depending on your preference). If you change some of these Registry parameters without detailed knowledge of TCP/IP configuration, you may affect the performance of TCP/IP on your system in an adverse and unexpected way.

Top:
If you are configuring TCP/IP on a Windows NT or 2000 device and you want to
know more, check out the Microsoft Knowledge Base article 120642 on the
Microsoft website at www.microsoft.com. This article covers all the standard,
optional, and nonconfigurable TCP/IP parameters and describes which parameters
are updated by using the Network applet in Control Panel and which are
changed using the Registry Editor. If you want to see the equivalent article for
Windows XP, check out article 314053.

In the next chapter, you’ll get a look at some of the utilities in the TCP/IP toolkit that you can use to view and troubleshoot your TCP/IP network. All of these tools are based on the original
UNIX tools, but these days they are available in one form or another for all operating systems, including all versions of UNIX, Novell NetWare, and Microsoft Windows. 

Virtual LANs (VLANs)


Virtual LANs (VLANs)

With the introduction of Ethernet switches, and their subsequent replacement of Ethernet hubs in corporate LAN environments, came the power to manage traffic flow much more efficiently
and in many different ways. One of those ways was to allow users on different switch ports to participate in their own network separate from, but still connected to, the other stations on the
same or connected switch. This “network-within-a-network” concept became known as Virtual LAN (VLAN) technology.
       Let’s say, for example, that you have a 24-port Ethernet switch. If you have a group of users that constantly use a particular server and produce very large amounts of broadcast traffic, you might want to separate them into their own segment. But, with VLAN-capable switches, you are able to modify the segmentation within the switch itself regardless of geographical proximity of the VLAN members, thus saving you the expense of additional network hardware or recabling. To do this, you would use the switch management software to assign the ports on which those users and their server were working to their own VLAN. The VLAN for this group could be VLAN #2, for example, and the VLAN everyone else is assigned to could be the default management VLAN #1. Users would still be able to communicate with each other and their respective servers (assuming a router was installed), but broadcast traffic would be isolated. With large, enterprise-capable switches, this benefit is realized even more so. With hundreds of ports, you can segment the network any way you’d like, even on-the-fly and into many different segments.
       Let’s say, for example, a company’s network is divided into VLANs based on the departmental affiliation of the users. Bob transfers from the finance department to the accounting
department but keeps his same office. Susan moves from one building to another but remains in the marketing department. The administrator needs simply to configure Bob’s switch port to
be in the Accounting VLAN and Bob immediately enters the Accounting broadcast domain. Of course, Bob’s computer must be reconfigured for the subnet related to the Accounting VLAN,
which can be done centrally by rescinding his DHCP lease. Once his system requests a new DHCP lease, the DHCP server with the scope for his new subnet will offer him the proper IP information. The administrator can then configure the new port on the new switch that Susan is now plugged into for the marketing department, and regardless of her physical move, Susan never notices that she is connected to different switch hardware and her IP configuration can remain the same.

Note:
In practice, each VLAN corresponds to a different IP subnet, which is why a router is required to change the VLAN affiliation of a frame. The underlying packet has to be routed to the destination subnet, even if the intended recipient happens to be connected to the switch port right beside the port leading from the source device.

The Options Tab


The Options Tab

The Options tab allows you to adjust IP security and TCP/IP filtering settings (see Figure 3.10).

FIGURE 3 . 1 0 The Options tab of the Advanced TCP/IP Settings dialog box


Highlighting the IP Security option and clicking the Properties button leads to the ability to turn off IPSec functionality or set it to one of three modes of varying aggressiveness, beginning with simply responding to requests for IP security, then progressing to requesting IP security, and finally to requiring it.
       The TCP/IP filtering option allows you to exercise quite a bit of control over which protocols are allowed to communicate with the computer. Filtering may be performed on any combination

of TCP and UDP port numbers and IP protocol number.


