Lesson 1: Introducing WINS

Previous page
Table of content
Next page

WINS provides a distributed database for registering and querying dynamic mappings of NetBIOS names for computers and groups used on your network. WINS maps NetBIOS names to IP addresses and was designed to solve the problems arising from NetBIOS name resolution in routed environments. WINS is the best choice for NetBIOS name resolution in routed networks that use NetBIOS over TCP/IP.

After this lesson, you will be able to

  • Describe the relationship between NetBIOS and TCP/IP
  • Describe the advantage of using WINS
  • Describe a new Windows 2000 feature relating to NetBIOS

Estimated lesson time: 15 minutes

Name Resolution with NetBIOS

This section explains NetBIOS name resolution concepts and methods to help you better understand WINS functionality. This is useful because previous versions of Windows, such as Windows NT 4.0 and some Windows-based applications, use NetBIOS names to identify network resources.

Overview of NetBIOS

NetBIOS was developed for IBM in 1983 by Sytek Corporation to enable applications to communicate over a network. As illustrated in Figure 13.1, NetBIOS defines two entities:

  • A session-level interface
  • A session management/data transport protocol

Figure 13.1 NetBIOS communication over TCP/IP

The NetBIOS interface is a presentation-layer application programming interface (API) for user applications to submit network input/output (I/O) and control directives to underlying network protocols. An application program that uses the NetBIOS interface API for network communication can be run on any protocol that supports the NetBIOS interface. This is implemented by the session layer software, such as NetBIOS Frame Protocol (NBFP) or NetBIOS over TCP/IP (NetBT), to perform the network I/O required to accommodate the NetBIOS interface command set.

NetBIOS provides commands and support for the following services:

  • Network name registration and verification
  • Session establishment and termination
  • Reliable connection-oriented session data transfer
  • Unreliable connectionless datagram data transfer
  • Support protocol (driver) and adapter monitoring and management

NetBIOS Names

A NetBIOS name is a unique 16-byte address used to identify a NetBIOS resource on the network. This name is either a unique (exclusive) or group (nonexclusive) name. Unique names are typically used to send network communications to a specific process on a computer. Group names are used to send information to multiple computers at one time. An example of a process that uses a NetBIOS name is the File and Printer Sharing for Microsoft Networks service on a computer running Windows 2000. When your computer starts up, this service registers a unique NetBIOS name based on the name of your computer. The exact name used by the service is the 15-character computer name plus a 16th character of 0x20. If the computer name is not 15 characters long, it is padded with spaces up to 15 characters.

NetBIOS name resolution is the process of mapping a computer's NetBIOS name to an IP address. A computer's NetBIOS name must be resolved to an IP address before the IP address can be resolved to a hardware address. Microsoft TCP/IP uses several methods to resolve NetBIOS names; however, the exact mechanism by which NetBIOS names are resolved to IP addresses depends on the NetBIOS node type that is configured for the node. Request for Comments (RFC) 1001, "Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods," defines the NetBIOS node types, as listed in Table 13.1.

Table 13.1 NetBIOS Node Types

Node type Description
B-node (broadcast) B-node uses broadcast NetBIOS name queries for name registration and resolution. B-node has two major problems: (1) Broadcasts disturb every node on the network. (2) Routers typically do not forward broadcasts, so only NetBIOS names on the local network can be resolved.
P-node (peer-to-peer) P-node uses a NetBIOS name server, such as a WINS server, to resolve NetBIOS names. P-node does not use broadcasts; instead, it queries the name server directly.
M-node (mixed) M-node is a combination of B-node and P-node. By default, an M-node functions as a B-node. If an M-node is unable to resolve a name by broadcast, it queries a NetBIOS name server using P-node.
H-node (hybrid) H-node is a combination of P-node and B-node. By default, an H-node functions as a P-node. If an H-node is unable to resolve a name through the NetBIOS name server, it uses a broadcast to resolve the name.

Computers running Windows 2000 are B-node by default and become H-node when they are configured with a WINS server. Windows 2000 can also use a local database file called LMHOSTS to resolve remote NetBIOS names. The LMHOSTS file is stored in the %systemroot%\System32\Drivers\Etc folder. A sample LMHOSTS file (LMHOSTS.SAM) is included in this directory.

The LMHOSTS File

The LMHOSTS file is a static ASCII file used to resolve NetBIOS names to IP addresses of remote computers running Windows NT and other NetBIOS-based hosts.

Figure 13.2 shows an example of the LMHOSTS file.

Figure 13.2 The LMHOSTS file

Predefined Keywords

An LMHOSTS file also contains predefined keywords that are prefixed with a #. If you use this LMHOSTS file on an older NetBT system such as LAN Manager, these directives are ignored as comments because they begin with a number sign (#). Table 13.2 lists the possible LMHOSTS keywords.

