Here are my notes on one of the more challenging topics of the MCSE and Cisco exams.
Sound: Submarine ping
RouterGod.com has articles "written" by celebrities, such as Gillian Anderson tracking down the elusive bugs within LAN switching and Robert Downey Jr. on that repeat offender, the IEEE 802.3 Ethernet frame.
To display the NetBIOS names registered locally on the system by the server and redirector:
To monitor the status of NetBIOS browsers on user-selected domains, use the Browser Monitor from the Resource Kit:
On a Windows 2000 Server, WINS is installed as a Windows service over TCP Port 42.
Windows legacy machines use WINS to resolve NetBIOS names to IP addresses across subnets.
WINS ClientThe client wanting to use a WINS server must have its TCP/IP NetBIOS Helper service started.
To display a WINS client's local name table: Nbstat -n
A workstation client can use a hosts file to manually assign IP addresses to domain names. These files have no file extension names and are in folder %windir% \System32 \Drivers \Etc
A maximum of 11 WINS servers can be specified by a Windows 2000 client, but only 2 in an NT4 client.
To force WINS clients to release and refresh NetBIOS names on resource servers in the WINS database (such as after a WINS server is restored from backup files): Nbstat -RR
WINS ServerWINS-R resource records for reverse lookup zones.
To implement a replication partner... push/pull in a hub-and-spoke design to a multiple hub-and-spoke design
WINS MMC Show statistics and find records beginning with a specified set of characters.
To have WINS discover its WINS replication partners, check Enable Automatic Partner configuration.
To set database and event logging for WINS:
To overwrite the static records with dynamic records where applicable, in Replication Partners, Properties, check the Enable Migrate check box. However, for a WINS server to receive them, its “Migrate On” option needs to be enabled.
The default WINS backup path is \Wins_bak\New
Scavenging the database verifies and releases records.
WINS ProxyA WINS proxy forwards b-node broadcasts to WINS servers on remote subnets.
Setting up a computer to become a WINS Proxy requires using regedit In key HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Netbt \Parameters set the EnableProxy parmeter to 1.
.post — a non-profit domain, sponsored by the Universal Postal Union,
with be prefixed with 3 letter code for each country,
.edu domains are for accredited degree granting higher education institutions.
.fm for Micronesia is used for FM radio stations.
The .la ccTLD assigned to Laos is being associated with “Los Angeles”.
Several new top level domains approved by ICANN in 2001:
.info (information services) registras are authorized by Afilias
85,000 registrations of
.eu was approved by ICANN in March 2005 to launch in early 2006 through Belgium-based registrar EURid.
Domain Naming Strategies
e... i... internet... z... cyber... hyper... online... digital...
global... national... international... intl... (SCOPE/REACH)
free... official... public... academic...
the... extreme... total... all...
buy... ask... do... go... go2... think... try... (action verbs)
easy... fast... quick... fit... dynamic... rapid...
mobile... robo... wireless...
basic... advanced... mini... mass... massive... max... sample... special...
expert... helpful... wise... sound... smart...
useful... reliable... true... practical...
cool... fantastic... safe... open... real... bright... brilliant...
quality... magic... dynamic... phat... golden... amazing...
famous... killer... fantastic...
better... best... top... great... greatest... preferred... leading...
steel... titanium... granite... stone...
daily... your... my... our...
life... living... personal...
...online ...togo ...info ...portal ...tech ...link
...data ...database ...info ...share
...source ...bench ...bank
...sys ...systems ...app
...command ...center ...control ...net
...summit ...group/s ...groupie ...afficiado ...forum
...haven ...site ...center ...central ...hub ...community
...heaven ...source ...resource
...house ...showroom ...loft ...store ...studio ...shack ...hotel
...avenue ...boulevard ...street ...highway ...corner
...station ...base ...depot ...zone ...lane
...galaxy ...universe ...orbit ...planet ...space
...home ...office ...desk ...paper ...tab ...box ...lockbox
...store ...shop ...pit ...bay ...garage ...pool ...rings ...lab/s ...factory
...clinic ...club ...school ...seminars
...help ...411 ...911 ...answers ...advice ...rx
...experts ...pro/s ...wiz ...geek/s ...champions ...kings
...consulting ...design/s ...initiative/s ...research ...survey/s ...alert
...advisor/s ...broker/s ...developer/s ...partners
...solutions ...tools ...toolkit ...app ...services
...corp ...enterprises ...fund ...foundation ...institute
...ontime ...ready ...freedom
...forever ...4u ...baby ...fever ...age
...fx ...magic ...science
...above ...love ...shock
...123 ...007 ...86 ...89
...anxiety ...phobia ...syndrome
Even though Wal-Mart won Wal-MartCanadaSucks.com, the company
proactively registered over 100 unflattering variations on it trade name.
