Implementing TCP/IP in Windows Family
By Wang Wei
This tutorial is designated for exam 70-59 Internetworking with Microsoft® TCP/IP on Microsoft Windows NT® 4.0, for some guy sent me E-mail said it is not easy to find material for this new exam.
But actually I began to write this tutorial long time ago, for I found some time it is difficult to answer some guys' questions regarding FTQ and MCP/MCSE exams. Something I think simple they may have no idea on that. It is very difficult for me to explain everything from scratch. So my suggestion is that if you guys lack the network background and want to take MCP/MCSE exam, please read this tutorial first. I think this tutorial may also somewhat helpful for other exams such as 70-67 NT server, Network Essential as well as Windows 95.
P.s. the FTQ number mentioned in tutorial is just the memo for the design of FTQ on 70-67. Please don't ask me the FTQ_7059, for it is not available yet. Visit http://www.ftq.com to see if we release the FTQ on TCP/IP.
Chapter 1 Introduction
What is TCP/IP?
Everybody may hear of the term TCP/IP (Transmission Control Protocol/Internet Protocol) before reading this tutorial, especially when you need to connect the Internet. Everybody also know internet become more and more important, but while you know the definition of internet -- Multiple TCP/IP networks connected with routers, you will know TCP/IP is also important.
The first idea come to my mind of TCP/IP is that it is an enterprise level networking protocol. It becomes a fashion that labels every product with enterprise. My understanding of enterprise is that it can support more users than the workgroup level. Consider the networking issue, if it can support WAN (Wide Area Networks) besides LAN (Local Area Network). It is NOT the only reason why Microsoft calls windows 3.11 (Windows for Workgroup) a workgroup level product while NT server as an enterprise level product. You will see that Windows for workgroup doesn't support TCP/IP inside the operating system while NT does. WFW supports IPX/SPX from Novell and NetBEUI from IBM and Microsoft, if you need run TCP/IP applications, you need to install 3-party products such as Trumpet TCP/IP for windows for workgroup. However, it makes some sense.
Secondly, TCP/IP is an industry-stand protocol for WAN connection. TCP/IP was developed in 1969 by the U.S. Department of Defense Advanced Research Projects Agency, the result of a research sharing experiment called ARPANET. The initial purpose of TCP/IP was just to provide high-speed communication network links. However, since 1969, ARPANET has grown into a worldwide community of networks and known as the Internet.
The third important thing you may not find in Microsoft's manual is that TCP/IP first implemented in UNIX operating system to make the communication between UNIX machines. The real reason why Microsoft adds more and more support of TCP/IP is internet. For you cannot use Microsoft's favorite network protocol NetBEUI to access the Internet. It works fine in LAN environment, but because it doesn't support routing (we will discuss later) function. You cannot use them to access Internet. (Forgot the definition of the Internet? Multiple TCP/IP networks connected with routers). It is true you can build your intranet (your own internet in the LAN) using only the NetBEUI protocol while in LAN environment, but seems no one have interest on this technology. For almost all the intranets also have the demand on accessing the internet.
Microsoft's TCP/IP
What actually Microsoft to do with the TCP/IP is two things:
Who establish the Standards of TCP/IP?
You know the biggest standard makers is IEEE, how IEEE establish its standard is as follow --IEEE has a committee keep on hearing the request from users and manufacturers and modify its standard. While standards for TCP/IP is not established by IEEE. And the way how TCP/IP standards are created is totally different. The standards for TCP/IP are published in a series of documents called RFC (Request for Comments) .As what RFC means -- Request For Command. Every one can submit his Request to RFC. So the standard is actually not established by RFC, who submit the document who actually established the standard. RFC just let the technical expert to review your request and assign your document a state.
There are five states of the RFC:
In general, most system support states one and 2 RFC standards. After you know the mechanism of RFC standard, you will know it is useless for some guy claim they are of the RFC standards. You should also ask them what the state of the RFC, if they are in state 5, it is useless. Of course you can also get your own RFC standard, just need some money and paper work, but probably, it is of state 5. J
When your document on TCP/IP is published, it will assign an RFC number. The original RFC is never updated. If changes are required, you should submit your new document (of course as well as your moneyJ ), and a new RFC is published with a new number.
We also don't call the committee who are responsible for RFC document the RFC committee, we call it
IAB (Internet Activities Board). The IAB governs two groups: IRTF (Internet Research Task Force) and IETF (Internet Engineering Task Force). The IRTF focus on TCP/IP-related research projects while IETF s on solving Internet problems.
