Home > Articles > Operating Systems, Server > Microsoft Servers

Planning, Implementing, and Maintaining a Windows Server 2003 Network Infrastructure

  • Print
  • + Share This
Before you tackle MCSE Exam 70-293, you need to know TCP/IP, DHCP, and NetBIOS inside and out. This chapter from MCSE 70-293 Exam Cram will get you up to speed and provide sample test questions to see if you're ready for the real thing.
This chapter is from the book

Terms you'll need to understand:

U2713.GIF Internet Group Management Protocol (IGMP)

U2713.GIF Internet Control Message Protocol (ICMP)

U2713.GIFQuality of Service (QoS)

U2713.GIF Open Systems Interconnect (OSI)

U2713.GIF Internet Protocol (IP)

U2713.GIFAddress Resolution Protocol (ARP)

U2713.GIF Transmission Control Protocol (TCP)

U2713.GIF User Datagram Protocol (UDP)

U2713.GIFSubnet mask

U2713.GIF Classless Inter-Domain Routing (CIDR)

U2713.GIFPacket Internet Groper (PING)

U2713.GIF IPCONFIG command

U2713.GIF NBTSTAT command

U2713.GIF NETSTAT command

U2713.GIF ROUTE command

U2713.GIF HOSTNAME command

U2713.GIF TRACERT command

U2713.GIF PATHPING command

U2713.GIF File Transfer Protocol (FTP)

U2713.GIF TELNET command

U2713.GIF Remote Copy Protocol (RCP)

U2713.GIF Remote Shell (RSH)

U2713.GIF Remote Exec (REXEC)

U2713.GIF Dynamic Host Configuration Protocol (DHCP)

U2713.GIF Automatic Private IP Addressing (APIPA)

U2713.GIF DHCP Relay Agent

U2713.GIF Domain Name System (DNS)

U2713.GIF Time to Live (TTL)

U2713.GIF Recursive

U2713.GIF Iterative

U2713.GIF Incremental zone transfer (IXFR)

U2713.GIF Full zone transfer (AXFR)

U2713.GIF (A) records

U2713.GIF CNAME (canonical name) records

U2713.GIF MX (Mail Exchanger) records

U2713.GIF NS (Name Server) records

U2713.GIF PTR (Pointer) records

U2713.GIF SOA (Start of Authority) records

U2713.GIF SRV (Service) records

U2713.GIF Windows Internet Naming Service (WINS)

Techniques you'll need to master:

U2713.GIF Installing DNS, WINS, and DHCP

U2713.GIF Configuring clients to use DHCP, DNS, WINS, and APIPA

U2713.GIF Configuring clients to use Dynamic Update

U2713.GIF Configuring DHCP to perform Dynamic Update on behalf of clients

U2713.GIF Configuring DHCP scopes and optional parameters

U2713.GIF Configuring an IP subnet

U2713.GIF Analyzing IP addressing requirements

Transmission Control Protocol/Internet Protocol (TCP/IP) is a connection-oriented, Internet-standard, routable protocol in use on a majority of networks, including the Internet. The protocol suite supports connectivity across a number of dissimilar platforms and supports the main workload of most enterprises today that are designed in a client/server configuration.

Some subtle changes have been incorporated into the TCP/IP suite for Windows Server 2003. Internet Group Management Protocol (IGMP) version 3 adds support for source-based filtering and reporting while maintaining backward-compatibility with version 2. You can also use other settings so that systems can be configured to use an alternate, manually configured IP address instead of one that a Dynamic Host Configuration Protocol (DHCP) server provides. Autoconfiguration of the enabled network card interface (NIC) metric is also available; this feature determines the best routing metric for each interface's default gateway, based on its speed. Support for TCP/IP version 6 has also been added in Windows Server 2003.

Overview of TCP/IP

TCP/IP is a network communication protocol suite. It can be used as a communications protocol on private networks and is the default protocol in use on the Internet. When you set up any system to have direct access to the Internet, whether it is via dial-up or a high-speed technology, your system needs to use TCP/IP whether it is a Windows-based system or not.

