Application layer protocols 147 Figure 8.6 DNS name resolution DNS frame format The message format for DNS messages is as follows. Figure 8.7 DNS message format • ID (IDENTIFICATION), a tracking number (16 bits) used to correlate queries and responses • QR, a one-bit flag that identifies the message as a query (QR=0) or a response (QR=1) • OPCODE. This 4-bit field further defines a query as follows: • 0 = Standard query • 1= Inverse query • 2 = Server status request • The other opcodes (3–15) are not used • Flags, used to describe the message further. They are, from right to left: • Authoritative answer (AA) • Truncation (TC) • Recursion desired (RD) • Recursion available (RA) 148 Practical TCP/IP and Ethernet Networking • RCODE, the last field in the first long-word is used for response codes with the following meanings: • 0 = No error • 1 = Format error • 2 = Server error • 3 = Name error • 4 = Not used • 5 = Refused • Four COUNT fields indicate the length of the fields to follow: • QDCOUNT gives the number of question entries • ANCOUNT gives the number of resource records in the answer section • NSCOUNT refers to the number of name server resource records in the Authority section • ARCOUNT refers to the number of resource records in the additional records section • Question section Contains queries in the format shown below. A query consists of a query domain name field containing the FQDN about which information is required, a query type field specifying the type of information required, and a query class field identifying the protocol suite with which the name is associated • Answer section Contains information returned in response to a query in the format shown below. The resource domain name, type, and class fields are from the original query. The time to live field specifies how long this information can be used if it is cached at the local host. The format of the resource data field depends on the type of information required • Authority section Identifies the server that actually provided the information if a nameserver has to contact another nameserver for a response. The format for this field is the same as for the answer section • Additional query information Contains additional information related to the name in query; (e.g. the IP address of the host that is the mail exchanger, in response to a MX query) The DNS message contains a query type field, since the nameserver database consists of many types of information. The following list shows some of the types: • A Host IP Address • CNAME Canonical domain name for an alias • MINFO Information about a mail box or mail list • MX Name of a host that acts as mail exchanger for a domain • NS Name of authoritative server for a domain • PTR Domain name • SOA Multiple fields that specify which parts of the naming hierarchy a server implements Application layer protocols 149 8.8 WINS 8.8.1 Introduction WINS is not a general TCP/IP application layer protocol, but rather a Microsoft Windows-specific utility with the primary role of NetBIOS name registration and resolution on TCP/IP. In many respects WINS is like DNS. However, while DNS resolves TCP/IP host names to static IP addresses, WINS resolves NetBIOS names on TCP/IP to dynamic addresses assigned by DHCP. A WIN maintains a database on the WINS server. This database provides a computer name to IP address mapping, allowing computers on the network to interconnect on the basis of machine names. WINS features the following: • It resolves NetBIOS names to IP addresses, supporting dynamic IP address mapping (i.e. IP addresses issued by DHCP) • It prevents two machines from registering the same name • With traditional NetBIOS name resolution techniques that relied on broadcast, it was not possible to browse across an IP router. WINS overcome this problem by providing name resolution regardless of location on the network • WINS reduce the number of the broadcast packets, which are normally used to resolve NetBIOS names. This reduction in broadcast packets can improve the network performance A WIN, like DHCP, is a client/server application. In order to run it on a network, at least one WINS server is needed. The WINS server must have a statically assigned IP address, which is entered into the TCP/IP configuration information for all machines on the network that want to take advantage of the WINS server for name resolution and name registration. The following figure shows how WINS is configured on the host computer. This is done by selecting Control Panel-> Network, selecting TCP/IP for the LAN interface card, clicking Properties, and then selecting WINS Configuration. The Scope ID (not entered here) defines a group of computers that require a registered NetBIOS name. Computers with the same scope ID will be able to recognize each other’s NetBIOS traffic or messages. Figure 8.8 WINS Configuration (courtesy of Microsoft Corporation) 150 Practical TCP/IP and Ethernet Networking 8.8.2 WINS name registration When a WINS client is turned on for the first time it tries to register its NetBIOS name and IP address with the WINS server by sending a name registration request via a direct UDP packet. When the WINS server receives the request it checks its database to make sure the requested NetBIOS name is in use on the network. If the name registration is successful, than the server sends a name registration acknowledgment back to the client. This acknowledgment includes the time to live for the name registration. The TTL indicates how long the WINS server will keep the name registration before cancelling it. It is the responsibility of the WINS client to send a name refresh request to the WINS server before the name expires in order to keep the name. If the client tries to register a name that is already in use, the WINS server sends a denial message back to the client. The client than displays a message telling the user that the computer’s name is already in use on the network. When a WINS client shuts down it sends a name release request to the WINS server, releasing its name from the WINS database. 