TCP/IP and OSI model
TCP/IP also has its own conceptual model called Internet Protocol Suite. The relationship between OSI Model and Internet Protocol Suite are as following diagram.
|
OSI Model |
Internet Protocol Suite |
|
Application |
Application |
|
Presentation |
|
|
Session |
|
|
Transport |
Transport |
|
Network |
Internet |
|
Data Link |
Network Interface |
|
Physical |
Before I show you the diagram of the protocols inside Internet Protocol Suite, let's learn these protocols first.
| Protocol |
Function |
| TCP(Transmission Control Protocol ) |
Establishes a session before delivering a packet |
| UDP(User Datagram Protocol) |
Use broadcast to provides connectionless packet delivery service |
| ARP(Address Resolution Protocol) |
Obtains hardware addresses required for communicating with a destination host |
| IP(Internet Protocol) |
Provides addressing and routing functions |
| ICMP(Internet Control Message Protocol ) |
Reports messages and errors regarding packet delivery |
Some guy just remembers what is TCP -- Transmission control Protocol and wants to pass the Microsoft's exam, they are wrong. Of course Microsoft will not test you the definition of TCP, but they general test in 2 areas, one is to test if you know the function of above protocol, and give you the multiple choice of some scenario let you just it related to which protocol such as FTQ3.1.1; another area is more difficult, for they need you know more detail on the protocol such as FTQ 1.1.1. However, don't worry, after I detail the function of above protocols, you should answer these two questions.
TCP and IP
I once read a heavy book regarding the TCP/IP, it told me how TCP and IP works exactly. How TCP allocates port numbers, what is sequence number, what is acknowledge number, and what is demultiplexing. It is tough! Nevertheless, thanks god, Microsoft only tests the functionality of the TCP and IP. They don't want you to become the TCP/IP specialist, they just want to you become the Microsoft Product Specialist. If you can support Microsoft's product, Bill Gates think it is enough to get their certificate!
Sometimes, think TCP and IP are like two brothers, while TCP as the elder brother. It did the most of the job when you transfer a packet between one host to another. He is responsible for breaking up the message into datagrams, reassembling them when they reach the destination host, resending anything in case it lost, and putting things back in the right order. While IP as the younger brother, his job is just routing the individual datagrams. It is true while in the transmission packet in LAN area, IP is not very useful.
You can think of elder brother TCP is new comer to New York, he only know the area near his home (you can call it LAN or of the same subnet). He is very robust and can do lots of labor work. While younger brother IP live in New York for more than 20 years, he knows every street. So when his elder brother TCP deliver heavy packet to some place far away his home, he will give him a guide.
In a nut shut, TCP offer the below services:
In order to implement above four services, what TCP do is adding additional bits in front of the packet header. Some bits of the header is responsible for the data accurate (service 2), some is for sequence (service 3).
In order to implement the fourth service, the protocol also requires the destination machine acknowledge if it can successfully receive the data. Such ACKs (acknowledgments) may generate the additional network traffic. Not as your imagination, you may think you just need a call to your parents if you receive their mail. For the network environment is very complicated, the packet length also very different. Network may be down at any time. You also have several routes to reach the destination. The implementation of acknowledgement is complicated. You know while something is complicated, to realize it needs more information and use more network resources and sometimes impact a lot on the network performance. In the real world, most hosts send an acknowledgment for every other segment. Alternatively, when a specified time interval passed, they send acknowledgement.
However, when you consider the below scenario, ACKs technology may not very costly.
Your machine sends packet every time when they receive the request from that machine. If the destination machine can receive the packet, that's OK. But when the destination machine is done, the mechanism of TCP/IP will keep on sending packet, it will decrease a lot of the performance of the network, especially on Ethernet, where all the users share the resource of network. (Basically there are 3 kind of networks, shared network such as Ethernet. The network with a token pass around, whom has the token can send message such as FDDI and Token Ring. And every guy can have its own channel and support QOS<Quality of Service) such as ATM. In my opinion, ATM will be our future. J Welcome to visit my lab's homepage regarding ATM technology if you have time at http://www.atm.syr.edu) So, before sending the data, it sends ACKs to see if the destination machine is available. This kind of ACKs also called hand- shaking signal. Such as when President Clinton visits China, he will shake hands with China Chairman Jiang first. If these two guys like to shake hands, that's OK for the further bilateral talks. If one guy don't shake hands with another, it seems have no necessary to continue. If you know the above reason why need ACKs, you will find FTQ 1.1.1 is easy, what ACKs to do is just reduce the traffic of the whole network.