Also, if systems need to communicate to other TCP/IP systems on the local area network (LAN) or wide area network (WAN), they often use TCP/IP as well.

OSI Model

TCP/IP is technically made up of two protocols. The upper layer, Transmission Control Protocol, is responsible for breaking data down into smaller packets to be transmitted over the network from a sending system (local and Internet), and the TCP layer on the receiving system reassembles the packets it receives into the original data structure. The lower layer, Internet Protocol, addresses each packet so that it gets delivered to the correct remote system. Each routing device on the network, be it a hardware router or a server system performing routing functions, checks the destination address to see where to forward the message.

The TCP/IP protocol suite maps to a four-layer conceptual model, which parallels the seven-layer Open Systems Interconnect (OSI) protocol model described in the following list:

  • Physical layer—This layer defines the interface between the network medium (such as ethernet or token ring) and the hardware device (such as a NIC). Multiplexers, hubs, and repeaters are just a few examples of the components found at this layer of the OSI model.
  • Data Link layer—This layer is divided into two sublayers: Logical Link Control (LLC), which handles error correction and flow control, and Media Access Control (MAC), which handles communication with the NIC. Bridges and switches are components that operate at this layer of the OSI model.
  • Network layer—This layer translates logical network address and names to MAC addresses for routing data packets over a network. A number of protocols run at the Network layer, including IP, Address Resolution Protocol (ARP), Reverse ARP (RARP), Internet Control Message Protocol (ICMP), Routing Information Protocol (RIP), Open Shortest Path First (OSPF), IGMP, Internetwork Packet Exchange (IPX), NWLink (the Microsoft version of the IPX/SPX protocol suite), and NetBIOS Enhanced User Interface (NetBEUI). Brouters, routers, and some types of ATM switches can be found at this layer of the OSI model.
  • Transport layer—This layer provides an additional connection below the Session layer and assists with managing some data flow control between hosts. Data is divided into packets on the sending node, and the receiving node's Transport layer reassembles the message from packets. This layer is also responsible for error checking to guarantee error-free data delivery, and requests a retransmission if necessary. It is also responsible for sending acknowledgments of successful transmissions back to the sending host. A number of protocols run at the Transport layer, including TCP, ARP, RARP, Sequenced Packet Exchange (SPX), and NWLink. Gateways and certain types of routers can be found at this layer of the OSI model.
  • Session layer—This layer establishes, maintains, and ends sessions between transmitting hosts and controls which host can transmit data at a given interval and for how long. A number of protocols run at the Session layer, including Named Pipes, NetBIOS Names, Remote Procedure Calls (RPC), and Mail Slots. Gateways and certain types of proxy servers operate at this layer of the OSI model.
  • Presentation layer—This layer translates data from the way applications understand it to the way networks understand it. It is responsible for protocol conversions, data encryption and decryption, and data compression and decompression when the network is considered. Gateways and certain types of redirectors operate at this layer of the OSI model. There are no protocols that normally operate in this layer of the OSI model.
  • Application layer—This layer allows access to network services for applications specifically written to run over the network. Some protocols found at this OSI layer include File Transfer Protocol (FTP), Trivial FTP (TFTP), Bootstrap Protocol (BOOTP), Simple Network Management Protocol (SNMP), Simple Mail Transfer Protocol (SMTP), Telnet, NetWare Core Protocol (NCP), and Server Message Block (SMB) .

The four-layer conceptual model for the TCP/IP protocol suite is as follows:

