70-240 in 15 minutes a week: Implementing, Managing, and Troubleshooting Network Protocols and Services

70-240 in 15 minutes a week: Implementing, Managing, and Troubleshooting Network Protocols and Services


March 24, 2001

by Dan DiNicolo
http://www.win2000trainer.com

Welcome to article number 7 in my 70-240 in 15 minutes a week series. This week's article covers Implementing, Managing, and Troubleshooting Network Protocols and Services. This includes a look at configuring and troubleshooting TCP/IP and related utilities, remote access connections, remote access protocols, and finally something you must absolutely be familiar with for the 70-240 exam - subnetting. This is the final topic in the Windows 2000 Professional part of the series. If you've managed to make it this far, good work - you're a quarter of the way there! Next week I'll begin with a look at the Windows 2000 Server material. I'm not yet sure how many articles it will take to cover, but it may be a little shorter than the Pro section due to some overlap between the materials covered in the two. A quick note - be sure to either visit my website or the last page of this article for details on a huge free giveaway contest (especially valuable to those studying for 70-240!).

The material that this article will cover includes:

- TCP/IP configuration in Windows 2000
- IP Addressing 
- TCP/IP utilities
- Remote access protocols
- Configuring remote access connections
- TCP/IP subnetting


TCP/IP Configuration in Windows 2000

TCP/IP has become the de facto protocol used in networking today, in conjunction with the growth and proliferation of the Internet as a communication tool. For all intents and purposes, TCP/IP is the primary networking protocol of Windows 2000, since Active Directory necessitates a TCP/IP-based network. However, you should still be aware that Windows 2000 supports a variety of other transport protocols including NetBEUI, NWLink (the IPX/SPX compatible transport), AppleTalk, and DLC (although this is a primarily used for special purposes, such as connecting to a non-TCP/IP network-connected printer). These other protocols will be looked at in more detail in the Server portion of the series.

TCP/IP configuration in Windows 2000 can be done both for LAN and remote access connections, as a function of configuring the associated connection object. Each connection object is configured independently, whether for file and printer sharing, or its TCP/IP properties, as shown below:

At a minimum, the TCP/IP configuration must include an IP address and subnet mask. The IP address uniquely identifies a TCP/IP host, while the subnet mask allows us to determine which portion of an IP address designates the network, and which portion designates a host on that network (more on that later). Unless the host is connected to small isolated LAN, a default gateway address should also be provided. This is the IP address of the router to which this computer will forward all packets destined for hosts on other networks (except ones for which the host has an explicit routing table entry). The DNS entries in the lower portion of the screen shot above designate the IP addresses of a preferred and alternate DNS server to use to resolve host name and service-lookup queries. The elements behind the advanced button allows configuration of alternate IP addresses, gateways, DNS client properties, WINS client configuration, packet filtering settings, and so forth (again, this is covered in detail in the server portion of the series). Remember that for a system with three network cards, you would configure the properties (TCP/IP, etc) of each separately.  IP Addressing

Understanding IP addressing is central to making sense of how TCP/IP works. First off, every single TCP/IP-based host needs a unique IP address to communicate properly on a network. This address is made up of two main parts, a network (or subnet) address and a host address. Determining which portion is which is actually the function of the subnet mask. 

One thing you should be aware of is a marked shift in how we look at IP addresses in Windows 2000. Most of you are probably familiar with the idea of classful IP address, or IP addressing based on class of address. As a review, in a classful system, we had three main classes of address:

Class A - The first octet of addresses in this class always started between 1-126. Only the first octet designated the network. For example, 11.0.0.0 with default mask 255.0.0.0

Class B - The first octet of addresses in this class always started between 128-191. The first two octets designated the network. For example, 131.107.0.0 with default mask 255.255.0.0

Class C - The first octet of addresses in this class always started between 192-223. The first three octets designated the network. For example, 222.222.222.0 with default mask 255.255.255.0

Note: Use of the default mask means you are not subnetting the network (all hosts are logically part of the same big network)