IHate... Dontbuy... evil...
Popular hate sites include ununited.com
Copy and paste this to the form to un-obfuscate the tricks
used by this URI to the format of a URI:
The "ebay.com" at the begginning are actually part of the account and password portions of website requests. The real address is to the right of the first @ sign,
The real IP address is also obfuscated using extra leading zeros that are automatically ignored or specifying octal or hex addresses (which are preceded with x, as in xF3).
Is the link below from the U.S. government? Click "Reveal URL" and see how a spammer can obfuscate (hide) the true origin of their website:
This could be a security vulnerability for clients using other means (below) to obtain its IP address, so disable this default behavior by adding onto the client a IPAutoconfigurationEnable REG_DWORD entry with value 0 (zero) in registry key HKLM \System \ Current\ CurrentControlSet\ Services\ Tcpip\ Parameters\
DHCPDHCP dynamically assign IP addresses to clients that request them. Reduced manual fiddling of each machine almost eliminates the chance (and hassle of tracking down) duplicate IP address assignments. (Unique static IP addresses cannot be assigned to users through DHCP).
All Windows 2000 systems have a DHCP client service that starts automatically by default without being configured as DHCP clients.
Client workstations automatically lease IP addresses from a DHCP server service [RFC 2131 & 2132] running on a Windows 2000 domain controller. The DHCP server service must be manually installed on a Domain Controller using Add/Remove Programs, Windows Components.
The DHCP database DHCP.mdb is in folder %systemroot%\system32\dhcp.
Registry keys used by DHCP are in
To stop DHCP server from a command line:
net stop dhcpserver
Client requests for DHCP can be routed 2 ways:
DHCP Server Authentication ProtocolNew to Windows 2000: To avoid rogue DHCP servers on a network, DHCP service checks the Active Directory to see if its has been authorized by a member of the Enterprise Admins group.
Dhcpexim.exe from the Resource Kit exports the server configuration and database (scopes) from a DHCP server. It can only import into Windows 2000 DHCP servers. It does not export these items:
To define IP scope options and client reservations:
Static IP Addresses used for servers on the network should be specified in DHCP Exclusion scopes.
A Superscope combines individual scopes (within a single physical segment) into a logical multinet. Superscopes are used when several DHCP servers serve a single subnet. (In Windows 2000, they can only be specified after a scope has been defined) To ensure that individual DHCP clients always receive addresses from the same DHCP server, create on each DHCP server the same superscope with a member scope for the IP range managed by each DHCP server. This is so DHCP servers do not send DHCPNak messages for ranges of other DHCP servers. Then on each DHCP server exclude ranges for other servers.
Activating the scope is a separate manual step commonly missed.
The client broadcasts a DHCPREQUEST to attempt to renew its lease at 50% (point T1) and at 87.5% (point T2).
By default, DHCP servers are set to “Automatically update DHCP client information in DNS” — A and PTR records.
To invoke DHCP class id XXXX on each DHCP client computer:
NAT is emphasized over ICS because NAT provides a higher level of customization and control.
A NAT server allows outbound traffic to the external internet. By default, a NAT server allows inbound traffic only through connections already established by an internet host (typically port 80).
To access traffic from a special port from an external host:
If the public interface of the NAT server is configured with multiple IP addresses, make address reservations to map specific external addresses to specific internal addresses.
Selection of 006 DNS Servers option at the scope level overrides the selection at the server level.
ICS provides a proxy server service and Internet gateway. ICS and Windows 2000 routes packets from the internal LAN through one NIC on the internal subnet and out another NIC facing the external internet.
ICS allows clients to use standard Internet tools to access e-mail or the Web, or perform any other operations supported by the Internet.
ICS is implemented by setting the TCP/IP connection property.
During ICS installation, the ICS DHCP allocator is automatically enabled. Windows 2000 Server uses the ICS DHCP allocator (a simplified DHCP process) to automatically assign clients private IP addresses in the range of 192.168.0.2 to 192.168.254.254 and a class C subnet mask of 255.255.255.0.
The server's NIC which connects to the internal LAN is assigned the “LINKLOCAL Network” static private IP address of 192.168.0.1. This is the IP gateway address for other clients on the LAN.