  • Network Interface layer—This layer is responsible for putting bits on the wire and correlates closely with the OSI model's Physical layer and Data Link layer.
  • Internet layer—This layer is responsible for encapsulating data packets into Internet datagrams. The Internet layer correlates, for the most part, with the OSI model's Network layer. Four Internet protocols operate at this layer:
    • IP supports connectionless packet delivery for all other protocols, such as TCP or User Datagram Protocol (UDP). IP does not guarantee packet arrival or correct packet sequence, nor does it acknowledge packet delivery. These tasks are left to the application using the network or higher-level protocols, such as TCP. IP is responsible for addressing and routing packets only; error correction is left to the application or to higher-level protocols.
    • ARP is responsible for mapping IP addresses to physical machine addresses called MAC addresses. IP broadcasts a special ARP inquiry packet containing the destination system's IP address, and that system replies by sending its physical address to the requester.
    • ICMP is charged with message control and error-reporting between network hosts. Higher-level protocols use this information to recover from transmission errors.
    • IGMP allows hosts to report their multicast group membership to multicast routers. With multicasting, hosts can send multicast traffic to a single MAC address, so multiple nodes can process the traffic.
  • Transport layer (also called Host-to-Host Transport)—This layer basically (but not entirely) correlates with the OSI model's Transport layer. The two Transport layer protocols, TCP and UDP, provide communication sessions between systems.
    • TCP is a connection-oriented protocol that guarantees data delivery by assigning a sequence number to each transmitted data segment so that the receiving host can send an acknowledgment (ACK) to verify that the data was received intact. If an ACK is not received or there was a transmission error, the data is sent again.
    • UDP is a connectionless protocol that does not guarantee delivery or correct sequencing of packets. Applications that use UDP are typically tasked with the responsibility of ensuring data delivery because the protocol does not. UDP is often used instead of TCP because of its lower overhead. TFTP is an example of an application that uses UDP.
  • Application layer—This layer is where network-aware applications operate. Network applications most commonly use two TCP/IP services, Winsock and the NetBT interface.

IP Addressing

IP version 4 (IPv4) addresses are made up of four 8-bit fields (octets)—32 bits total. There are five IPv4 address classes: A, B, C, D, and E.

IPv4 addresses consist of a network ID and a host ID. The network ID identifies the numeric network name of the physical network where the hosts exist. The host ID identifies the numeric network name of the individual TCP/IP host on a network. For example, in the Class A IP address, 10 represents the network ID and 0.0.1 represents the host ID. The numeric host ID must be unique on the internal network—that is, no two nodes on a network can have the same network ID and host ID. Using the previous example, only one host can be assigned the host ID of 0.0.1 on the given network.

A subnet mask is used to divide an entire TCP/IP address in an effort to define which part of the address is the network number and which part is the host system's numeric identifier. The bits in a subnet mask are set consecutively from left to right. For example, the subnet mask is valid because all eight bits are set in the first two octets and the first bit of the next octet is also set (11111111.10000000.00000000.00000000). The subnet mask is not valid because it has a "missing" bit, which is not allowed (11111111.01000000. 00000000.00000000).

Subnet Masks

When assigning IP addresses, each host requires a subnet mask to determine which part of an IP address to use as the network ID and which to use as the host ID.

The default subnet masks for the three IP address classes are

  • Class A -
  • Class B -
  • Class C -

For example, the default subnet mask for a Class C address is, which means the first three octets identify the network and the last octet indentifies the host.

The subnet mask is also used to determine whether the destination host is on the local subnet or a remote subnet. The subnet mask of the local host is compared against the IP address of the destination host and, through a process known as anding, it is determined whether the destination IP address is the local or a remote network. If the destination IP address within a packet is on a remote network, the packet is sent to the default gateway.

Basically, the number of 1's in the binary address of the subnet mask are masked against the IP address to determine if the address is on the local network or a remote network. When the bits of the subnet mask are compared against the bits in the IP address, all combinations of 1's and 0's result in a value of 0, except for 1 and 1, which results in a value of 1.

Let's take at an example of how this process works. The source host has an IP address of and a subnet mask of The destination host has an IP address of

IP address 11000000 10101000 00000000 00001010 (

Subnet mask 11111111 11111111 11111111 00000000 (

Results 11000000 10101000 00000000 00000000

IP address 11000000 10101000 00010010 00000010 (

Subnet mask 11111111 11111111 11111111 00000000 (

Results 11000000 10101000 00010010 00000000

As you can see from the preceding example, the source IP address is anded against the subnet mask. The destination address is anded against the subnet mask assigned to the source host. If the results are not the same, the destination host is on a different network or subnet. Conversely, if the results are the same, it is determined that the destination host is on the local network.