The classful system of addressing really isn't used any more, mostly because it is terribly inefficient and wastes addresses. In its place, CIDR, or Classless Inter-Domain Routing took over. In CIDR, addresses don't really have a class (it is often referred to as classless addressing). Instead, addresses are looked at in conjunction with their associated mask value as a way of distinguishing between different networks. For example, your company might be provided with the address 182.14.48.0/20. The notation used in the previous example is referred to as CIDR notation. What it actually represents is a network ID, followed by the number of bits used in the subnet mask. In this case, it means that you have a network ID of 182.14.48.0, with a mask using 20 bits, or 255.255.240.0. If you still don't see it, try looking at this:

255.255.240.0 = 11111111 11111111 11110000 00000000 

Essentially, the /20 means that the first 20 bits in the subnet mask are set to the binary value of 1. Note that in our example, it means that this company has a range of IP addresses available to them that starts at 182.14.48.1 and goes to 182.14.63.254. That means they have 4094 addresses at their disposal, instead of an entire Class B range, which would be 65534. So who manages giving you these ranges? Usually your ISP. The reason is that most companies actually don't need that many addresses, since they can use private address ranges internally. Only hosts that need to be accessible by systems on the public Internet need a 'real' IP address. By the way, if you have no idea how came up with the numbers above, don't worry, it is all going to be covered in the subnetting portion of the article. 

I mentioned private IP addresses in the previous paragraph. These are ranges of IP addresses that have been reserved for internal usage on private networks and are not routable on the Internet. The private ranges of IP addresses are often misconceived to be classful, when in fact they are classless. The private ranges of IP addresses, as defined in RFC 1597 are:

10.0.0.0/8 (hosts from 10.0.0.1 to 10.255.255.254)
172.16.0.0/12 (hosts from 172.16.0.1 to 172.16.31.254)
192.168.0.0/16 (hosts from 192.168.0.1 to 192.168.255.254)

Since these ranges are private and can be used by anyone, they can be further subnetted to meet the needs of an organization. Note that Windows 2000 also uses another range, 169.254.0.0/16 for automatic private IP addressing (APIPA). 

After all that, what I'm trying to get across to you is that the subnet mask helps us better understand the context of an IP address. You need to recognize that on its own, the IP address tells us nothing of how the network is configured. If I tell you I have a host with an IP address of 147.66.34.3 and a mask of 255.255.248.0 (which works out to /21), then I can also tell you that local hosts (or hosts on this same network/subnet) range in IP address from 147.66.32.1 to 147.66.39.254. If the range above was provided to me by my ISP, I could still subnet it further to meet my own subnetting needs. More on the details of how to subnet later...
TCP/IP utilities

Windows 2000 provides a wide range of utilities for use in a managing, configuring, and troubleshooting the TCP/IP environment. I have listed the TCP/IP-related utilities below, along with an outline of their uses and some important switches. 

Ping - A simple diagnostic utility that verifies connectivity with a remote computer. 

Pathping - An advanced ping utility, it also does a traceroute and provides stats of packet loss at intermediary routers.

Arp - displays and allows modification of the Address Resolution Protocol cache, where information on IP to MAC address mappings for local hosts are stored.

Route - displays and allows modification the locally configured routing table

Tracert - traces the route that a packet takes in reaching its final destination. 

Nslookup - a command-line resolver for querying a DNS server.

Netstat - displays current TCP/IP session information. For example, information on connected hosts and port numbers used.

Nbtstat - displays the local Netbios name cache. When used with the -RR switch, causes the client to re-register itself with its configured WINS server.

Ipconfig - displays the current TCP/IP configuration of the local machine.
/release - releases a DHCP-obtained IP address
/renew - obtains a new DHCP IP address
/all - displays all TCP/IP configuration information
/flushdns - purges the local DNS resolver cache
/regsiterdns - refreshes DHCP leases and re-registers with DNS.
/displaydns - shows the contents of the DNS resolver cache.


Hostname - displays the locally configured TCP/IP hostname (note this may be different that the locally configured computername (also referred to as a netbios name).

LPQ - checks print queue status on an LPD-based printer.

LPR - sends a print job to a remote UNIX printer running the LPD service

Ftp - a client program to transfer file between the client and a system configured as an FTP server via TCP.

Rcp - used to copy files between a client and a server running an RCP service.