TCP tell IP the Internet address (such as 128.230.61.1) of the destination machine and sends datagrams to IP. As I mentioned above, IP only care for the routing information. It has nothing to do with what is in the
Datagram, or even the TCP header. IP packets are not guaranteed to arrive at the destination machine, nor are they guaranteed to be received in sequence. IP also has the checksum feature, but it just confirms the IP header's integrity. In fact, what IP to do is just add the header information in front of the packet. It is useless to discuss what in the header information for MCP exam. But you can figure out the most two important thing in the header is the source Internet address (the machine you send packet) and destination Internet address (where this packet goes for). Source address is for the destination machine knows where the datagram came from. Destination address is for the gateway (also called router, the device between each subnet) knows where you want the datagram to go. Of course, if two computer have the direct connection. It may happen that no more header information is added for IP.
One thing may cause lot of guys misunderstanding is IP only works for TCP. Actually, it provides the packet delivery for all the protocol within the Internet Protocol Suit.
Understanding the above concept, FTQ1.1.2 may not confuse you at all.
UDP
UDP is most common alternative protocol for TCP. Sometime I thought UDP may not represent User Datagram Protocol. It can be called User Defined Protocol. As TCP put the TCP header in front of the packet, UDP put the UDP header in front of the packet. In order to explain what UDP to do, let's recall the function of TCP first, divide messages into datagrams, reassemble them at the other end, resend data if the destination machine is not available. However, if the message want to send fits in a single datagram, we still use TCP's mechanism to send data seems somewhat stupid. I use a Chinese idiom describe this, Kill a chicken use the knife that can kill the Bull. It's fine if is not costive when you use the Knife that can kill the bull. However, generally that is not the case. One example to use UDP is name lookup (as defined in RFC 883), you know you can use www.microsoft.com instead of 207.68.137.62. (Of course, you can type http://207.68.137.62 to visit Microsoft's website) However, the system must convert the name to IP address first, before that, it can do nothing. This kind of request may be frequently happened and be too costive to use the TCP.
The most important thing of UDP is UDP port. Of course, TCP also has its port. I don't know how to explain what port is. You can do the below experience. Open your web browser IE or Netscape, type
http://www.microsoft.com:80 as URL, you will go to Microsoft's homepage. Therefore, for the Microsoft's http server, they use 80 as the port number. In fact, 80 is the default port number of the http server, so generally you don't need to type it. Imagine what happen if another guy want to install another copy in the same machine www.microsoft.com (207.68.137.62), and how the people find his another http server, still type www.microsoft.com? No, it is not enough. That guy must assign another port number such as 8080 to the new http server. You can type http://www.microsoft.com:8080 to visit this guy's new http server. Therefore, the main function of port is to distinguish the applications.
It is easier to figure what in UDP head now. It has source and destination port numbers and maybe the checksum. You can think of UDP is simpler than TCP, so the checksum is optional (FTQ1.1.3). You should also know the enhancement of UDP -- it supports multicasting. (FTQ 1.1.4) Multicasting is like what the cable TV does, when the TV station broadcasting the data, every one receives the same picture at the same time. So you will find in some video on demand systems and multimedia systems such as Oracle VOD server, the only choice is UDP.
ICMP
ICMP (Internet Control Message Protocol, defined by RFC792) is another alternative protocol. In the functionality view, ICMP is used for two systems on an IP network share status and error messages.
Go to Start->Programms->Command Prompt to open the MS-DOS like window.
Type ping www.ftq.com and press Enter
You will see the below message:
Ping ftq.com [192.41.15.170] with 32 bytes of data:
Reply from 192.41.15.178: bytes=32 time=94ms TTL=241
Reply from 192.41.15.178: bytes=32 time=94ms TTL=241
Reply from 192.41.15.178: bytes=32 time=94ms TTL=241
Reply from 192.41.15.178: bytes=32 time=94ms TTL=241
Sometime you may also get the information as
Request timed out
Instead of Reply from 192.41.15.178: bytes=32 time=94ms TTL=241
That because of our server is down or network is congested.