The original IP definitions set five classes of IP addresses, from A through E. (A, B, and C are for general-purpose use, D is used for multicasting, and E is reserved.) These classes made it possible to use one portion of the 32-bit IP address scheme for the network address and the remaining portion for nodes on the network.

In the past, some networks needed more addresses for systems than the 254 a Class C address supplies. This was a major contribution to the shortage of IP addresses. Organizations often requested a Class B range that offered 65,534 available addresses rather than a few Class C ranges that might have suited their needs. The result was that many addresses within their allotted Class B blocks went unused.

However, Classless Inter-Domain Routing (CIDR) addressing is now used more often for IPv4 addressing schemes. It effectively "removes" the class from an address for the purpose of combining ranges, so it makes better use of the limited number of remaining available IPv4 addresses. A CIDR network address looks like this:

The network address is The /18 specifies that the first 18 bits of the address are the network part of the address, which leaves the last 14 bits for the network hosts' address.

Both Border Gateway Protocol (BGP) and OSPF support CIDR. Older gateway protocols, such as Exterior Gateway Protocol (EGP) and Routing Information Protocol version 1 (RIPv1), do not support CIDR. Because CIDR supports multiple subnet masks per subnet, it requires routers that support more advanced interior routing protocols, such as RIPv2 and OSPF.

Create an IP Subnet Scheme

Implementing subnets helps control network traffic and enables network administrators to create smaller collision domains. Every node on the same physical ethernet network sees all data packets sent out on the network, which results in multiple collisions and affects network performance. Routers or gateways separate networks into subnets. Subnet masks on each node allow nodes on the same subnetwork to continue communicating with one another and with the routers or gateways they use to send their messages.

Subnet masking enables you to identify the network ID and host (node) ID of an IP address. The following example is a default Class B subnet mask:

IP Address       :
Address Class    : B
Network Address  :

Subnet Address   :
Subnet Mask      :
Subnet bit mask  : 11111111.11111111.11110000.00000000
Subnet Bits      : 20
Host Bits        : 12
Possible Number of Subnets : 16
Hosts per Subnet : 4094

Selected Subnet  :
Usable Addresses : 4094
     Host range  :  to
     Broadcast   :

To subnet networks further, more bits can be added to the subnet mask for a class of addresses.

The following example is a Class B address using an additional bit subnet mask of 240. Notice that instead of having the single subnet and 65,534 hosts per subnet allowed under the default subnet mask, you can have up to 16 subnets with up to 4,094 hosts per subnet by using a subnet mask of (Table 3.1 shows a sample IP addressing scheme):

11111111.11111111.11110000.00000000 Subnet Mask
IP Address       :
Address Class    : B
Network Address  :

Subnet Address   :
Subnet Mask      :
Subnet bit mask  : 11111111.11111111.11110000.00000000
Subnet Bits      : 20
Host Bits        : 12
Possible Number of Subnets : 16
Hosts per Subnet : 4094

Selected Subnet  :
Usable Addresses : 4094
     Host range  :  to
     Broadcast   :

Table 3.1. Example of an IP Addressing Scheme



Subnet Size

Host Range


4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

4094 to

When you use standard subnet masks in classful IP addressing schemes, you can plan how many hosts you can support per subnet and how many subnets are available for use. Table 3.2 shows classful IP addressing schemes and uses 255.x.0.0 as the default mask for Class A addresses, 255.255.x.0 as the default mask for Class B class addresses, and 255.255.255.x as the mask for Class C addresses. In these classes, the X is the subnet mask variable in the table's Subnet Mask column. The table identifies how many subnets ID are supported by each subnet mask and the maximum number of hosts per subnet.

Table 3.2. Subnet Masking for Classful IP Addressing

Subnet Mask

Number of Subnets in Classful Range

Number of Class A Hosts per Subnet

Number of Class B Hosts per Subnet

Number of Class C Hosts per Subnet














































IP Address Classes

IP addresses are organized into different address classes that define the number of bits out of the 32 that are used to identify the network and which are used to identify hosts on a network. By examining the address classes, you can also determine the number of networks and the number of hosts.