The external NIC can include a standard telephone modem. If so, check the “Enable On-Demand Dialing” option.
Clients -- called resolvers -- make requests of DNS name servers. Two DNS servers are usually specified (in client machine TCP/IP properties) for load balancing and fault tolerance.
DNS servers refer to 3 types of records to answer 3 types of queries:
PTR (Pointer resource) records are used to answer a reverse lookup of an IP address to a host name (another DNS domain name location). IP address to host name mappings are in the z.y.w.x.in-addr.arpa file. Create file 220.127.116.11.in-addr.arpa zone file for reverse lookup.
SRV (Server location) records -- new in Windows 2000 DNS -- are used to locate domain controllers. SRV specifies the server to which a DNS name server forwards when it cannot resolve a query. Windows 2000 server requires DNS to locate domain controllers. On Windows 2000, DNS is installed as a Windows component on a domain controller with a static (not dynamic) IP address.
Other types of resource records:
SOA (Start Of Authority) records indicate the name of origin and other basic properties for each zone, including the name of the primary server for the source for information about the zone,
CNAME (Cononical name) records define aliases.
MX (Mail exchanger) records define the owner and mail exchange server DNS name, with preference number.
There is a separate set of these DNSNode records for each DNSZone handled by a DNS server. DNS only resolves queries for zones to which it has authority. Zones are part of a hierarchial structure of top-level domains over Second-level domains (represented by the organization's name, such as Microsoft or Compaq), etc.
This is done using the DNS Console Manager GUI -- in a zone's Properties dialog box General tab, click the change button. Alternately, use a script to issue sub-commands from command interface
Default Server: rns2.earthlink.net
AD Integration is reversed in the Advanced tab by setting the “Load Data On Startup” field to “From Registry”.
Use the Windows 2000 Network Monitor to monitor and capture packets sent to and from DNS servers.
DNS server administration can be done by a script using this utility from the Windows 2000 Server product CD:
Servers send an A (resource) record to DNS when it first boots up. To force a member server to register itself to DNS:
In the Event Log, the DNS log file shows DNS request activities. But it doesn't show specific zone property changes or information about existing zone transfers.
Caching-only DNS servers work from data cached while resolving queries using server in Root Hints stored in the Cache.dns file rather than from DNS zone transfers.
Name Server (NS) Registry.com allows you to check if a name server is valid.
DNS and Bind by Cricket Liu (O'Reilly) Bind v8.1.2 (not 8.1)
Under DDNS, DCs dynamically register SRV (SeRVice location resource) records, which simplifies setup of Active Directory. Active Directory provides replication.
Earlier AXFR (All zone transfer) entire file is sent.
Incremental Zone Transfer (IXFR) [RFC 1995] is requested by a message with a serial number (SOA) so only the most recent changes are sent back.
Secure dynamic update, defined in IETF Internet-Draft "GSS Algorithm for TSIG (GSS-TSIG)" API [RFC 2078], protects zone and resource records from being manipulated:
Each IP number points to a specific address:
Allocation of IP'sIP adddresses are pre-allocated by the IANA in its IP version 4 (IPv4) RFC 1918 first published September, 1981.
Each IP address has network address and host portion. IANA allocates network address prefixes to organizations, which then manage their host portion.
With IPv6 CIDR defined by RFC 2471, instead of blocks of IP addresses being assigned in powers of 256, blocks will be assigned in powers of 2 — making more efficient use of the available address space.
Let showmyip.com lookup the geographic location associated with an IP Address
Size MattersEach IPv4 address is 32 bits. Although 2 to the power of 32 is 4,294,967,296, there are only 3,720,314,628 possible hosts because some address are reserved by IANA. So, 25% of the pool of addresses is underutilized.
Each IPv6 address is 16 bytes or (x8=) 128 bits, which provides an
address space of 3.4 times 10
RFC 1918 lists TCP/'IP addresses not routed by the Internet.
For convenience, the 32 bits of IP addresses are expressed in dotted decimal notation and formated in 4 segments: w.x.y.z. An IP address such as 18.104.22.168 represents 4 octets of 8 bits each. The “oct” prefix in octet is a Greek word equivalent to the English word “eight”.
RFC 2073 describes the hierarchical structure of IPv6 addresses divided into 16 segments of 8 bits each:
The IPv6 Unicast Format [RFC 2073]
Decimal expressions do not include leading zeroes and extraneous zeros are replaced with a double colon (::).
