Lesson 1: Overview of TCPIP

Lesson 1: Overview of TCP/IP

As a DST, you must be able to configure and troubleshoot TCP/IP, which is used in the majority of networks and is the preferred network protocol in a Windows XP environment. Many options are associated with this protocol, which the administrator must understand to ensure proper configuration and operation of TCP/IP. Understanding TCP/IP, its configuration issues and options, and how to troubleshoot connectivity problems is necessary to successfully manage a Windows XP network.

After this lesson, you will be able to

• Identify the required and optional parameters that are defined for computers on TCP/IP networks.

• Explain how IP addresses and subnetting work.

• Explain how name resolution works.

• Identify the primary name resolution mechanisms that are used on Windows networks.

Estimated lesson time: 40 minutes

Understanding TCP/IP

TCP/IP is not a single protocol but rather a group of protocols that all work together. A group of protocols working together is called a protocol stack. Transmission Control Protocol (TCP) and Internet Protocol (IP) are two of the most commonly used protocols in the TCP/IP protocol stack.

Windows XP installs TCP/IP automatically when it detects a network adapter. After TCP/IP is installed, you must configure several options for the protocol to function properly. The following are the options that are necessary for a computer to function in a TCP/IP environment:

• IP address (required)

• Subnet mask (required)

• Default gateway (required)

• Domain Name System (DNS) configuration (optional)

• Windows Internet Naming Service (WINS) configuration (optional)

IP addressing and configuration is a comprehensive topic, and there are many texts written strictly on the subject. The following sections provide an overview of TCP/IP information.

IP Addressing

An IP address is a number that uniquely identifies a device such as a computer on a TCP/IP network. Devices on IP networks are typically called hosts. An IP address consists of a 32-bit binary number that is logically divided into 4 groupings of 8 bits each. Each 8-bit grouping is called an octet or a byte.

Binary is a difficult numbering scheme for most people to work with, so IP addresses are normally presented in dotted decimal notation. With dotted decimal notation, each octet in an IP address is represented as a decimal number between 0 and 255, and each of these numbers is separated by a period. An example of an IP address is 192.168.0.1, which is represented in binary notation as 11000000 10101000 00000000 00000001.

Note

255 is the largest decimal number that can be represented by an 8-bit binary number (11111111 binary = 255 decimal). You can use the Windows Calculator to translate decimal numbers to binary numbers, and vice versa.

An IP address contains two important pieces of information: the network ID for the network segment to which the computer is connected and the host ID for that computer. The network ID identifies the network on which a host is found. The host ID identifies the host within that network. This addressing scheme is similar to street addresses within a city or town, such as 123 Main Street. The street name is similar to the network ID, and the house number is similar to the host ID.

All devices on the same network subnet must be assigned an IP address that has the same network ID but a unique host ID. This is analogous to the address of each house on a street having the same street name, but a different house number. However, in IP addressing, the network number comes first; in street addresses, the house number is normally first.

The street address analogy can be taken a step further to describe how routers work in a TCP/IP network. The purpose of a router is to move network traffic to the appropriate network in a multiple network environment. When the mail carrier is delivering, she will first make sure that the mail is being taken to the correct street name. After the mail carrier arrives at the appropriate street, she will deliver the mail based on the house number. Routers work in a similar fashion: they first examine the network ID of the IP address and then route the packet to the specified network subnet. After the packet has reached the correct network subnet, the routers forward the packet to the appropriate device based on the device’s host ID.

The IP network ID must be unique within a TCP/IP network. If two networks had the same number, the routers would generally attempt to deliver the packet to the network that was the closest to them, which would not necessarily be the correct one. Also, the client’s host ID must be unique within the network subnet, so that when a packet reaches the correct IP network, there is no doubt about which device it is destined for.

IP Address Classes IP addresses are divided into the following classes, with each class having different network ID and host ID properties:

• Class A addresses If the first octet of an IP address is between 0–127, it is a Class A address. By default, the first octet of a Class A address represents the network ID, and the remaining three octets are the unique host ID on that network. An example of a Class A IP address is 10.2.4.78—the network ID is 10, and the host ID is 2.4.78. There are 128 Class A network numbers, each capable of supporting 16,777,214 unique hosts. The first (0.0.0.0) and last (127.0.0.0) network numbers are reserved, leaving 126 potential Class A networks and making the actual range of the first octet 1–126. The highest order binary bit (the leftmost bit of the 32-bit binary representation) is always 0 in a Class A address.

