For many people coming from a background steeped in DOS and Windows, TCP/IP might still remain something of a mystery. Traditionally, DOS and Windows people only had to deal with TCP/IP when accessing services from a larger network, such as accessing a corporate UNIX system, or even connecting to the Internet. Often, configuring the system involves using addresses and numbers that are provided by some other organization, such as InterNIC, or maybe the group responsible for your company's network backbone.
With Microsoft's recent recognition of the importance of TCP/IP and their push to provide all services over a TCP/IP protocol stack, however, TCP/IP is becoming more and more common in the Windows environment. You can now run a Windows-based network with only TCP/IP. This is made possible by the availability of the fast and robust TCP/IP stacks that Microsoft provides with Windows for Workgroups, Windows 95, and Windows NT. With this strong support for TCP/IP, it becomes even more important for anyone designing or administering a Windows-based network to understand how TCP/IP works and how it can benefit your network.
This chapter begins with a discussion of TCP/IP on the Windows NT platform. Included is a discussion of how this TCP/IP integration enhances connectivity with Windows for Workgroups and Windows 95 clients. The chapter continues with an explanation of how to install and configure TCP/IP on Windows NT Server. I have included additional sections to discuss many of the optional TCP/IP-related services. Some TCP/IP-related services, such as WINS, DHCP, DNS, and TCP/IP printing, are important and substantial enough to warrant their own chapters.
For more information on WINS, DHCP and DNS, see Chapter 12, Using the DHCP, WINS and DNS Services. If you are interested in TCP/IP printing, refer to Chapter 13, Configuring TCP/IP Printing.
Before installing TCP/IP on your NT Server, let's take a few minutes to identify some of the things that will be required during the configuration process.
If you will be using DHCP for TCP/IP configuration, you won't need much information. However, if you won't be using DHCP, you need the following:
In addition to this information, you might want to think about which IP-related services you want to install. Following is a list of additional TCP/IP-based services that can be installed after you install the TCP/IP stack:
You can install TCP/IP during the NT Server installation process or add it later. In either case, the installation process is essentially identical. The follow set of procedures specifically details how to install TCP/IP on an existing NT Server.
NOTE: Make sure you are logged onto the server with and account that has administrative permissions.
The Network Control Panel permits you to change network-related configuration information.
The Network Protocols dialog shows the currently installed network protocols.
The Select Network Protocol dialog lists all available network protocols that you can install.
You can specify if you want to act as a DHCP client.
In this example, you should choose No. If, however, you were configuring an NT Server and you did want it to dynamically obtain its IP address from a DHCP server, you would choose Yes. For more information on setting up a DHCP server, see Chapter 12.
NT will copy files from the distribution media to the local system directory.
TCP/IP will appear in the Network Protocols list.
NT will go through an automatic process to review the bindings on the network adapter. NT will display the Microsoft TCP/IP Properties window so you can provide specific TCP/IP configuration information, which is necessary to complete the binding. The Microsoft TCP/IP Properties window is shown in Figure 11.6.
Microsoft TCP/IP Properties page is used to configure the TCP/IP settings.
If you chose to use a DHCP server to acquire your TCP/IP information, back in step 6, the Obtain an IP address from a DHCP Server option will be selected and the IP Address, Subnet Mask, and Default Gateway text boxes will be grayed out.
The Advanced TCP/IP settings option under the Microsoft TCP/IP Properties window allows you to configure your multiple IP addresses for a single network card, or to specify multiple IP gateways for each network card in your system.
Configuring more than one IP address for a single network card is known as a configuring a logically multihomed network adapter. Windows NT allows you to assign up to five IP addresses to a single network adapter. This is known as a logically multihomed network adapter. Compare this to what is traditionally called a multihomed system, where you have multiple network interfaces on a system, each with its own unique IP address. There are advantages and disadvantages to a logically multihomed configuration.
One of the advantages of a logically multihomed system is very apparent when used in conjunction with the new Internet Information Server (IIS) that is included with NT Server 4.0. IIS can be configured to respond to a default hypertext transport protocol (http) request in different ways depending on which one of the logically multihomed IP addresses is accessed. If you want to run three Web sites from your server, logical multihoming makes this easier and cleaner. For instance, if you wanted to host xyzcorp.com, USAcollege.edu, and greenfood.com from your server, you would simply designate a different IP address for each site and then bind all three IP addresses to your network adapter. Then when someone uses a Web browser to connect to xyzcorp.com, he or she will get the home page for xyzcorp; if connecting to USAcollege.edu, the user will get the default page for USAcollege. For more information about using a multihomed system with IIS, see Chapter 34, Windows NT as an Internet Server, which includes additional coverage of IIS.