Table 13.2 LMHOSTS Keywords

Predefined keyword Description
#PRE Defines which entries should be initially preloaded as permanent entries in the name cache. Preloaded entries reduce network broadcasts, because names are resolved from cache rather than from broadcast or by parsing the LMHOSTS file. Entries with a #PRE tag are loaded automatically at initialization or manually by typing nbtstat -R at a command prompt.
#DOM:[domain_name] Facilitates domain activity, such as logon validation over a router, account synchronization, and browsing.
#NOFNR Avoids using NetBIOS-directed name queries for older LAN Manager UNIX systems.
#INCLUDE Loads and searches NetBIOS entries in a separate file from the default LMHOSTS file. Typically, an #INCLUDE file is a centrally located shared LMHOST file.
#BEGIN_ALTERNATE #END_ALTERNATE Defines a redundant list of alternate locations for LMHOSTS files. The recommended way to #INCLUDE remote files is using a universal naming convention (UNC) path to ensure access to the file. Of course, the UNC names must exist in the LMHOSTS file with a proper IP address to NetBIOS name translation.
#MH Adds multiple entries for a multihomed computer.

WINS Overview

WINS eliminates the need for broadcasts to resolve computer names to IP addresses and provides a dynamic database that maintains mappings of computer names to IP addresses. WINS is an enhanced NetBIOS name server (NBNS) designed by Microsoft to eliminate broadcast traffic associated with the B-node implementation of NetBT. It is used to register NetBIOS computer names and resolve them to IP addresses for both local and remote hosts.

There are several advantages of using WINS. The primary advantage is that client requests for computer name resolution are sent directly to a WINS server. If the WINS server can resolve the name, it sends the IP address directly to the client. As a result, a broadcast is not needed and network traffic is reduced. However, if the WINS server is unavailable, the WINS client can still use a broadcast in an attempt to resolve the name. Another advantage of using WINS is that the WINS database is updated dynamically, so it is always current. This eliminates the need for an LMHOSTS file. In addition, WINS provides network and interdomain browsing capabilities.

Before two NetBIOS-based hosts can communicate, the destination NetBIOS name must be resolved to an IP address. This is necessary because TCP/IP requires an IP address rather than a NetBIOS computer name to communicate. As illustrated in Figure 13.3, resolution uses the following process:

  1. In a WINS environment, each time a WINS client starts, it registers its NetBIOS name/IP address mapping with a configured WINS server.
  2. When a WINS client initiates a command to communicate with another host, the name query request is sent directly to the WINS server instead of being broadcast on the local network.
  3. If the WINS server finds a NetBIOS name/IP address mapping for the destination host in this database, it returns the destination host's IP address to the WINS client. Because the WINS database obtains NetBIOS name/IP address mappings dynamically, it is always current.

Figure 13.3 Name resolution with WINS

WINS and Windows 2000

Prior to Windows 2000, all MS-DOS and Windows-based operating systems required the NetBIOS naming interface to support network capabilities. With the release of Windows 2000, support for the NetBIOS naming interface is no longer required for networking computers because you can disable NetBT for each network connection. This feature is intended for computers that only use Domain Name System (DNS) name registration and resolution techniques and communicate by using the Client for Microsoft Networks and the File and Print Sharing for Microsoft Networks components with other computers where NetBT is disabled. Examples of disabling NetBT include computers in specialized or secured roles for your network, such as an edge proxy server or bastion host in a firewall environment, where NetBT support is not required or desired.

Another example is an environment consisting of host computers and programs that support the use of the DNS that could be built to run using Windows 2000 and other operating systems not requiring NetBIOS names, such as some versions of UNIX. However, most networks still need to integrate existing operating systems that require NetBIOS network names with computers running Windows 2000. For this reason, Microsoft has continued to provide default support for NetBIOS names with Windows 2000 to ease interoperability with legacy operating systems that require their use. This support is provided mainly in two ways:

  • By default, all computers running Windows 2000 that use TCP/IP are enabled to provide client-side support for registering and resolving NetBIOS names.

    This support is provided through NetBT and can, if desired, be manually disabled.

  • Windows 2000 Server continues to provide server-side support through WINS. WINS can be used to effectively manage NetBT-based networks.

Lesson Summary

Some applications and previous versions of Windows use NetBIOS names to identify network resources. WINS is an enhanced NBNS designed by Microsoft to eliminate broadcast traffic associated with the B-node imple-mentation of NetBT. There are several advantages to using WINS. The primary advantage is that broadcast traffic is reduced because requests for name resolution are sent directly to the WINS server.


Previous page
Table of content
Next page
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244
BUY ON AMAZON
Beginning Cryptography with Java
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
CISSP Exam Cram 2
Snort Cookbook
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
An Introduction to Design Patterns in C++ with Qt 4
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy