WINS provides a distributed database for registering and querying dynamic mappings of NetBIOS names for computers and groups used on your network. WINS maps NetBIOS names to IP addresses and was designed to solve the problems arising from NetBIOS name resolution in routed environments. WINS is the best choice for NetBIOS name resolution in routed networks that use NetBIOS over TCP/IP.
After this lesson, you will be able to
Estimated lesson time: 15 minutes
This section explains NetBIOS name resolution concepts and methods to help you better understand WINS functionality. This is useful because previous versions of Windows, such as Windows NT 4.0 and some Windows-based applications, use NetBIOS names to identify network resources.
NetBIOS was developed for IBM in 1983 by Sytek Corporation to enable applications to communicate over a network. As illustrated in Figure 13.1, NetBIOS defines two entities:
Figure 13.1 NetBIOS communication over TCP/IP
The NetBIOS interface is a presentation-layer application programming interface (API) for user applications to submit network input/output (I/O) and control directives to underlying network protocols. An application program that uses the NetBIOS interface API for network communication can be run on any protocol that supports the NetBIOS interface. This is implemented by the session layer software, such as NetBIOS Frame Protocol (NBFP) or NetBIOS over TCP/IP (NetBT), to perform the network I/O required to accommodate the NetBIOS interface command set.
NetBIOS provides commands and support for the following services:
A NetBIOS name is a unique 16-byte address used to identify a NetBIOS resource on the network. This name is either a unique (exclusive) or group (nonexclusive) name. Unique names are typically used to send network communications to a specific process on a computer. Group names are used to send information to multiple computers at one time. An example of a process that uses a NetBIOS name is the File and Printer Sharing for Microsoft Networks service on a computer running Windows 2000. When your computer starts up, this service registers a unique NetBIOS name based on the name of your computer. The exact name used by the service is the 15-character computer name plus a 16th character of 0x20. If the computer name is not 15 characters long, it is padded with spaces up to 15 characters.
NetBIOS name resolution is the process of mapping a computer's NetBIOS name to an IP address. A computer's NetBIOS name must be resolved to an IP address before the IP address can be resolved to a hardware address. Microsoft TCP/IP uses several methods to resolve NetBIOS names; however, the exact mechanism by which NetBIOS names are resolved to IP addresses depends on the NetBIOS node type that is configured for the node. Request for Comments (RFC) 1001, "Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods," defines the NetBIOS node types, as listed in Table 13.1.
Table 13.1 NetBIOS Node Types
Node type | Description |
---|---|
B-node (broadcast) | B-node uses broadcast NetBIOS name queries for name registration and resolution. B-node has two major problems: (1) Broadcasts disturb every node on the network. (2) Routers typically do not forward broadcasts, so only NetBIOS names on the local network can be resolved. |
P-node (peer-to-peer) | P-node uses a NetBIOS name server, such as a WINS server, to resolve NetBIOS names. P-node does not use broadcasts; instead, it queries the name server directly. |
M-node (mixed) | M-node is a combination of B-node and P-node. By default, an M-node functions as a B-node. If an M-node is unable to resolve a name by broadcast, it queries a NetBIOS name server using P-node. |
H-node (hybrid) | H-node is a combination of P-node and B-node. By default, an H-node functions as a P-node. If an H-node is unable to resolve a name through the NetBIOS name server, it uses a broadcast to resolve the name. |
Computers running Windows 2000 are B-node by default and become H-node when they are configured with a WINS server. Windows 2000 can also use a local database file called LMHOSTS to resolve remote NetBIOS names. The LMHOSTS file is stored in the %systemroot%\System32\Drivers\Etc folder. A sample LMHOSTS file (LMHOSTS.SAM) is included in this directory.
The LMHOSTS file is a static ASCII file used to resolve NetBIOS names to IP addresses of remote computers running Windows NT and other NetBIOS-based hosts.
Figure 13.2 shows an example of the LMHOSTS file.