The 6bone experimental IPv6 network can run over IPv4 tunnels as it transitions to native IPv6. Beginning with Release 12.0(21)ST1, Cisco's 12000 series Internet Routers support IPv6.
Microsoft .NET Framework 3.0 (which includes CLR 2.0) improved the Microsoft's Dual IPv4 / IPv6 stack with Teredo, introduced in the "Advanced Networking Pack" of Windows XP SP 2 and is enabled by default in Windows Vista and above.Classless Interdomain Routing (CIDR) [ RFC1419] replaces the IPv4 concept of class A, B, and C IP addresses with a generalized “IP prefix” consisting of an IP addresses and a mask length (the number of leftmost contiguous significant bits in the corresponding network address). Examples of current addresses:
L2TP (Layer 2 Tunneling Protocol), submitted to IETF in RFC 2661, merges Microsoft's PPTP and Cisco's L2F for Secure IP (IPSec).
Sources of information on IPv6:
Next Generation Overview from the CableGuy on Technet
tcpipguide.com [has pop-ups]
The left-most bit of all IPv4 addresses is always 0.
The number of bits in each portion depends on the class of that IP address.
1985 RFC 950 allows a Network Number assigned by IANA to be divided into several physical segments in a TCP/IP environment, each segment with a unique Extended Network Prefix containing a Subnet number.
Practice constructing this table quickly. When you start the test, write it down from memory on the blank paper the proctor gives you. Don't bring your own papers into the testing center.
Deep down, computers handle only 1's and 0's -- a Binary (base 2) system of counting. Because each position has only two (rather than 10) values, “10” (102) is equivalent to 2 in the decimal system.
Binary 1000 0000 is equivalent to 128 in our normal decimal system. All 1's is decimal 255.
The Decimal Value is calculated by the power of 2 (values 0 and 1). 128 is 2 to the 8th power.
Right before starting to answer an exam, write this table down on scratch paper the proctor gives you (do not bring this on your own paper into the exam).
During the exam, refer to this table rather than wasting time
Keep adding ... from the highest order bit until the sum is higher than the target value:
0 + 64 + 32 = 96
0 + 64 + 32 = 96 + 16 = 112 (too much)
0 + 64 + 32 = 96 + 0 + 8 = 104
0 + 64 + 32 = 96 + 0 + 8 = 104 + 4 = 108
0 + 64 + 32 = 96 + 0 + 8 = 104 + 4 = 108 + 2 = 110 (too much)
0 + 64 + 32 = 96 + 0 + 8 = 104 + 4 = 108 + 0 + 1 = 109
0 1 1 0 1 1 0 1
Bitmaps for Special Addresses reserved by IANA
To do arithmetic on IP addresses (such as determining whether a particular address is within a range between IP_FROM and IP_TO obtained from the IP-to-country database), first convert IP addresses in A.B.C.D form into decimal numbers.
PHP 4 provides functions to convert between the two formats:
$dotted_ip_address = $_SERVER['REMOTE_ADDR']; $ip_number = sprintf("%u", ip2long($dotted_ip_address));
MySQL provides its functions to convert:
SELECT country_name FROM iptocountry WHERE inet_aton('$remote_addr') >= ip_from AND inet_aton('$remote_addr') <= ip_to;
function vbLong2ip(ipLong) ipLong = abs(ipLong) ipA = fix(ipLong/256^3) ipB = fix((ipLong-ipA*256^3)/256^2) ipC = fix((ipLong-(ipA*256^3+ipB*256^2))/256) ipD = fix(ipLong-((ipA*256^3)+(ipB*256^2)+(ipC*256))) vbLong2ip=ipA & "." & ipB & "." & ipC & "." & ipD end function
Phython custom functions:
def num2dot(c): assert c > 0 and c < 4294967295 ip =  for i in xrange(3, 0, -1): p = 256 ** i ip.append(c/p) c -= (c/p)*p ip.append(c) return '.'.join([str(x) for x in ip]) def dot2num(s): ip = [int(x) for x in s.split('.')] i = 0 for x in xrange(3, 0, -1): i += ip.pop(0) * (256 ** x) i += ip.pop(0) return i
To collect data packets to analyse them with a spreadsheet program, use Performance Monitor.
Readiness Review by Dave Perkovich. (Redmond, Wash.: Microsoft Press, 2000)
To help you prepare, Microsoft CTEC's such as Quickstart offer a $1,700 classroom 4 day course 1562: Designing a Microsoft Windows 2000 Networking Services Infrastructure
Your first name:
Your family name:
Your location (city, country):
Your Email address:
Top of Page