• Class B addresses If the first octet of an IP address is between 128–191, it is a Class B address. By default, the first two octets of a Class B address are the network number, and the remaining two octets are the unique host ID on that network. An example of a Class B address is 172.16.89.203—the network number is 172.16, and the host ID is 89.203. There are 16,384 Class B network numbers, each capable of supporting 65,534 unique hosts. The first (128.0.0.0) and last (191.255.0.0) network numbers are reserved, leaving 16,382 potential Class B networks. The two highest-order binary bits are always 10 in a Class B address.

• Class C addresses If the first octet of an IP address is between 192–223, it is a Class C address. By default, the first three octets of a Class C address are the network number, and the remaining octet is the unique host ID on that network. An example of a Class C address is 192.168.0.1—the network number is 192.168.0 and the host ID is 1. There are 2,097,152 Class C network numbers, each capable of supporting 254 unique hosts. The first (192.0.0.0) and last (223.255.255.0) network numbers are reserved, leaving 2,097,150 potential Class A networks. The three highest-order binary bits are always 110 in a Class C address.

• Class D addresses The first octet of a Class D address falls in the range of 224– 239. Class D addresses are not assigned to individual devices on a TCP/IP network. Instead, they are used for multicasting to a group of IP hosts and also to facilitate the transmission of network control information between certain types of IP devices. The four highest-order binary bits are always 1110 in a Class D address.

• Class E addresses The first octet of a Class E address falls in the range of 240– 255. Class E addresses cannot be assigned to individual devices on a TCP/IP network. They are reserved for experimental and future use. The four highest-order bits are always 1111 in a Class E address.

• Loopback addresses IP addresses that have 127 in the first octet are called loopback addresses. The most commonly used loopback address is 127.0.0.1. Loopback addresses are used for testing TCP/IP configuration and cannot be assigned to individual hosts on a TCP/IP network.

Table 10-1 provides a summary of IP addressing information, using w.x.y.z to generically represent the four octets that are used in dotted decimal notation.

Table 10-1: IP Address Summary

Class	1st Octet Range	Assignable to Hosts?	Network ID	Host ID	Number of Networks	Number of Host IDs per Network
A	1–126	Yes	w	x.y.z	126	16,777,214
B	128–191	Yes	w.x	y.z	16,382	65,534
C	192–223	Yes	w.x.y	z	2,097,150	254
D	224–239	No	N/A	N/A	N/A	N/A
E	240–255	No	N/A	N/A	N/A	N/A
Loopback	127	No	N/A	N/A	N/A	N/A

Note

In dotted decimal notation, IP network IDs are usually presented as an IP address, with the host ID portion configured to all zeros. For example, the Class A network of 10 is referred to as 10.0.0.0, the Class B network of 172.16 is referred to as 172.16.0.0, and the Class C network of 192.168.0 is referred to as 192.168.0.0.

IP Address Validity You must make sure that the IP addresses that you configure are valid. To make sure that the IP addresses are valid, remember the following rules:

• The first byte of the IP address must fall within the following ranges:

  • 1–126

  • 128–191

  • 192–223

• IP addresses that begin with 0, 127, or 224–255 are invalid.

• The host ID cannot be all binary 0s or 1s. In decimal, it commonly translates to all 0s or all 255s.

• No number in an IP address can be greater than 255.

Table 10-2 displays several invalid IP addresses and gives the reasons why they are invalid.

Table 10-2: Invalid IP Addresses

IP Address	Why IP Address Is Invalid
0.36.78.231	The first octet is 0.
127.54.79.100	The first octet is 127.
126.255.255.255	The host ID is all binary 1s/decimal 255s.
197.34.8.0	The host ID is all 0s.
235.17.234.202	The first octet is between 224–255.
154.12.287.243	The third octet is greater than 255.

In addition, remember that all devices on the same network must be assigned a unique host ID, but the same network ID. For example, if you are using the Class C network ID of 192.168.1.0, all hosts on the network must have 192.168.1 as the first three octets of their IP address.

Choosing an IP Addressing Scheme The Internet is a huge TCP/IP network, and no two networks or hosts connected to the Internet can have the same full IP address (the combination of network ID and host ID). If your network is directly connected to the Internet, you must follow the specific IP addressing scheme that has been assigned to you by your Internet service provider (ISP) or the Internet Corporation for Assigned Names and Numbers (ICANN). As a DST, it will not be your responsibility to design IP addressing schemes on large networks. However, you should understand the IP addressing scheme that is in place so that you can assist users in troubleshooting network problems.

See Also

For more information on ICANN, see http://www.icann.org.