One thing to be aware of with logical multihomed adapters is that NetBIOS over TCP/IP (NetBT) will only be bound to the first IP address of a logically mulithomed adapter. If you want multihomed support with NetBT, you need to install multiple network adapters with a single IP address bound to each adapter.
If you need to use TCP/IP to communicate with a computer outside of your subnet, the communication needs to be done through an IP gateway. Many smaller LANs include only a single gateway between subnets. However, for additional levels of fault tolerance, many larger and more stable networks are designed with multiple IP gateways between their major subnets.
Windows NT enables you to take advantage of these multiple gateways to provide fault tolerance in case the default gateway becomes unavailable. For each network card onto which you bind TCP/IP, you can also specify as many backup gateways as you have available. When you specify additional IP gateways, if the default gateway fails, NT will automatically attempt to use each of the additional IP gateways, in the order listed, until it can find a functioning gateway.
Windows NT 4.0 includes a new technology called Point-to-Point Tunneling Protocol (PPTP), which allows you to create multiprotocol virtual private networks (VPNs). PPTP that takes advantage of Windows NT's Remote Access Service (RAS), but when you install PPTP, by default, you will be able to use your network as normal as well as take advantage of the VPN features provided by PPTP. However, you might want to prevent your system from responding to any non-PPTP traffic on the network, thus isolating it from the "public" network it is physically connected to. If you enable the PPTP Filtering, your NT Server will only communicate with machines on its VPNs.
For more information on PPTP, see Chapter 20.
One of the new features of Windows NT 4.0 is the ability to filter network traffic by TCP or UDP port number, as well as IP protocol value. This allows you to control the type of TCP/IP traffic that your server will respond to, providing a higher level of security. For instance, if you were running a SQL server on your system, you might want to permit access only to the ports your databases listen to.
For more information on TCP/IP Security, see Chapter 25.
Once TCP/IP is installed, if you need to configure additional IP addresses or IP gateways, use the following procedure:
Advanced IP Addressing allows you to enter multiple IP addresses or gateway addresses, as well as enable TCP/IP security.
Use the TCP/IP Security to restrict access based on TCP, UDP, or IP protocol information.
Once the system has restarted the changes you made will take effect.
If you have Domain Name System (DNS) servers in your organization or you are connected to the Internet, you will most likely want to configure your NT Server to take advantage of them.
NOTE: There are so many acronyms in the computer industry, it's very difficult to keep them all straight. A common mistaken acronym is DNS. Many people think it stands for Domain Name Server, or Domain Name Service, when in fact it stands for Domain Name System. The "ultimate" authority is Request for Comments (RFC) 1034 and 1035, where DNS is defined.
The following set of procedures explains how to configure the items in the DNS tab of the Microsoft TCP/IP Properties window.
DNS options for TCP/IP properties.
NOTE: A common problem point is that people don't understand how the computer name and domain information entered into this screen differ from the computer and domain information entered when NT was installed. Here are some tips:
- There are two name resolution processes at work here: the Windows/NetBIOS naming process and the DNS naming process. You should make every effort to use the same name here as the name registered for your system with the NT domain.
You should make sure the name registered with the DNS for the IP address you are using is the same as the name you typed in typed into the Host Name field. You can use the -a switch for the ping command to verify the hostname with the DNS. For more information on the ping command, see the section titled "Diagnostic Utilities" later in this chapter. The domain name entered into the Domain field in is the DNS domain name for your network. This is rarely the same as the NT domain. Typically it is something such as xyzcorp.com or campus1.USAcollege.edu. For more information on this topic, see Chapter 12.
The domain suffix search order.
Given this setup, if you typed ping server1 at the command prompt, NT would first try to locate a machine called server1.xyzcorp.com, since xyzcorp.com is my DNS domain. If a machine by this name is not found, it would try server1.houston.xyzcorp.com, server1.denver.xyzcorp.com, server1.washington.xyzcorp.com, and finally server1.USAcollege.edu, until a valid machine is found. At this point, if no machine is found, you will get an error message.
The WINS Address tab in the Microsoft TCP/IP Properties window enables you to configure your NT system to take advantage of any WINS servers available on the network. Additionally, it provides you more methods of Windows name resolution, such as using DNS for Windows name lookups and LMHOSTS files. For more about theses services, please see Chapter 12.