Rexec - used to execute a command or process on a remote computer

Rsh - used to execute a command or process on a remote computer running remote shell (RSH) service.

Telnet - a client program used to logon and execute command remotely on a system running a telnet service.

Tftp - a client program to transfer small files between the client and a system configured as a TFTP server via UDP.


Remote Access Protocols

Windows 2000 Professional supports the ability to create both outgoing and incoming remote access connections. Types of connections supported include dialup, VPN, and direct cable connection (including infrared). The list below outlines the protocols supported and their associated features and limitations under Windows 2000.

Point-to-Point protocol - PPP is the de facto standard for dialup connections, and supports numerous transport protocols including TCP/IP, NetBEUI, IPX/SPX, AppleTalk and a range of others. PPP also support the assignment of client IP addresses via DHCP. Windows 2000 can act as both a PPP client and server. 

Serial Line Internet Protocol - SLIP is an older dialup standard that can only be used with IP and does not allow for dynamic allocation of IP addresses. Windows 2000 can only function as a SLIP client and not as a SLIP server.

Point-to-Point Tunneling Protocol - PPTP is a virtual private networking (VPN) protocol used to create a secure connection over an untrusted network (such as the Internet) by encrypting all data sent between a PPTP client and PPTP server. PPTP is supported by a variety of operating systems, including Windows NT 4.0, Window 95, 98, etc.

Layer 2 Tunneling Protocol - L2TP is another VPN protocol that provides a similar function to PPTP. However, L2TP's responsibility is tunnel creation and tunnel management. L2TP does not actually encrypt data. Instead, it works in conjunction with the IPSec protocol, which is actually responsible for the encryption. L2TP in an open standard developed jointly by Microsoft and Cisco to ultimately replace PPTP and Cisco's Layer 2 Forwarding (L2F) protocol. 

IPSec - In a VPN environment, IPSec is responsible for encrypted data sent between the VPN client and server, as well as negotiating encryption related parameters such as encryption level (56-bit, 128-bit, etc) and so forth. The table below gives a brief comparison of features supported by PPTP versus LT2P.

Feature PPTP L2TP
Transit Network Must be IP-based Can be any packet-oriented point-to-point connection such as ATM, IP, etc
Packet Header Compression None - 6 bytes Yes - Headers only 4 bytes
Tunnel Authentication None Yes
Encryption Built-in, uses PPP encryption IPSec handles encryption



Note that so far, the only Microsoft OS to natively support L2TP / IPSec is Windows 2000. As such, protocol choice is often based on client systems making the connection.

Windows 2000 Professional also supports a few new authentication protocols for the purposes of remote access connections. These include EAP and BAP, which are looked at below.

EAP - The Extensible Authentication Protocol is an extension to PPP that allows for a greater degree of choice in terms of the authentication mechanism used. Support is built into Windows 2000 for the use of generic token cards, the MD5-CHAP protocol, and Transport Layer Security (TLS), which is used for authentication via smart card. EAP also allows vendors to create additional authentication modules that can be used in Windows 2000, such a biometric hardware such as a thumbprint reader or retinal scanner, for example.

BAP - The Bandwidth Allocation Protocol is a protocol that enhances the capabilities of multilink in Windows 2000. Multilink is the ability to aggregate the bandwidth from multiple dialup connections (modem or ISDN) for a single user. BAP works to manage bandwidth usage more efficiently. For example, you can use BAP to automatically drop one line of a multilink connection should utilization fall below a certain level.

Windows 2000 also continues to support a variety of authentication protocols that included in NT 4.0. These include:

PAP - Password Authentication Protocol. Uses plaintext passwords.

SPAP - Shiva Password Authentication Protocol. Authentication protocol that allows Windows 2000 clients to be authenticated by Shiva servers, or Shiva clients to be authenticated by Windows 2000 Servers.

CHAP - Challenge Handshake Authentication Protocol. An MD-5 based authentication protocol that is supported in a variety of OSes. 

MS-CHAP - Microsoft's version of CHAP. When this option is chosen, you can choose to encrypt all data using MPPE (Microsoft point-to-point encryption).

MS-CHAP version 2 - supports many of the same features as MS-CHAP, but is a stronger version. For example, while MS-CHAP uses a single cryptographic key for all data sent and received, MS-CHAP v2 uses separate keys for each function. Also supports password changes during the authentication process. 

Want to know more about the different authentication methods? Click here.
Configuring Remote Access Connections

Remote access connections in Windows 2000 Professional are configured using the Make New Connection Wizard in the Network and Dial-Up Connections program window. The wizard provides 5 choices, as outlined below:

The first two choices are self explanatory, as both involve creating dial-up connections. You should note that if you choose Dial-up to the Internet, the Internet Connection Wizard would start. The third option allows you to create a VPN connection over the Internet, by providing the fully qualified domain name or IP address of the server you wish to connect to. If your system is not directly connected to the Internet and uses a dial-up connection, you can specify the existing dial-up connection to be connected prior to establishing the VPN connection (as shown below). This avoids having to initiate the two connections individually.

The fourth option in the wizard allows a Windows 2000 Professional machine to accept incoming dial-in, VPN, and direct cable connections. The last option creates a connection to another machine using a direct connection. This function works off the Guest/Host principal, as outlined below.

After the wizard defines the connection, a corresponding connection object will appear in Network and Dial-up Connections. Note that the wizard itself only handles the input of the most basic properties of the connection. However, you can get at the advanced settings of the connection by accessing its properties. An example of the general and networking tabs of an outgoing VPN connection are shown below:

The security option of the connection can also be configured via the security tab. This includes settings such as which authentication mechanism is used, whether encryption is required, and so forth. Examples of the security tab and Advanced (or custom settings) are shown below.

Finally, note the options tab shown below. This allows you to control a number of elements including dialing options and associated parameters.

Note that the Make New Connection wizard only allows you to create and configure remote access connections. Local area connections are set up automatically basic on the number of network adapters installed.Subnetting

Like it or not, you'll need to understand subnetting and TCP/IP principals in order to be successful on the 70-240 exam. For all intents and purposes, TCP/IP is considered to be assumed knowledge based on its importance as a protocol. While you might not get many questions relating to subnetting on the Professional portion of the exam, I have decided to cover the topic earlier rather than later in order to ensure that people have plenty of time to practice and prepare. The purpose of this article in not to teach you how to create a subnetting scheme for a large network. Instead, my purpose here is to help you recognize problems with the IP configuration of a host. I'll teach you how to figure out which host IDs are valid on a subnet, what the mask really means, and how to calculate valid ranges of addresses on a network. Once you can do these things, you can handle any question that might be thrown at you.

It sometimes amazes me that people get so worked up about subnetting, because it really is quite simple. First of all, you need to recognize that in order to really understand subnetting (at least starting off), looking at the numbers in decimal notation makes very little sense. You need to be looking at numbers in binary to really understand what is happening. The beauty of binary numbering is its simplicity - each value can only be a 1 or a 0. Note that each section (octet) of an IP address can be represented by a series of eight bits. There are 4 octets, so 32 bits altogether. That means any IP address can be also looked at as a 32-bit binary number. The table below outlines binary numbering corresponding values.

Decimal 128 64 32 16 8 4 2 1
Binary 1 1 1 1 1 1 1 1

What this means is simple. If I were to ask for the value of 11001100 in decimal, it would be 128+64+0+0+8+4+0+0, which equals 204. Each bit corresponds to the decimal value above it - add the values for each '1' value and you have the answer. 11111111 would be 128+64+32+16+8+4+2+1, which equals 255 (which is also the highest possible decimal value in an 8-bit binary number).

But what about converting decimal numbers to binary? Well, it's different, but no more difficult. Start at the left on the chart above, and add the decimal values together until you reach your total. Every number you use is a '1' and every number you leave out is a '0'. For example, let's take the number 77. This would be 01001101. Say what? Well, I just started adding numbers left to right, leaving out numbers that put me over 77. In this example, I have 0+64+0+0+8+4+0+1. Simple. 