TCP/IP Class A Addresses

Class A addresses have an official start address of and an official ending address of However, the last usable client address in the range is because the 127.x.x.x range is used for internal host loopback.

The full range of addresses that can be assigned to hosts is to, with as the broadcast address. The local host uses when it has been configured to use a DHCP server but cannot reach one and cannot assign itself an address using APIPA. (This situation would be unusual.)

There are 126 Class A networks total, and each is allowed to have up to 16,777,214 hosts.

Three IP network addresses are reserved for private networks as defined in Request for Comment (RFC) 1918. The Class A range is to, with a subnet mask of

These addresses can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a Network Address Translation (NAT) server, proxy server, or router. It is always safe to use them because routers on the Internet never forward packets coming from these addresses.

TCP/IP Class B Addresses

The Class B range of IP addresses starts with address and ends at address IP addresses to are the usable range of Class B addresses for node assignment.

Three IP network addresses are reserved for private networks, as defined in RFC 1918. The Class B range is to, with the subnet mask These addresses can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a NAT server, proxy server, or router. It is always safe to use these addresses because routers on the Internet never forward packets coming from these addresses.

TCP/IP Class C Addresses

The Class C range of IP addresses starts at address and ends at IP addresses to are the usable range of Class C addresses for node assignment.

Three IP network addresses are reserved for private networks, as defined in RFC 1918. The Class C range is to, with the subnet mask These addresses can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a NAT server, proxy server, or router. It is always safe to use them because routers on the Internet never forward packets coming from these addresses.

TCP/IP Class D Addresses

The Class D IP addresses range from through Internet Assigned Numbers Authority (IANA) has set aside this range as a special class of addresses for multicast uses. ISPs are unable to allocate Class D address space to their customers because IANA is the only body through which these addresses can be allocated.

Allocation of Class D addresses is required only if you want to be a multicast source. You can still receive multicast data without needing a separate Class D address.

TCP/IP Class E Addresses

IANA has set aside Class E IP addresses from to as a special class of addresses for experimental and future use. The IP address broadcasts to all hosts on the local network and, therefore, is not considered part of the Class E IP addresses.

Well-Known Ports

A number of well-known ports (0–1023) are used by different services on computers. For a single IP address on one system to offer all possible services to a network, each service must function on its own TCP or UDP port from that IP address.

You can find a helpful table at http://www.networksorcery.com that includes links to definitions and additional notes for some services. The following ports and associated protocols are the most important ones to remember for the certification exam:

  • 20—FTP—data
  • 21—FTP—control
  • 22—Secure Shell (SSH)
  • 23—Telnet
  • 25—SMTP
  • 37—Time Protocol (Time)
  • 49—Terminal Access Controller Access Control System (TACACS), TACACS+
  • 53—DNS
  • 67—BOOTP—server
  • 68—BOOTP—client
  • 69—TFTP
  • 70—Gopher
  • 79—Finger
  • 80—Hypertext Transfer Protocol (HTTP)
  • 88—Kerberos
  • 109—Post Office Protocol version 2 (POP2)
  • 110—Post Office Protocol version 3 (POP3)
  • 115Simple File Transfer Protocol (SFTP)
  • 119—Network News Transfer Protocol (NNTP)
  • 123—Network Time Protocol (NTP)
  • 137—NetBIOS Name Service
  • 138—NetBIOS Datagram Service
  • 139—NetBIOS Session Service
  • 143—Internet Message Access Protocol (IMAP)
  • 153—Simple Gateway Monitoring Protocol (SGMP)
  • 161—SNMP
  • 162—SNMP—traps
  • 179—BGP
  • 389Lightweight Directory Access Protocol (LDAP), Connection-less Lightweight X.500 Directory Access Protocol (CLDAP)
  • 443—HTTP over Secure Socket Layer/Transport Layer Security (SSL/TLS)—HTTPS
  • 464—Kerberos change/set password
  • 500—ISAKMP, Internet Key Exchange (IKE)
  • 546—DHCPv6 client
  • 547—DHCPv6 server
  • 631—Internet Printing Protocol (IPP)
  • + Share This
  • 🔖 Save To Your Account