If you want to configure any of these options on your system, use the following set of procedures:
WINS configuration options.
Windows NT Server supports static IP routing (IP forwarding) on multihomed systems. Until the 4.0 release, NT Server was capable of static IP routing only. This allowed you to configure NT to work with other static IP routers on the network. Under this configuration, you need to use the route command to create static routes. However, with NT Server 4.0, Microsoft includes a Routing Information Protocol (RIP) agent that allows NT Server to collect RIP information from other routers on the network.
To configure your NT Server as an IP router, use the following procedure.
Enabling IP static IP routing.
If you also want to enable dynamic RIP routing, you must install the RIP for Internet Protocol service. Continue with the following procedure to install this service as well:
Selecting the RIP for Internet Protocol entry.
Windows NT includes an optional service called Simple TCP/IP Services. This service allows Windows NT respond to a number of network utilities that are somewhat prevalent in the UNIX world. For most environments, these utilities provide no real functionality.
Simple TCP/IP services are all based on UDP and provide support for
NOTE: Although it might seem that the Ping diagnostic utility would probably use the Echo service, it does not. You do note need to install the Echo service to support Ping. The echo service uses UDP packets and operates at a much higher level than Ping, which uses ICMP packets.
Microsoft has included a number of TCP/IP diagnostic utilities with Windows NT. Many of these utilities, such as ping and tracert, are functionally identical to common implementations on other platforms, including most UNIX systems. Other utilities, such as nbtstat, are more specific to Windows environments and do not have direct analogues on non-Windows systems.
All of the diagnostic utilities listed in this section are automatically installed when you installed TCP/IP on your system. They are all located in the %SystemRoot%\system32 directory.
The arp command is used to display or modify the IP address to physical network address lookup table maintained by Windows NT. This table is called the address resolution protocol (ARP) table.
The syntax for the arp command is arp -a [IP_addr] [-N [if_addr]] arp -d IP_addr [if_addr] arp -s IP_addr mac_addr [if_addr]
-a displays the current ARP table. If inet_addr is included, the IP and physical addresses for only the specified computer are displayed. If there is more than one network interface using TCP/IP, the ARP table for each is displayed.
-N if_addr displays the ARP entries for the network interface specified by if_addr.
-d deletes the ARP entry specified by inet_addr.
-s is used to manually add an entry in the ARP table. Typically, ARP entries age out of the table after a period of time. However, when you manually add an ARP entry, the entry will be permanent.
mac_addr specifies the physical address of the network adapter. It is represented as eight hexadecimal pairs separated by dashes.
IP_addr specifies an IP address.
if_addr indicates the address of the network adapter on which the ARP table should be updated.
The hostname command returns the name of the computer as defined in the DNS tab of the TCP/IP configuration window. There are no options to this command.
The ipconfig utility is useful for getting a quick look at a system's TCP/IP configuration. It is especially useful when your systems receives its IP configuration from a DHCP server.
The syntax for the ipconfig command is
ipconfig [/all | /release [adapter] | renew [adapter]]
If you run ipconfig without any switch options, it returns the IP address, subnet mask and default gateway for all network adapters bound with TCP/IP.
/all causes ipconfig to return additional IP configuration information for all network adapters running TCP/IP. This information includes the TCP/IP hostname, list of all DNS servers, node type, NetBIOS scope ID, state of IP routing (IP forwarding) on your system, state of WINS proxy on your system, and if your system will use DNS to provide NetBIOS name resolution. Additionally, for each network adapter using TCP/IP, it will provide the physical address of the adapter, whether or not it gets its information from a DHCP server, its IP address (or IP addresses if it's logically multihomed), its subnet mask, default gateway, and any WINS servers it uses.
/renew [adapter] is useful only when your system acquires its IP information dynamically from a DHCP server. If you use the switch without specifying an adapter, it will attempt to renew the DHCP lease for all adapters. If you only want to renew the lease for a specific network adapter, you can do that by typing its name. If you do not get your IP information from a DHCP server but you use this switch, it will return an error.
/release [adapter] is functionally the opposite of the /renew switch. If you use the switch without specifying an adapter, it will attempt to release the DHCP lease for all adapters. If you only want to release the lease for a specific network adapter, you can do that by typing its name.
The nbtstat command is used to display the status of NetBIOS over TCP/IP (NetBT).