You can also do this using a calculator program with a scientific mode. Just type is a number in decimal and hit the BIN button. The number will then be displayed in binary. However, the calculator has no idea that you're dealing in 8-bit numbers, so you'll have to be careful. For example, my calculator will tell me that 77 in binary is 1001101. That is, it leaves off any leading zeros. As such, you'll need to remember to 'pad out' your binary numbers to 8 bits if you use the calculator. For example, the calculator will show decimal 8 as binary 1000. For an IP address, we need to add the 4 other zeros, making it 00001000. You'll have access to the calculator on the exam, so know how to use it.

After you understand binary numbering, subnetting is easy. First of all, we need to discuss what subnetting is. Quite simply, it is taking a big network ID and breaking it down into a number of smaller networks, or subnets. Routers are what usually separate subnets. Reasons for subnetting include connecting different topologies (such as Ethernet and Token ring), as well as making networks smaller and more manageable. Subnets are also sometimes referred to as broadcast domains, since a broadcast sent on a subnet goes to all hosts on that subnet

For the purpose of the 70-240 exam, you will need to recognize and understand how subnetting works. This includes being able to view system configurations and determine why clients are having trouble communicating. As such, you'll need to be able to recognize valid IP addresses, subnet mask values, and what range of IP addresses are valid on a given subnet. Let's start with a look at valid subnet mask values.

A subnet mask means little in decimal. In binary, however, they tell a story. The subnet mask is what tells us which of the 32-bits in an IP address represent the network identification, and which represent the host identification. In the example below, the host IP address is 156.77.11.3 and the subnet mask is /21, or 255.255.248.0. In decimal, it is difficult to determine which portion represents the network and which the host. However, it binary the mask value is:

11111111 11111111 11111000 00000000

So what does that tell me? That the first 21 bits are used to represent the network, and the last 11 bits are used to represent a host on the network. Actually, it tells me more than that. It also tells me how many hosts I can have per network. How? Well, if eleven bits are used to represent a host, then this subnet can have 2046 hosts. How did I get that? Simple: 2 to the power of 11, minus 2. That equals 2048 minus 2, or 2046. Why minus 2? You subtract 2 because a host value of all binary 0's represents the subnet, and a value of all binary 1's is the broadcast address for this subnet.

If the subnet mask in the example above had been /17, or 255.255.128.0, that would leave 15 bits for host addresses. That would mean 2 to the power of 15 minus 2 hosts, or 32766 total. 

Figuring that stuff out should now be easy enough as well. The big question, and the key thing you need to be able to do, is to be able to determine if a host ID is valid on a subnet. Every subnet has a range of addresses that are valid on it. In my last example, there were 32766 valid host addresses. You need to be able to determine which ones are valid for the subnet. It isn't that hard, but you need to know what you're looking for. 
Let's say that we've been given an address of 156.17.42.6/20, and we're trying to determine the range of valid host IDs on this subnet. The first step is to determine the actual network ID on which this host falls. The process we use to determine this is called ANDing. When we want to AND an IP address and subnet mask, we first convert them to binary and line the subnet mask below the IP address. Then, calculate the AND value. In an AND operation, values are calculated as follows:

1 and 1 = 1
1 and 0 = 0
0 and 0 = 0

In our example, this would give us:
 

IP 10011100 00010001 00101010 00000110
SM 11111111 11111111 11110000 00000000
AND 10011100 00010001 00100000 00000000

After we convert our ANDed address back to decimal we get 156.17.32.0. This is the network ID that our host falls onto.

Stay with me here. We know that our mask is 255.255.240.0 (or /20). So, we know that the last 12 bits represent the hosts on this network. The network bits are in black below, the host bits in red. We already know that a host ID cannot be all zeros or all ones in binary. So, when I'm calculating the range of valid IPs on this subnet/network, I can't have either of these values. This leaves me with: 

Network ID      10011100  00010001  00100000  00000000
First Valid Host ID 10011100  00010001  00100000  00000001
Last Valid Host ID  10011100  00010001  00101111  11111110


Note that the first valid host ID sets all host bits to zero except the last (called the least-significant bit), and the last valid host ID sets all host bits to one, except the last. What did I lose? Two addresses - the host ID being all zeros (which defines the network) and the host ID being all ones (the broadcast address, which is not valid for a host). These are the same 2 addresses that I subtract when trying to find how many hosts I can have per subnet. If I convert my ranges above to decimal, I end up with a range of:

156.17.32.1 to 156.17.47.254 

The truth of the matter is that you won't necessarily have time to 'do the math' for every question that comes at you during the exam, so you'll need a way to quickly determine what ranges of hosts are valid on a subnet given a certain mask. For this purpose, I am providing the chart below. You can use this chart to quickly determine the valid ranges of IP addresses on a subnet based on the mask value, and where the next range starts. Please do not use this chart as a crutch if you don't understand how to determine valid ranges as we went through above. This is meant as a shortcut for those who already understand. 

Mask 128 192 224 240 248 252 254 255
Network ID 128 64 32 16 8 4 2 1

How the chart works is simple. Let's say I've been given a host ID of 167.23.87.13 with a mask of 255.255.248.0, and I want to quickly determine the range of host IP addresses valid on the same subnet as this host. This address is subnetted into the third octet based on the mask, so we take the third octet value (248) and plug it into the chart above. The Network value that corresponds to 248 is 8. As such, that means that every new subnet starts at a multiple of 8 in the third octet. For example:

167.23.0.0 subnet0 range = 167.23.0.1 to 167.23.7.254 *
167.23.8.0 subnet1 range = 167.23.8.1 to 167.23.15.254
167.23.16.0 subnet2 range = 167.23.16.1 to 167.23.23.254
167.23.24.0 subnet 3 range = 167.23.24.1 to 167.23.31.254
167.23.32.0 subnet 4 range = 167.23.32.1 to 167.23.39.254
...
167.23.80.0 subnet10 range = 167.23.80.1 to 167.23.87.254
...
167.23.240.0 subnet30 range = 167.23.240.1 to 167.23.247.254
167.23.248.0 subnet31 range = 167.23.248.1 to 167.23.255.254 *

* Although these ranges were usually omitted in a classful IP addressing system, they are totally valid under CIDR. Often these ranges are still omitted, however, due to the fact that some older equipment may not reference the ranges properly.

Note that our host is on subnet10, the range in red above. The same rules as always still apply, so be careful. The host ID cannot be all 0's or 1's. As another example, if the address had been 17.13.5.1/14, the subnet mask would be 255.252.0.0, making the range of addresses on the same subnet as this host everything on subnet 17.12.0.0, since new ranges start in multiples of 4. That would make the valid range:

17.12.0.1 to 17.15.255.254 

If you go back to the ANDing process, and calculate the first and last host IDs in binary, you'll see that we've come up with the same answer, only much more quickly!

As I mentioned from the outset, this section was not meant to be a complete explanation of designing a subnetting scheme for a network. Instead, we learned how to define valid ranges of addresses based on a host ID and mask value, both in binary and using the shortcut method. For the purpose of 70-240, you will need to be able to troubleshoot IP addressing, and that's what I've focused on above. Once you can calculate valid ranges, you can then determine which host IDs are local and remote, and which hosts are capable of communicating properly. Only hosts that fall into the same range should be on the same subnet. You also now know that the problem may be the address or the subnet mask values of the hosts in question!

Want to practice your subnetting skills? Try my free subnetting practice exams.
Still looking for a short second opinion on subnetting? Click here.
How about a more comprehensive third opinion? Click here.

Wow. Welcome to the end of article 7. I know this has been a longer ride than usual, unless you already understood subnetting - then maybe a little shorter. That does it for the Windows 2000 Profession material. Next week I'll begin with a look at the Windows 2000 Server portion of the exam, topic to be determined. In the meantime, I have a very important announcement to make. I have teamed up with CDI Corporate Education to provide a very valuable free contest. One lucky winner will receive 6 months free unlimited access to the 70-240.com website, which carries a value of approximately $600 US. It includes a whole range of free online courses, practice exams, mentoring, and so forth. Interested in joining the contest? Please visit my website to enter. The prize will be given away on April 16, 2001 - plenty of time to make great use of those 6 months! As always, I look forward to your feedback, so please email me with any questions or comments. In the meantime, good luck with your studies, and good luck in the contest!

Dan
http://www.win2000trainer.com