Wednesday, December 4, 2013

The WINS Tab


The WINS Tab

By adding the IP addresses of WINS servers in the WINS tab, shown in Figure 3.9, you specify that those servers be used in order to resolve a NetBIOS name to an IP address. The order can
be adjusted after address entry.


FIGURE 3 . 8 The DNS tab of the Advanced TCP/IP Settings dialog box



FIGURE 3 . 9 The WINS tab of the Advanced TCP/IP Settings dialog box

On this tab, you can enable the use of the local LMHOSTS file in the %SystemRoot%\system32\drivers\etc folder of the Windows 2000 family of operating systems. You can also make choices
concerning the use of NetBIOS over TCP/IP.

Note:
For the value of variables, such as %SystemRoot%, execute the set command from a command prompt on your Microsoft Windows machine.

The DNS Tab


The DNS Tab

You use the DNS tab, shown in Figure 3.8, to add, edit, or remove DNS server addresses and adjust the order in which they will be queried. You also have quite a bit of granularity with how you can control the use of DNS suffixes, which refer to the part of FQDNs that should be used when you’re trying to resolve a name to an IP address and the entered name alone does not produce a match. Dynamic DNS settings are adjusted in this tab as well.
You know from earlier in this chapter that an FQDN consists of the name of the host followed by the domain name. For example, if the name of the local computer is wallaby and the domain is sybex.com, the FQDN is wallaby.sybex.com.

The IP Settings Tab


The IP Settings Tab

You use the IP Settings tab, shown in Figure 3.7, to specify, edit, or remove additional IP addresses for this device when you are not using DHCP. This can be helpful when the device is acting as more than one type of server. Using an IP address for each type of server aids in clarity during configuration and troubleshooting. Additionally, you can make the same kinds of adjustments to the statically configured default gateway(s). The interface metric can be used to cause the device to favor one interface over another for otherwise equivalent routes. This is most helpful when the device is acting as a router with multiple NIC cards and possibly a dynamic
routing protocol (such as RIP or OSPF) running.


FIGURE 3 . 7 The IP Settings tab of the Advanced TCP/IP Settings dialog box



Tuesday, December 3, 2013

Configuring TCP/IP on Windows Workstations


Configuring TCP/IP on Windows Workstations

Being able to configure your operating system to use TCP/IP is a must for any network administrator.
Because Microsoft Windows is the dominant operating system, we will show you how to configure a Windows client to use TCP/IP. The information in this section assumes that you already have Windows 2000 running on the client.
Because you are likely using Plug and Play network interface cards, Microsoft Windows 2000 automatically installs TCP/IP on your machine. In this case, you can skip ahead to the discussion
in Chapter 4 on how to use the TCP/IP utilities to confirm that your system is up and running properly.
       If, however, you want to look at or change some of the configuration settings or if TCP/IP

doesn’t seem to be installed on your system for whatever reason, stay with this chapter.

Note:
There is very little difference between configuring TCP/IP on a Windows 2000
device regardless of the exact version or function, such as Server or Professional.
The dialog boxes you use are virtually identical. Windows 2000 Professional
is used in the discussion that follows. Windows XP and 2003 are slightly
different in appearance, but still very similar.
 To begin configuring TCP/IP, follow these steps:

  1. Choose Start Settings Control Panel Network and Dial-Up Connections to open the Network and Dial-Up Connections dialog box, which lists all of the currently installed network components.
  2. Right-click one of your network adapters and select Properties to open the Properties dialog box for your adapter.
  3. If you do not see Internet Protocol (TCP/IP) in the scrolling list (assuming you have enough entries to scroll), follow the next three steps. If you do see it, skip to step 7.
4.  Click the Install button, which brings up the Select Network Component Type window.

5. Click Protocol in the list and click the Add button to bring up the Select Network Protocol dialog box.

6.  Select Microsoft from the left frame and Internet Protocol (TCP/IP) from the right frame and click the OK button. This will take you back to the Properties dialog box for your adapter. Now Internet Protocol (TCP/IP) should appear in the scrolling list.

