70-240 in 15 minutes a week: Implementing, Managing, and Troubleshooting Network Protocols and Services Page 3
Windows 2000 provides a wide range of utilities for use in a managing, configuring, and troubleshooting the TCP/IP environment. I have listed the TCP/IP-related utilities below, along with an outline of their uses and some important switches.
Ping - A simple diagnostic utility that verifies connectivity with a remote computer.
Pathping - An advanced ping utility, it also does a traceroute and provides stats of packet loss at intermediary routers.
Arp - displays and allows modification of the Address Resolution Protocol cache, where information on IP to MAC address mappings for local hosts are stored.
Route - displays and allows modification the locally configured routing table
Tracert - traces the route that a packet takes in reaching its final destination.
Nslookup - a command-line resolver for querying a DNS server.
Netstat - displays current TCP/IP session information. For example, information on connected hosts and port numbers used.
Nbtstat - displays the local Netbios name cache. When used with the -RR switch, causes the client to re-register itself with its configured WINS server.
Ipconfig - displays the current TCP/IP configuration of the local machine.
/release - releases a DHCP-obtained IP address
/renew - obtains a new DHCP IP address
/all - displays all TCP/IP configuration information
/flushdns - purges the local DNS resolver cache
/regsiterdns - refreshes DHCP leases and re-registers with DNS.
/displaydns - shows the contents of the DNS resolver cache.
Hostname - displays the locally configured TCP/IP hostname (note this may be different that the locally configured computername (also referred to as a netbios name).
LPQ - checks print queue status on an LPD-based printer.
LPR - sends a print job to a remote UNIX printer running the LPD service
Ftp - a client program to transfer file between the client and a system configured as an FTP server via TCP.
Rcp - used to copy files between a client and a server running an RCP service.
Rexec - used to execute a command or process on a remote computer
Rsh - used to execute a command or process on a remote computer running remote shell (RSH) service.
Telnet - a client program used to logon and execute command remotely on a system running a telnet service.
Tftp - a client program to transfer small files between the client and a system configured as a TFTP server via UDP.
Remote Access Protocols
Windows 2000 Professional supports the ability to create both outgoing and incoming remote access connections. Types of connections supported include dialup, VPN, and direct cable connection (including infrared). The list below outlines the protocols supported and their associated features and limitations under Windows 2000.
Point-to-Point protocol - PPP is the de facto standard for dialup connections, and supports numerous transport protocols including TCP/IP, NetBEUI, IPX/SPX, AppleTalk and a range of others. PPP also support the assignment of client IP addresses via DHCP. Windows 2000 can act as both a PPP client and server.
Serial Line Internet Protocol - SLIP is an older dialup standard that can only be used with IP and does not allow for dynamic allocation of IP addresses. Windows 2000 can only function as a SLIP client and not as a SLIP server.
Point-to-Point Tunneling Protocol - PPTP is a virtual private networking (VPN) protocol used to create a secure connection over an untrusted network (such as the Internet) by encrypting all data sent between a PPTP client and PPTP server. PPTP is supported by a variety of operating systems, including Windows NT 4.0, Window 95, 98, etc.
Layer 2 Tunneling Protocol - L2TP is another VPN protocol that provides a similar function to PPTP. However, L2TP's responsibility is tunnel creation and tunnel management. L2TP does not actually encrypt data. Instead, it works in conjunction with the IPSec protocol, which is actually responsible for the encryption. L2TP in an open standard developed jointly by Microsoft and Cisco to ultimately replace PPTP and Cisco's Layer 2 Forwarding (L2F) protocol.
IPSec - In a VPN environment, IPSec is responsible for encrypted data sent between the VPN client and server, as well as negotiating encryption related parameters such as encryption level (56-bit, 128-bit, etc) and so forth. The table below gives a brief comparison of features supported by PPTP versus LT2P.
any packet-oriented point-to-point connection such as ATM, IP, etc
Headers only 4 bytes
uses PPP encryption
Note that so far, the only Microsoft OS to natively support L2TP / IPSec is Windows 2000. As such, protocol choice is often based on client systems making the connection.
Windows 2000 Professional also supports a few new authentication protocols for the purposes of remote access connections. These include EAP and BAP, which are looked at below.
EAP - The Extensible Authentication Protocol is an extension to PPP that allows for a greater degree of choice in terms of the authentication mechanism used. Support is built into Windows 2000 for the use of generic token cards, the MD5-CHAP protocol, and Transport Layer Security (TLS), which is used for authentication via smart card. EAP also allows vendors to create additional authentication modules that can be used in Windows 2000, such a biometric hardware such as a thumbprint reader or retinal scanner, for example.
BAP - The Bandwidth Allocation Protocol is a protocol that enhances the capabilities of multilink in Windows 2000. Multilink is the ability to aggregate the bandwidth from multiple dialup connections (modem or ISDN) for a single user. BAP works to manage bandwidth usage more efficiently. For example, you can use BAP to automatically drop one line of a multilink connection should utilization fall below a certain level.
Windows 2000 also continues to support a variety of authentication protocols that included in NT 4.0. These include:
PAP - Password Authentication Protocol. Uses plaintext passwords.
SPAP - Shiva Password Authentication Protocol. Authentication protocol that allows Windows 2000 clients to be authenticated by Shiva servers, or Shiva clients to be authenticated by Windows 2000 Servers.
CHAP - Challenge Handshake Authentication Protocol. An MD-5 based authentication protocol that is supported in a variety of OSes.
MS-CHAP - Microsoft's version of CHAP. When this option is chosen, you can choose to encrypt all data using MPPE (Microsoft point-to-point encryption).
MS-CHAP version 2 - supports many of the same features as MS-CHAP, but is a stronger version. For example, while MS-CHAP uses a single cryptographic key for all data sent and received, MS-CHAP v2 uses separate keys for each function. Also supports password changes during the authentication process.
Want to know more about the different authentication methods? Click here.