The syntax for the nbtstat command is
nbtstat [-a hostname] [-A IP_addr] [-c] [-n] [-R] [-r] [-S] [-s] [interval]
-a displays the remote computer's NetBIOS name table given its NetBIOS hostname.
-A displays the remote computer's NetBIOS name table given its IP address.
-c displays the NetBIOS name cache of the local computer, including the name and IP address for each entry.
-n displays the NetBIOS names of the local computer.
-R purges the NetBIOS name cache on the local computer and reloads the LMHOSTS file.
-r displays statistics for Windows name resolution. If you are using a WINS server for Windows name resolution, this option returns the number of names resolved by broadcast and the number of names resolved by a WINS server.
-S displays statistics and session information for workstation and server services. This information is listed by IP address.
-s displays statistics and session information for workstation and server services. It lists information by hostname if the IP address is listed in your HOSTS file. Otherwise, it is listed by IP address.
interval, if specified, will result in nbtstat continuously redisplaying the statistics, pausing interval seconds between each update. If no interval is specified, the information will be displayed once.
netstat can be used to examine the statistics for all TCP, IP, and UDP connections.
The syntax for the netstat command is
netstat [-a] [-e] [-n] [-s] [-p protocol] [-r] [interval]
If you run netstat without any switch options, it displays all active TCP connections.
-a tells netstat to display all the current connections and listening ports.
-e displays the network statistics. These statistics are cumulative since the last time the computer was reset. Included are the total number of bytes, the number of unicast and non-unicast packets, the number of discarded packets and the number of errors.
-n results in (by default) netstat displaying the IP hostname and port names. This switch causes netstat to instead display the IP address and port number.
-s displays the statistics for each of the protocols, TCP, IP, ICMP, and UDP. You can combine this with the -p protocol option if you only want the information for a single protocol.
-p protocol specifies that connections and statistics should be shown only for a specific protocol. Valid values for protocol are TCP, UDP, IP, and ICMP.
-r causes netstat to display the active routes from the routing table.
interval results in netstat continuously updating the statistics, pausing interval seconds between each update. If no interval is specified, the information will be displayed once.
ping is one of the fundamental diagnostic utilities. It can be used to verify if a host is reachable. When troubleshooting TCP/IP connectivity problems, ping should be the first tool to use. ping uses the Internet control message protocol (ICMP) echo packets to do its job.
The syntax for the ping command is
ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-v tos] [-r count] [-s count] [[-j host_list] | [-k host_list]] [-w timeout] destination_list
By default, ping will send four 64-byte ICMP packets with a one-second pause between each packet.
-t indicates that ping should continuously send packets until you press Ctrl+c.
-a is used to resolve the IP address to the DNS hostname.
-n count indicates that ping should send counts ICMP packets. The default is 4.
-l length indicates the length of the ICMP packet. The contents of the ICMP packet is a periodic sequence of alphabetic characters. The default packet size is 64 bytes, and the maximum is 8,192. However, Ethernet networks have a maximum data size of 1,512 bytes. Choosing a value larger than this will cause the packets to become fragmented.
-f sets the do-not-fragment flag on the packet. If you use the -l switch to indicate a packet size that is larger than the maximum packet size of one of the routers the packet must pass through, the packet will be returned with an error. You can be use this switch along with the -l option to discover the largest packet you can send from your computer to a remote host without it being fragmented.
-i ttl sets the time to live (ttl) field on the packets. The ttl is the maximum number of router hops the packet can go through before being discarded. Valid values are between 1 and 255. The default is 30.
-v tos sets the Type Of Service field to the value specified by tos.
-r count records the route of the outgoing and returning ICMP packets in the Record Route field. A minimum of 1 to a maximum of 9 hosts must be specified by count.
-s count specifies the time stamp for the number of hops specified by count.
-j host_list routes packets by means of the list of hosts specified by host_list. Consecutive hosts may be separated by intermediate gateways (loose source routed). The maximum number of hosts allowed is 9.
-k host_list routes packets by means of the list of hosts specified by host_list. Consecutive hosts may not be separated by intermediate gateways (strict source routed). The maximum number of hosts permitted is 9.
-w timeout specifies a time-out interval in milliseconds.
destination_list specifies the remote hosts to ping.
The route command is used to manage the local TCP/IP route table.