From the above information, you will know our FTQ study Group's web server 's IP address is 192.41.15.178. The message Reply from 192.41.15.178: bytes=32 time=94ms TTL=241
Or Request timed out is the ICMP message. Looks again the main point of the definition of ICMP, share status and error message. If our server is on and the network between your machine to our server is Ok, you can share the status of our server. All the information is showed as Reply from 192.41.15.178: bytes=32 time=94ms TTL=241. While there exists network error, error message as Request timed out shows.
You can consider ping as a command, but actually it is a TCP/IP utility to diagnose IP network or router failures. It uses the ICMP echo request and echo reply packets to determine whether a particular IP machine works or not. (FTQ3.1.2)
The knowledge above seems already enough for the MCP exam. However, if you guys want to know ICMP somewhat deeper than other MCPS. Here we go!
ICMP is very similar to UDP for it only handles messages fit in one datagram. In the implementation, it is simpler than UDP. It doesn't include port numbers in its header. That is because all ICMP messages are interpreted by the network software itself, no port numbers are needed to say where a ICMP message is supposed to go. So you will find that in NT machine the error message of ping is Request timed out. While in Sun's machine, the error message of ping is Host Unreachable. It differs from machine to machine. Depend on you software. You can write your software of ping to say FTQ is good if the machine can be reached and FTQ is bad if not. OK, just kidding! You can do that, but your RFC document will receive the mark of the level 5! J J
ARP
Do you find something missing when we talk about the TCP and IP? That is what exactly to do when sending data over network. How do the package know that machine is 128.230.61.1 and another machine is 128.230.61.2 while they need to send packet to 128.230.61.1 while not the 128.230.61.2? It is of the higher level, such as when we call our friends in California, we just need to dial his number. While inside the line, there are lot of things need to do. For the machine is not smart as our imagination. How do they know the IP address of each machine? While in physical layer, we just have networking card connected with cables.
ARP means Address Resolution Protocol. Its function is mapping the IP address of the final destination into the physical address. In somebody's book, he said just ARP is used to map final destination IP address into Ethernet address. It is not very accurate, for in other network such as ATM, they also have the ARP server to resolution IP address into the ATM address. You can do some experiment if you are using NT system.
Go to Start->Programms->Command Prompt to open the MS-DOS like window.
Type arp -a
You will see the information such as below:
Interface: 128.230.61.96 on Interface 2
Internet Address Physical Address Type
128.230.61.1 02-60-8c-e8-a8-f3 dynamic
In general, 128.230.61.96 is your machine's IP address. You may get some unfamiliar IP address here if you connect to Internet via ISP. They usually assign the dynamic IP address to you every time you login to their network. In the above case, 128.230.61.1is the ARP server (which has the ARP table in it. ARP table is a table stores the corresponding information between Internet address and physical address.)
If you want to communicate two machines using TCP/IP, IP broadcasts a special inquiry packet (an ARP request packet) containing the IP address of the destination system to get the physical address. All ARP-enabled systems keep on detecting these broadcast messages, and the system that owns the IP address in question replies by sending its physical address to the requester (in an ARP reply packet). The physical/IP address is then stored in the ARP cache of the requesting system for subsequent use.
You can also assign an ARP server in your LAN. You can specify the corresponding information in ARP table and can get the information dynamically as in my network environment. You can also specify the ARP server address on the other machine in the LAN. So ARP server collects all the corresponding information of the LAN, you can just request the ARP server to acquire the corresponding information of other machine in the same LAN. It technology also used in SVC of ATM network.
Microsoft's TCP/IP API
Only the standard and utilities comes with operating system is not enough, you may also write your own TCP/IP programs. You need the API (Application Program Interface) to implement your function calls in C or any other development languages.
| API |
Functions |
| Windows Sockets |
Provides a standard interface between socket-based applications and TCP/IP protocols |
| NetBT (NetBIOS over TCP/IP) |
Provides NetBIOS naming and session services |
| NetBIOS |
Provides a standard interface between NetBIOS-based applications and TCP/IP protocols |
We have talk about something about Windows Sockets and some new features of Winsock 2 in the former sections, but we don't mention any thing on NetBT and NetBIOS yet. Let's begin with the NetBIOS first.
NetBIOS
NetBIOS means Network Basic Input/Output System. It is developed by IBM as an API for IBM PC programs to access LAN facilities, You cannot say IBM give up the PC market is a mistake. For IBM still is the No.1 computer industry in the world. They consider the PC is just a small fish. Its mainframe and software still make a big money for IBM. So IBM gives some food to Wintel(Windows and Intel , which represent Microsoft and Intel). Therefore, Wintel should have a big thanks to IBM.