Figure 13.2 The LMHOSTS file
An LMHOSTS file also contains predefined keywords that are prefixed with a #. If you use this LMHOSTS file on an older NetBT system such as LAN Manager, these directives are ignored as comments because they begin with a number sign (#). Table 13.2 lists the possible LMHOSTS keywords.
Table 13.2 LMHOSTS Keywords
Predefined keyword | Description |
---|---|
#PRE | Defines which entries should be initially preloaded as permanent entries in the name cache. Preloaded entries reduce network broadcasts, because names are resolved from cache rather than from broadcast or by parsing the LMHOSTS file. Entries with a #PRE tag are loaded automatically at initialization or manually by typing nbtstat -R at a command prompt. |
#DOM:[domain_name] | Facilitates domain activity, such as logon validation over a router, account synchronization, and browsing. |
#NOFNR | Avoids using NetBIOS-directed name queries for older LAN Manager UNIX systems. |
#INCLUDE | Loads and searches NetBIOS entries in a separate file from the default LMHOSTS file. Typically, an #INCLUDE file is a centrally located shared LMHOST file. |
#BEGIN_ALTERNATE #END_ALTERNATE | Defines a redundant list of alternate locations for LMHOSTS files. The recommended way to #INCLUDE remote files is using a universal naming convention (UNC) path to ensure access to the file. Of course, the UNC names must exist in the LMHOSTS file with a proper IP address to NetBIOS name translation. |
#MH | Adds multiple entries for a multihomed computer. |
WINS eliminates the need for broadcasts to resolve computer names to IP addresses and provides a dynamic database that maintains mappings of computer names to IP addresses. WINS is an enhanced NetBIOS name server (NBNS) designed by Microsoft to eliminate broadcast traffic associated with the B-node implementation of NetBT. It is used to register NetBIOS computer names and resolve them to IP addresses for both local and remote hosts.
There are several advantages of using WINS. The primary advantage is that client requests for computer name resolution are sent directly to a WINS server. If the WINS server can resolve the name, it sends the IP address directly to the client. As a result, a broadcast is not needed and network traffic is reduced. However, if the WINS server is unavailable, the WINS client can still use a broadcast in an attempt to resolve the name. Another advantage of using WINS is that the WINS database is updated dynamically, so it is always current. This eliminates the need for an LMHOSTS file. In addition, WINS provides network and interdomain browsing capabilities.
Before two NetBIOS-based hosts can communicate, the destination NetBIOS name must be resolved to an IP address. This is necessary because TCP/IP requires an IP address rather than a NetBIOS computer name to communicate. As illustrated in Figure 13.3, resolution uses the following process:
Figure 13.3 Name resolution with WINS
Prior to Windows 2000, all MS-DOS and Windows-based operating systems required the NetBIOS naming interface to support network capabilities. With the release of Windows 2000, support for the NetBIOS naming interface is no longer required for networking computers because you can disable NetBT for each network connection. This feature is intended for computers that only use Domain Name System (DNS) name registration and resolution techniques and communicate by using the Client for Microsoft Networks and the File and Print Sharing for Microsoft Networks components with other computers where NetBT is disabled. Examples of disabling NetBT include computers in specialized or secured roles for your network, such as an edge proxy server or bastion host in a firewall environment, where NetBT support is not required or desired.
Another example is an environment consisting of host computers and programs that support the use of the DNS that could be built to run using Windows 2000 and other operating systems not requiring NetBIOS names, such as some versions of UNIX. However, most networks still need to integrate existing operating systems that require NetBIOS network names with computers running Windows 2000. For this reason, Microsoft has continued to provide default support for NetBIOS names with Windows 2000 to ease interoperability with legacy operating systems that require their use. This support is provided mainly in two ways:
This support is provided through NetBT and can, if desired, be manually disabled.
Some applications and previous versions of Windows use NetBIOS names to identify network resources. WINS is an enhanced NBNS designed by Microsoft to eliminate broadcast traffic associated with the B-node imple-mentation of NetBT. There are several advantages to using WINS. The primary advantage is that broadcast traffic is reduced because requests for name resolution are sent directly to the WINS server.