If your network is not directly connected to the Internet, you can theoretically choose any valid IP addressing scheme that you want. However, the governing body of the Internet requests that you choose an addressing scheme that uses one of the private IP address ranges. These ranges are never used on devices that are connected directly to the Internet. Using private IP addresses ensures that data from your network will never accidentally travel across the public Internet. This provides you with privacy and ensures that there will not be any accidental addressing conflicts. The private IP address ranges are as follows:

• 10.0.0.0–10.255.255.255

• 172.16.0.0–172.31.255.255

• 192.168.0.0–192.168.255.255

Although private IP addresses cannot be used directly on the Internet, you will find that many devices with Internet access do use private addressing. When this is the case, a device that translates the private address into a public address is used to facilitate Internet connectivity.

For example, if you use a router at home to connect to your cable or digital subscriber line (DSL) modem, your ISP assigns the IP address that you use for the public network interface on the router (the interface connected to the Internet). The router automatically distributes private IP addresses to the internal devices (devices on your home network) that are connected to the router. Most routers that are sold to the home and small business market use the 192.168.0.0 private range. When an internal device makes a request to communicate with the Internet, the client computer forwards the request to the router, the router communicates directly with the Internet resource and then passes information back to the client computer.

Essentially, the router acts as a middleman between the internal client and the Internet resource. The router can perform this function for multiple devices simultaneously. Using a router that functions in this manner reduces the need for multiple unique public IP addresses, and serves to protect internal devices from external threats because the internal devices are never communicating directly on the Internet.

Subnet Masks

The subnet mask tells a TCP/IP host how to interpret IP addresses by defining what portion of the IP address is network ID and what portion is host ID. A 255 in the subnet mask indicates that the corresponding octet in an IP address is to be interpreted as part of the network number. A 0 in the subnet mask indicates that the corresponding octet in an IP address is to be interpreted as part of the host ID.

The default subnet masks for Class A, B, and C network numbers are as follows:

• Class A 255.0.0.0

• Class B 255.255.0.0

• Class C 255.255.255.0

If you compare these mask values with the information that was already presented on Class A, B, and C IP addresses, you would notice the correlation between the placement of 255s in the mask and octets that represent the network number. For example, the default Class B subnet mask is 255.255.0.0, indicating that the first two octets are to be interpreted as network number, and the remaining octets are to be interpreted as host ID. In the Class B address of 172.16.89.203, we determined 172.16 to be the network number and 89.203 to be the host ID. The same logic applies to the Class A and Class C IP addresses that we analyzed.

Hosts use the subnet mask to determine their network number and also to determine whether a destination host is on the same or a different network. If a destination host is on the same network, the source host will attempt to communicate with the destination directly. If the destination host is on a different network, the source host will use its configured default gateway (typically a router) to communicate with the destination host.

The subnet mask can be referenced in either dotted decimal notation or classless interdomain routing (CIDR) notation. Dotted decimal notation is the format used to enter subnet mask values when configuring Windows XP. The subnet mask values of 255.0.0.0, 255.255.0.0, and 255.255.255.0 are in dotted decimal notation.

CIDR notation makes note of the number of binary 1 bits in the subnet mask, and that number of bits is placed at the end of the network ID. For example, the network number 192.168.1.0 with a subnet mask value of 255.255.255.0 is referenced as 192.168.1.0/ 24 in CIDR notation. The value of 24 represents 24 binary one bits in the subnet mask—each value of 255 represents 8 bits, there are three 255s in the mask, and 3 x 8 = 24. Table 10-3 displays several more examples of CIDR notation contrasted with dotted decimal notation.

Table 10-3: Dotted Decimal Versus CIDR Subnet Mask Notation

IP Network Address	Subnet Mask, Dotted Decimal Notation	CIDR Notation
10.0.0.0	255.0.0.0	10.0.0.0/8
172.16.0.0	255.255.0.0	172.16.0.0/16
192.168.0.0	255.255.255.0	192.168.0.0/24

Subnetting an IP Network Number Subnetting is the process of dividing a single IP network number into multiple IP networks by modifying the subnet mask value. When a subnet mask is modified from the default, it changes the way that TCP/IP devices interpret the network number and host ID portion of an IP address.

For example, if a subnet mask of 255.255.255.0 is applied to the Class B IP network address of 172.16.0.0, the first three bytes (172.16.0) are interpreted as network number, and only the last byte is interpreted as host ID. It is still a Class B address, but the third byte of this address can now be used to define several subnetworks, or subnets, that each support fewer host IDs. In this example, up to 254 subnets can be defined, each with up to 254 host IDs.

Table 10-4 outlines the first few ranges of the subnet information for this example. When looking at this table, pay close attention to the third octet because that is where the subnetting is occurring.

Table 10-4: Subnet Information for Network 172.16.0.0 with Subnet Mask 255.255.255.0 (172.16.0.0/24)

Subnet Number	Range of Host IDs
172.16.1.0/24	172.16.1.1–172.16.1.254
172.16.2.0/24	172.16.2.1–172.16.2.254
172.16.3.0/24	172.16.3.1–172.16.3.254
172.16.4.0/24	172.16.4.1–172.16.4.254
172.16.5.0/24	172.16.5.1–172.16.5.254

All hosts on the same subnet must have the same subnet mask to communicate correctly with one another. However, the subnet mask can vary from network to network.

Note

Do not make the mistake of interpreting a subnet mask to be an IP address. Subnet masks are displayed in dotted decimal notation, but they are not IP addresses.

See Also

Further exploration of subnetting is beyond the scope of this discussion. For more information on subnetting, see “Planning Classless IP Addressing,” at http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/all/deployguide/en-us/dnsbb_tcp_wgyq.asp.

Default Gateway

By default, TCP/IP clients can communicate only with other devices on the same network. If you have a multiple network environment or if you are connected to the Internet, you must configure each host with a default gateway address. The default gateway is the router to which the TCP/IP client will forward packets that are destined for computers on other networks. The default gateway then examines the destination IP address in the packets and ensures that the packet is routed to the final destination.

Because TCP/IP clients can communicate only directly within their network and they require the default gateway to communicate with other networks, the host’s default gateway must reside on the same network as the host.

Figure 10-1 depicts a router that connects four networks together, with the IP addresses of each of the router interfaces noted.

Figure 10-2: A router can connect several IP networks.

The default gateway is a required TCP/IP parameter that is configured only in a multiple network environment. A connection to the Internet is considered a multiple network environment, and a default gateway is required for Internet access. If you neglect to configure the default gateway or if you configure it incorrectly, a TCP/IP client cannot communicate with devices on other networks, including the Internet.

Domain Name System (DNS)

For computers, it is easy to work with numbers such as IP addresses and subnet masks. For people, it is easier to work with names. Host names are standard language names given to TCP/IP devices. Generally, users try to establish connections by using the host name or computer name of the device rather than the IP address. However, for TCP/ IP hosts to communicate with one another, they must have the IP address of the device they are connecting to. Therefore, computers must be able to resolve the host names into the IP address of the destination host before the computer can establish a connection. The process of resolving a name into an IP address is called name resolution. Domain Name System (DNS) is a network service that is designed to perform name resolution for TCP/IP clients.

Note

In addition to providing name resolution services, DNS also provides service resolution. Clients can query DNS looking for a server that provides a particular service, such as a domain controller or a mail server, and DNS can return the IP address of a device that provides that service.

DNS servers maintain a list of name to IP address mappings called a DNS database. When a client submits a name resolution request to a DNS server, the server searches through the DNS database, locates the host name that was submitted, resolves the IP address, and returns the IP address to the client. In larger private networks and on the Internet, the DNS database is too large to be handled by a single computer. In cases like this, the DNS database is distributed across many DNS servers, and the DNS servers are configured to communicate with one another so that they can resolve a name regardless of where the name to IP address mapping is actually stored. Clients do not need to be aware of the DNS server relationships; they simply submit a request to their DNS server, and the server handles the rest.

DNS is designed to resolve two types of names into IP addresses. A host name is a single-word name, similar to a computer name. Host names can be up to 255 characters long. A fully qualified domain name (FQDN) is a multipart name separated by periods (for example, computer1.contoso.com) that specifies the host name and the host’s exact location in the DNS naming hierarchy.

Note

The use of name resolution methods such as DNS, WINS, hosts files, and Lmhosts files are not necessary in single-network, Microsoft-only environments. Clients automatically perform name resolution by using broadcast packets. This is sufficient in single-network, Microsoft-only environments.

See Also

For more details on DNS structure, see “Understanding DNS” at http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_und_Topnode.asp.

TCP/IP Hosts File In smaller environments, the implementation of a DNS server might not be practical. A standard TCP/IP hosts file can be used to support name resolution if necessary. The hosts file is a simple text file that contains IP addresses followed by the name of the host, as illustrated in Figure 10-2. In Windows XP, the hosts file is stored in SystemRoot\System32\Drivers\etc. There is a default hosts file stored in this path, which contains information on how to create and use the file.

Figure 10-2: A hosts file is a simple text file that stores IP address to host name mappings.