7.  Click Internet Protocol (TCP/IP) and click the Properties button, which brings up the Internet Protocol (TCP/IP) Properties window.


8. Initially, you see the General tab, which is set to obtain your IP address, subnet mask, default gateway, and DNS server(s) via DHCP. You may select the alternate radio buttons to manually enter this information.
9. Click the Advanced button, which brings up the Advanced TCP/IP Settings dialog box.
10. Notice the IP Settings, DNS, WINS, and Options tabs along the top of the Advanced TCP/IP Settings dialog box (shown in Figure 3.7 in the next section).

In the following sections, we will look at these four tabs. In addition, we will cover key information regarding the configuration database of Windows, known as the Registry, and the open
set of protocols, known as ZeroConf, designed to reduce the amount of manual TCP/IP configuration necessary to bring up a small network.

Using WINS


Using WINS

WINS, or Windows Internet Naming Service, is an essential part of the Microsoft networking topology as long as NetBIOS is still in use. But before we get into the discussion of WINS, we must define a few terms, including these two protocols—NetBIOS and NetBEUI. 
NetBIOS NetBIOS (pronounced “net-bye-ose”) is an acronym formed from network basic input/output system, a Session layer network protocol originally developed by IBM and Sytek to manage data exchange and network access. NetBIOS provides an application programming interface (API) with a consistent set of commands for requesting lower-level network services to transmit information from node to node, thus separating the applications from the underlying network operating system. Many vendors once provided either their own version of NetBIOS or an emulation of its communications services in their products.

NetBEUI NetBEUI (pronounced “net-boo-ee”) is an acronym formed from NetBIOS Extended User Interface, an implementation and extension of IBM’s NetBIOS transport protocol from Microsoft. NetBEUI communicates with the network through Microsoft’s Network Driver Interface Specification (NDIS). NetBEUI was once shipped with all versions of Microsoft’s operating systems and is generally considered to have a lot of overhead. It also has no structure to its addressing format, which does not allow determination of a network and therefore means it has no routing capability, making it suitable only for small networks; you cannot build internetworks with NetBEUI, and so it is often replaced with TCP/IP. Microsoft added extensions to NetBEUI in Windows NT to remove the limitation of 254 sessions per node. This extended version of Net- BEUI is called the NetBIOS Frame (NBF).


      WINS is used in conjunction with TCP/IP and maps NetBIOS names to IP addresses. For example, you have a print server on your LAN that you have come to know as PrintServer1. In the past, to print to that server you needed only to remember its name and to select that name from a list. However, TCP/IP is a completely different protocol and doesn’t understand Net- BIOS names; it therefore has no way of knowing the location of those servers. That’s where WINS comes in.
      Each time you access a network resource on a Windows network using TCP/IP, your system needs to know the host name or IP address. If there are no routers in your network, NetBIOS speaking devices can simply broadcast their presence on the network and broadcast a request for the unknown MAC address of a known NetBIOS name, all without a WINS server. Once routers are introduced, however, the broadcasts that NetBIOS uses for resolution do not make it through the routers, so connectivity is lost to devices not on the same subnet as the requesting device. If WINS is installed in a routed environment, you can continue using the NetBIOS names that you have previously used to access the resources because WINS provides the cross-reference from NetBIOS name to IP address for you. Once the IP address is known, ARP can be used to obtain the MAC address after the packet has been routed to the proper IP subnet.

Note:
A NetBIOS name doesn’t always refer to just a machine. Several services on a machine can also have their own NetBIOS names.

When you install and configure TCP/IP, as described later in this chapter, you’ll see a place to specify the WINS server addresses. These addresses are stored with the configuration, and
TCP/IP uses them to query for host names and addresses when necessary. WINS is similar toDNS in that it cross-references host names to addresses; however, as mentioned earlier, WINS
resolves NetBIOS names to IP addresses, but DNS resolves TCP/IP FQDNs to IP addresses.
      Another major difference between WINS and DNS is that WINS builds its own reference tables dynamically but you have to configure DNS manually. Dynamic DNS (DDNS) does exist,

but it is not yet implemented on the Internet. When a workstation running TCP/IP is booted and attached to the network, it uses the WINS address settings in the TCP/IP configuration to communicate
with the WINS server. The workstation gives the WINS server various pieces of information about itself, such as the NetBIOS host name, the actual username logged on to the workstation, and the workstation’s IP address. WINS stores this information for use on the network and periodically refreshes it to maintain accuracy.
       Microsoft, however, has developed a new DNS record—called DNS Server—that allows the DNS server to work in perfect harmony with a WINS server. The Microsoft DNS Server software
was shipped with Windows NT and later server systems. Here’s how it works: The host name portion of the DNS FQDN can be looked up on the WINS server for hosts in the local domain. Thus, you need not build complex DNS tables to establish and configure name resolution on your server; Microsoft DNS relies entirely on WINS to tell it the addresses it needs to resolve. And because WINS builds its tables automatically, you don’t have to edit the DNS tables when addresses change; WINS takes care of this for you. This feature also is not available on the Internet.
      You can use both WINS and DNS on your network, or you can use one without the other. Your choice is determined by whether your network is connected to the Internet and whether your host addresses are dynamically assigned. When you are connected to the Internet, you must use DNS to resolve host names and addresses because TCP/IP depends on DNS service for address resolution. Addresses of both DNS and WINS servers can be supplied to a host with its Dynamic Host Configuration Protocol (DHCP) lease.

Using DHCP
The primary reason for using DHCP is to centralize the management of IP addresses. When the DHCP service is used, DHCP scopes include pools of IP addresses that are assigned for automatic distribution to client computers on an as-needed basis, in the form of leases, which are periods of time for which the DHCP client may keep the configuration assignment. Clients attempt to renew their lease at 50 percent of the lease duration. The address pools are centralized on the DHCP server, allowing all IP addresses on your network to be administered from a single server. It should be apparent that this saves loads of time when changing the IP
addresses on your network. Instead of running around to every workstation and server and resetting the IP address to a new address, you simply reset the IP address pool on the DHCP
server. The next time the client machines are rebooted, they are assigned new addresses.

    If the client workstation cannot locate the DHCP server on the network automatically, either you will see an error message to that effect when you restart the client workstation or Automatic Private IP Addressing (APIPA) running on the machine will assign itself an IP address in the 169.254.0.0/16 address range.

    More capable than RARP, DHCP is an update to the Bootstrap Protocol (BootP) and can manage much more than the IP addresses of client computers. It can also assign DNS servers, WINS servers, default gateway addresses, subnet masks, and many other options.


Using DNS


Using DNS

The abbreviation DNS stands for Domain Name Service. You use DNS to translate host names and domain names to IP addresses, and vice versa, by means of a standardized lookup table that
the network administrator defines and configures. The system works just like a giant telephone directory.
Suppose you are using your browser to surf the Web and you enter the URL http:// www.microsoft.com to go to the Microsoft home page. Your web browser then asks the TCP/IP protocol to ask the DNS server for the IP address of www.microsoft.com. When your web browser receives this address, it connects to the Microsoft web server and downloads the home page. DNS is an essential part of any TCP/IP network because it simplifies the task of remembering
addresses; all you have to do is simply remember the host name and domain name. A DNS zone is an administrative area or name space within a DNS domain. For example, sybex.com is a DNS domain, but there is a server that is authoritative over the sybex.com