I once worked in a company which has two departments , one is the VAR (Value Added Reseller) of the IBM , one is the solution provider of Microsoft. The guys work for Microsoft product are busy every day, sell Office, SQL server and install windows operating system for the end user. And can see the money comes everyday. While other guys work for IBM product usually seems nothing to do. Just make some phone calls to the bank manager and do some on-line reading of the IBM product. The money comes several times one year. But at last, the department for IBM product make more profit than the department for Microsoft. For Instead of selling a RS/6000 system from IBM, you need sell thousands of Office software from Microsoft!!!
Many book forgot to mention another company Sytek when introduce the history of NetBIOS. That's somewhat unfair, but that's OK. Such as no one care which company actually develop Internet Explorer now. Microsoft just annexed that company and labeled it Microsoft Product.
By the definition, NetBIOS is a program interface to access network services, such as name-to-address resolution and sending and receiving data. Original designed for Ethernet, NetBIOS has been extended to support other network such as IBM's Token Ring.
Before NetBIOS comes, write a network program is headache. Every network card producer has its own program interface. If you write a program of sending data with a 3COM's network card, you may set up the first 2 bit of control code as 0x11, while using NE2000, that code may be 0x10. For the implementation of each network card is totally different. IBM and Sytek develop this layer software NetBIOS in order to link a network operating system with specific hardware such as network card. NetBIOS becomes an industry standard and sometime you will hear some guy say their LAN is NetBIOS-compatible LAN. What the exactly meaning is their LAN support NetBIOS API. So the programmer can use NetBIOS calls to create his own network applications.
In the NetBIOS implementation, the computers on the system are known by names. Each computer has its own name that actually binds its network card. This name also can be used by programmer. You even can use NetBIOS command to rename that name. You can change your computer's name at
Start->Control Panel ->Network ->Identification ->Computer Name
if you are using Windows NT system.
NetBIOS gives you three ways to communicate between two computers.
I draw the follow diagram to let you know what's the difference within these three implementations.
|
Send larger message |
Error detection |
Communicate one to many(broadcasting) |
|
|
Establish a session |
yes |
yes |
no |
|
Use datagram |
no |
no |
yes |
|
Broadcast |
no |
no |
yes |
Moreover, NetBIOS session control commands and session data transfer commands allow communication through sessions. NetBIOS datagram commands allow communication without the use of sessions.
More than an interface for programmer, NetBIOS also is a naming scheme. It converts a node of the network's or service name to a network address (name resolution). NetBIOS service names must be resolved to an IP address before connections can be established with TCP/IP.
There are usually two ways to implement TCP/IP over NetBIOS. (The most important thing need to do in this case is to accomplish name-address resolution.)
A PC in the network broadcast to all network nodes to seeking the address of the NetBIOS service name
Where each PC stores a file listing all the machines (Include network devices such as Hp's network printer) and their corresponding IP addresses. You can play with your LMHOSTS file LMHOSTS.SAM at
\Your NT directory\system32\driver\etc directory and play with it.
Tip: In the Command Prompt, you can type CD\ to go to the root directory first, then type DIR LMHOSTS.SAM /S to find the LMHOSTS.SAM file in your windows system.
What in Microsoft's implementation is WINS (Windows Internet Name Service), you can find more information regarding WINS and NetBIOS at
http://www.ntmag.com/issues/1997/Jan/NetBios.html
NetBT
Not only Microsoft TCP/IP but also other NetBIOS-based applications use NetBIOS over TCP/IP. And Microsoft call their NetBIOS over TCP/IP as NetBT. What specific in Microsoft NetBT is that it does not make direct calls to the NetBIOS interface, it just use NetBIOS naming services. Before introduce the function of NetBT, let learn two concepts first:
NetBT can perform the name to IP address mapping for name resolution. As in Microsoft's Window family, you can use WINS (You can learn something regarding WINS in the above Web Site, we'll also detail WINS in the following chapter) to implement above function.
Finally, you know almost every thing in the below diagram except SNMP and TCP/IP Utilities. Hope you have the confidence to say "Hi, Bill, test me What is Winsock, NetBT, TCP, IP, UDP,ARP…and what is their functionality now, I am not scared any more"
My suggestion for the following diagram is look at it, think of it, eat everything inside it if possible!!J