8.8.3 WINS name resolution When a WINS-enabled client needs to resolve the NetBIOS name to IP address, it uses a resolution method called h-node name resolution, which includes the following procedures: • It checks to make sure that the name request doesn’t point to itself • It looks in its name resolution cache for a match. Names remain in the cache for about 10 minutes • It sends a direct name lookup to the WINS server. If the WINS server can match the name to an IP address, the WINS server sends a response to the client • If the WINS server cannot do the match, the client broadcasts to the network. • If there is still no response the client will look into its own local LMHOSTS file • Finally the client will look into the local HOSTS file, or by asking the DNS if it has a matching host name. This is only done if the client is configured to use the DNS for NetBIOS name resolution 8.8.4 WINS proxy agents WINS proxy agents are used to allow non-WINS-enabled clients to interact with a WINS service. A WINS proxy agent listens to the local network for clients trying to use broadcast to resolve NetBIOS names. The WINS proxy agent picks these requests off the network and forwards them to the WINS server, which responds with the resolved IP address. The WINS proxy agent then provides this information to the client requesting the name resolution. The advantage of this system is that there is no need to make any changes to the existing non-WINS-enabled clients, and in fact they are completely unaware that the name resolution has been provided by the WINS service. 8.9 SNMP (simple network management protocol) The simple network management protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It enables Application layer protocols 151 network administrators to manage network performance, find and solve network problems, and plan for network growth. Two current versions of SNMP exist: SNMP Version 1 (SNMPv1) and SNMP Version 2 (SNMPv2). Both have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations. Standardization of SNMPv3 is pending. 8.9.1 SNMP basic components An SNMP managed network consists of three key components namely managed devices, agents, and network-management systems: • A managed device is a network node that contains an SNMP agent and resides on a managed network. These devices collect and store management information and make this information available to network-management systems (NMSs) using SNMP. Managed devices can be routers, access servers, switches, bridges, hubs, computer hosts or printers • An agent is a network-management software module that resides in a managed device. It has local knowledge of management information and translates that information into a form compatible with SNMP • A network-managed system executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network 8.9.2 SNMP basic commands Managed devices are monitored and controlled using four basic SNMP commands namely read, write, trap, and traversal operations: • The read command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices • The write command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices • The trap command is used by managed devices to asynchronously report the events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS • Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table 8.9.3 SNMP management information base (MIB) A management information base (MIB) is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers. A managed object (sometimes called an MIB object, an object, or an MIB) is one of any number of specific characteristics of a managed device. Managed objects are comprised of one or more ‘object instances’, which are essentially variables. Two types of managed objects exist: scalar and tabular. Scalar objects define a single object instance. Tabular objects define multiple related object instances that are grouped together in MIB tables. An example of a managed object is at Input, which is a scalar . Corporation) 150 Practical TCP/IP and Ethernet Networking 8.8.2 WINS name registration When a WINS client is turned on for the first time it tries to register its NetBIOS name and IP address. answer (AA) • Truncation (TC) • Recursion desired (RD) • Recursion available (RA) 148 Practical TCP/IP and Ethernet Networking • RCODE, the last field in the first long-word is used for response. WINS is not a general TCP/IP application layer protocol, but rather a Microsoft Windows-specific utility with the primary role of NetBIOS name registration and resolution on TCP/IP. In many respects