name space, or zone. An additional level could be added to sybex.com, making, for instance, networkbooks.sybex.com. The networkbooks zone would be handled by a particular server.
The server holds the zone file, or DNS table, for that zone. DNS tables are composed of records. Most records are composed of a host name, a record type, and an IP address. There are several
record types, including the address record, the mail exchange record, the CNAME record, and the SOA record.
      There are primary DNS servers, which are authoritative for the zone for which they carry the zone file, and secondary DNS servers, which have a nonauthoritative copy of the zone file updated from the primary server. The DNS zone file must be changed only on the primary server that is authoritative for that zone. If changes are made to the secondary server, the changes will not be propagated elsewhere, and these changes will be lost during the next update from the primary server. What this means is that whenever a change to any record is required, even one as simple as adding the IP address of a new server or changing the IP address of an established one, the change must be performed by the administrator, ISP, or other entity that hosts and has write access to the primary DNS server that is authoritative for the domain/zone in which the change occurs.
        The address record, commonly known as the A record, maps a host name to an IP address. The following example shows the address record for a host called mail in the company.com domain:

mail.company.com.            IN              A              204.176.47.9

The mail exchange (MX) record points to the mail exchanger for a particular host. DNS is structured so that you can actually specify several mail exchangers for one host. This feature provides a higher probability that e-mail will actually arrive at its intended destination. The mail exchangers are listed in order in the record, with a priority code that indicates the order in which the mail exchangers should be accessed by other mail delivery systems.
        If the first priority doesn’t respond in a given amount of time, the mail delivery system tries the second one, and so on. Here are some sample mail exchange records:

hostname.company.com.    IN    MX    10    mail.company.com.
hostname.company.com.    IN    MX    20    mail2.company.com.

hostname.company.com.    IN    MX    30    mail3.company.com. 

In this example, if the first mail exchanger, mail.company.com, does not respond, the second one, mail2.company.com, is tried, and so on.
      The CNAME record, or canonical name record, is also commonly known as the alias record and allows hosts to have more than one name. For example, your web server has the host name
www, and you want that machine to also have the name ftp so that users can use FTP to access a different portion of the file system as an FTP root. You can accomplish this with a CNAME record. Given that you already have an address record established for the host name www, a CNAME record that adds ftp as a host name would look something like this:

www.company.com.       IN     A              204.176.47.2

ftp.company.com.          IN    CNAME      www.company.com.

When you put all these record types together in a zone file, or DNS table, it might look like this:
mail.company.com.           IN   A              204.176.47.9
mail2.company.com.         IN   A              204.176.47.21
mail3.company.com.         IN   A              204.176.47.89
yourhost.company.com.    IN   MX          10  mail.company.com.
yourhost.company.com.    IN   MX          20  mail2.company.com.
yourhost.company.com.    IN   MX          30  mail3.company.com.
www.company.com.          IN  A              204.176.47.2

ftp.company.com.              IN CNAME     www.company.com.

The SOA record, or start of authority record, contains global parameters for the zone and is easily the most crucial record in the zone file. There can be only one SOA per zone file. The SOA record might look something like this:



TABLE 3 . 6 Fields of the DNS SOA Record

TABLE 3 . 6 Fields of the DNS SOA Record (continued)

Note:
You can establish other types of records for specific purposes, but we won’t go into those in this book. DNS can become very complex very quickly, and entire books are dedicated to the DNS system.

The nslookup and dig commands are discussed further in Chapter 4, but a quick peek at a special function of the utility will help tie together the preceding material. The following output was generated by the nslookup utility. Notice the similarity to the actual SOA record shown earlier. Once nslookup is started, entering the command set type=SOA, followed by entering the domain for which you want to view the SOA information for that zone, will produce output similar to this:


C:\>nslookup
Default Server: ns.company.com

Address: 10.184.147.254


> set type=SOA
> company.com
Server: ns.company.com

Address: 10.184.147.254

Non-authoritative answer:
company.com
                primary name server = ns.company.com
               responsible mail addr = dns\.support.company.com
               serial = 55281
               refresh = 7200 (2 hours)
               retry = 3600 (1 hour)
               expire = 604800 (7 days)
               default TTL = 1800 (30 mins)
[output omitted]

>