Hosts files are simple to create and use, but they can be difficult to manage. Each computer has an individual hosts file. Whenever a change occurs on the network (such as the addition or deletion of a host, or a host name or IP address changes), each individual hosts file must be updated. This can be a time-consuming process, and you must be careful to ensure that all machines receive updates to prevent problems with a client accessing resources.

Note

The hosts file is simply called hosts, and it does not have an extension. If an extension is placed on the file, TCP/IP cannot find it.

WINS

In addition to having host names, computers running Windows also have a NetBIOS name. NetBIOS names are based on a protocol called Network Basic Input/Output System (NetBIOS), which assists in the establishment of connections over the network. In a NetBIOS environment, each computer is assigned a NetBIOS name up to 16 characters in length. The first 15 characters are the actual name of the computer, and the sixteenth character is a reserved character used to represent different resources or services offered by the computer.

In Windows operating systems that are not part of a domain, the Client and Server network services use NetBIOS to establish connections.

Earlier versions of Windows, such as Microsoft Windows 2000 and Windows XP, do not require the use of NetBIOS to establish connections, but they support NetBIOS functions to facilitate connections with previous versions of Windows.

In a single-network environment, NetBIOS name resolution is handled by using a broadcast message. The client sends out a packet containing the NetBIOS name of the computer to which the client needs to connect, requesting the computer with that name to send back its IP address. The computer with the requested name sends a packet containing its IP address back to the requesting computer. However, NetBIOS name resolution broadcasts are not forwarded by routers, so the client cannot resolve names that are not on the local network.

In multiple-network environments, a service named Windows Internet Naming Service (WINS) can be implemented. The WINS server maintains a database of NetBIOS name to IP address mappings, similar to the way that a DNS server maintains a database of host name to IP address mappings. The WINS server can perform NetBIOS name resolution for clients. If clients are configured with the IP address of the WINS server, the clients send name resolution requests to the WINS server before broadcasting on their local subnet.

The NetBIOS name and the DNS host name are usually the same for a Windows computer. Both name-resolution services might be required in a previous version of Windows because of the different methods that are used to establish connections, not because the names themselves are different.

Real World—Dealing with Name Resolution

As a DST, you do not need to get too bogged down in the details of DNS and WINS. On larger networks, one or both of these naming systems may be in place. In a domain running Windows 2003, DNS is a requirement. Small business and home networks typically exist on a single network segment and do not require sophisticated name-resolution mechanisms within the network.

However, you do need to understand the service that a DNS server (and to a lesser degree, a WINS server) provide to a network. Any computer that is connected to the Internet has to resolve DNS names in some manner because DNS is used on the Internet. On large networks, you may need to configure a client with the IP address of an appropriate DNS server, but you likely are not expected to do much configuration beyond that. If you discover that a client is not resolving a DNS name on a large network, you can probably just escalate the problem to an administrator. For small network and home users, you might need to determine the correct IP address of the DNS server used by the ISP of the user and configure computers to connect to that server.

Lmhosts File In smaller environments, the implementation of a WINS server might not be practical. Microsoft supports the use of the Lmhosts file to support NetBIOS name resolution, if necessary. The Lmhosts file is a simple text file that contains IP addresses followed by the name of the host, similar to a TCP/IP hosts file. Lmhosts is stored in SystemRoot\system32\ drivers\etc. There is a sample Lmhosts file called Lmhost.sam stored in this path, which can be used to build a working file. To be recognized by the system, the actual file name has to be Lmhosts without an extension.

Lmhosts files can have support issues similar to those of TCP/IP hosts files. Each computer has an individual copy of the file, and it can be time-consuming to keep all the files updated.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.

1. List the required and optional parameters that you can assign to a host on a TCP/ IP network.

2. List the three primary address classes used for assigning IP addresses to hosts on the Internet and the corresponding range of IP addresses available in each class.

3. Which of the following default subnet masks would be used on a computer connected to the Internet with the IP address 157.54.4.201?

   1. 255.0.0.0

   2. 255.255.0.0

   3. 255.255.255.0

   4. 255.255.255.255

Lesson Summary

• Each host on a TCP/IP network is assigned a unique IP address, typically shown as four decimal numbers ranging from 0 to 255. An IP address is divided into a network ID, which determines the subnet on which a host exists, and a host ID, which uniquely identifies the host on that subnet. The separation of network ID and host ID is determined by a subnet mask.

• A default gateway is the IP address to which a client sends data destined for a host that is not on the same network as a client. The default gateway is typically a router.

• Name resolution is the process of mapping IP addresses to computer or host names. DNS is the primary name-resolution mechanism used on modern Windows networks and on the Internet. WINS is a name resolution mechanism used on older Windows-based networks.