The syntax for the route command is
route [-f] [print|add|delete|change [destination] [MASK netmask] [gateway]]
-f flushes the routing table of all entries and resets it to its default values. If this option is not used alone, the route table is flushed before performing the other command.
print, used without destination, displays the entire route table. When used with destination prints the route table entry for that destination.
add adds a permanent static route.
delete deletes the route specified by destination.
change modifies an existing route specified by destination.
destination specifies the destination in the route table, and expressed in standard IP dot notation.
MASK if present, specifies that the next parameter is the netmask parameter.
netmask, when used with the add or modify command, specifies the subnet mask to use for the route entry.
gateway, when used with the add or modify command, specifies the IP gateway to use when forwarding packets to destination.
tracert is an extremely useful utility that determines the path taken between your system and a target system. If you are experiencing connectivity problems, this can be useful for pinpointing the location of the problem.
tracert uses Internet Control Message Protocol (ICMP) echo packets to accomplish its job. First tracert determines the number of router hops to its destination. Then it sends a number of ICMP echo packets equal to the hop count. On the first packet, tracert sets the time-to-live (TTL) to 1. On each successive packet, tracert increments the TTL by 1. Each time a packet goes through a router, the router decrements the TTL byWhen the TTL reaches 0, most routers send a message back to the sender indicating the packet has been discarded. This means the first echo packet sent (with a TTL of 1) will be returned by the first router. The second echo packet (with a TTL of 2) will be returned by the second router, and so on.
The syntax for the route command is
tracert [-d] [-h max_hops] [-j host_list] [-w timeout] destination
-d specifies not to resolve IP addresses to host names, which is done by default.
-h max_hops specifies the maximum number of hops to search for destination.
-j host_list specifies loose source route along host_list.
-w timeout specifies a time-out interval for each packet in milliseconds.
destination specifies the hostname or IP address of the destination computer.
Microsoft included a couple of standard TCP/IP connectivity utilities with Windows NT. These utilities include Telnet, FTP, finger, and TFTP.
Windows NT includes a graphical Telnet utility that can be used to connect to any system running a standard telnet server, as described in RFC 854. The Telnet utility can be found in the Accessories program group or can be started by typing telnet at the Run prompt.
NOTE: Windows NT Server does not include a Telnet server component. If you want to use Telnet to connect to your NT Server, there are a couple of third-party companies that make Telnet server components.
The Telnet is fairly simple, but does include features such as logging the Telnet session to file, vt-100/ansi emulation, and configurable screen settings.
Windows NT includes a relatively simple, command-line FTP client. This utility can be invoked from the Run prompt, or from the command line by typing FTP. Once in the FTP utility, you can get a simple level of help by typing help or ? at the ftp> prompt. FTP file transfers are governed by standards defined in RFC 959.
For information on installing the FTP server that comes with Windows NT, see Chapter 33, Windows NT as an Internet Server.
Also included with Windows NT is a finger client utility. This command-line utility can be used to get user information from any system running a standard finger service.
The finger command can be used in one of two ways:
The first syntax usually returns a list of users logged onto the hostname's system. The second syntax usually gives information about the specified user, such as full name, office phone number, or address. Additionally, many finger servers accept partial user names and will return all matches.
NOTE: Windows NT Server does not include a finger server service. A finger server service for NT is available from the European Microsoft Windows NT Academic Centre (EMWAC). EMWAC can be contacted at http://www.emwac.ed.ac.uk.
The trivial file transfer protocol (TFTP) command allows you to transfer files to or from a computer running a TFTP server, as defined in RFC 783.
The syntax for the tftp command is tftp [-i] host [GET | PUT] source [destination]
-i indicates a binary file transfer. You must specify this switch when transferring binary files.
host is the name of the remote machine.
GET transfers the file from host to the local machine.
PUT transfers the file from the local machine to host.
source is the full name of the file to be transferred.
destination is the name the transferred file will have when the transfer is complete. If destination is not included, the destination filename will be the same as the source.
This chapter presented a look at TCP/IP on the Windows NT platform. It included how Microsoft implemented TCP/IP on NT, as well as the steps they have taken to ensure that Windows NT can take full advantage of standards-based networking through the implementation of services such as WINS, DHCP, DNS, LPR/LPD, and other TCP/IP protocols.
You also saw how TCP/IP integration enhances connectivity with Windows for Workgroups and Windows 95 clients through a robust implementation of NetBIOS over TCP/IP. The chapter continued with an explanation of how to install and configure TCP/IP on Windows NT Server, including an explanation of how to install and configure additional TCP/IP-related services, such as IP Routing and simple TCP/IP services.
