Вы находитесь на странице: 1из 26

Site Map

TCP/IP About this site

Addressing Topics:
Subnetting WINS Enter your search terms Submit search form
NetBIOS - Web wilsonmar.com
Here are my notes on WINS
one of the more
challenging topics of
the MCSE and Cisco Obfuscation Sound: Submarine ping
exams. DHCP,
Buy domains for less
NAT,ICS Routing & Switching
Ping sound
vs. Binary
IP Address


IP addresses are
needed for each

o Default
server Download this Visio 2000 graphic
o router
(in and


Name Resolution Strategies

Support WebCast: Windows 2000
DNS Client-side Name Resolution by
Tim Rains

RouterGod.com has articles

"written" by celebrities, such as Gillian
Anderson tracking down the elusive
bugs within LAN switching and Robert
Downey Jr. on that repeat offender, the
IEEE 802.3 Ethernet frame.

NetBIOS names specified by the user are Windows Internet Naming Service
limited to 15 characters. Microsoft (WINS): Architecture and Capacity
reserves the 16th character of the NetBIOS Planning
name to indicate a resource type.

OSPF from Cisco's Internetworking

NetBIOS name resolution is the process of Technology Handbook
mapping from a computer's NetBIOS name to
an Internet Protocol (IP) address. Windows
has several means of Name-to-IP-Address
mapping for name resolution:

o Broadcast B-NODE communicate

using a mix of both broadcast and
directed UDP datagrams and TCP
connections. Typically UNIX clients
using SMB networking, they
generate high overhead, as each
node on the LAN must examine
every broadcast datagram. They
interoperate with one another
within a broadcast area, but
cannot interoperate across
routers in a routed network.
o Point-to-point P-NODE nodes
communicate using only directed
UDP datagrams and TCP sessions.
They relay on NetBIOS name
servers, local or remote. If the
name server is down, the p-node
cannot communicate with any
other system, even those on the
same local network.
o Mixed M-NODE use broadcast
first (to optimize performance,
assuming that most resources
reside on the local broadcast
medium) for name registration
and resolution. If this is
unsuccessful, point-to-point
communication with the name
server is used. M-nodes generate
high-broadcast traffic, but can
cross routers and continue to
operate normally if the name
server is down.
o Hybrid H-NODE (currently if RFC
draft form) is used by default on
Windows computers. H-nodes
contain a combination of b-node
and p-node functionality: H-node
uses point-to-point
communication first. If the
NetBIOS name server cannot be
located, it switches to broadcast.
H-node continues to poll for the
name server and returns to point-
to point communication when one
becomes available.

To display the NetBIOS names registered

locally on the system by the server and

nbtstat -n

To monitor the status of NetBIOS browsers

on user-selected domains, use the Browser
Monitor from the Resource Kit:



Client requests for computer name Dan DiNicolo's article on WINS
resolution are sent directly to a WINS
server, which returnes the IP address
How to Manually Recreate a WINS
directly to the client.

On a Windows 2000 Server, WINS is installed

as a Windows service over TCP Port 42. Using Microsoft TCP/IP by John Ray.
Indianapolis, Ind. Que, 1999.

So make sure that ports WINs

needs are specified in entries
Ports, PortsInternetAvailable, and
UseInternetPorts of registry key
\Microsoft \RPC \Internet

Windows legacy machines use WINS to resolve

NetBIOS names to IP addresses across

1.Windows 2000 DDNS to add

client records to DNS Zones.
2.Broadcast (B-node implementation
of NetBT)
3.If an lmhosts file does not exist on
the machine, or an entry is not found,
WINS (Windows Internet Name
Service) server service.

WINS Client
The client wanting to use a WINS server
must have its TCP/IP NetBIOS Helper
service started.

To display a WINS client's local name table:

Nbstat -n

A workstation client can use a hosts file to

manually assign IP addresses to domain
names. These files have no file extension
names and are in folder %windir% \System32
\Drivers \Etc

A maximum of 11 WINS servers can be

specified by a Windows 2000 client, but only 2
in an NT4 client.

To force WINS clients to release and refresh

NetBIOS names on resource servers in the
WINS database (such as after a WINS server is
restored from backup files): Nbstat -RR

WINS Server
WINS-R resource records for reverse lookup

WINS servers do not recognize B-node

broadcasts, so a WINS proxy must be used for
segments with b-node clients. To resolve
NetBIOS names on remote subnets:

o the single WINS server of a

subnet must have registered as a
WINS client by having its own IP
address in TCP/IP Properties'
WINS server address.
o multiple WINS servers on a
subnet should have push/pull
replication partnerships with each

To implement a replication partner... push/pull

in a hub-and-spoke design to a multiple hub-
and-spoke design

WINS MMC Show statistics and find records

beginning with a specified set of characters.

To have WINS discover its WINS replication

partners, check Enable Automatic Partner

To set database and event logging for WINS:

netsh set logparam

To overwrite the static records with dynamic

records where applicable, in Replication
Partners, Properties, check the Enable
Migrate check box. However, for a WINS
server to receive them, its “Migrate On” option
needs to be enabled.

The default WINS backup path is


Scavenging the database verifies and

releases records.

WINS Proxy
A WINS proxy forwards b-node broadcasts
to WINS servers on remote subnets.

Setting up a computer to become a WINS

Proxy requires using regedit In key
\CurrentControlSet \Services \Netbt
\Parameters set the EnableProxy parmeter
to 1.

Buy domains from the lowest

Top Level Domain URL Names cost/fastest service I know
Additional TLDs being considered by ICANN for
Search for name availability at
.post — a non-profit domain, sponsored by the
Universal Postal Union, with be prefixed with 3 letter code for each country,
.travel sponsored by Tralliance, a partnership of travel organizations
.jobs sponsored by The Society for Human Resource Management
.mobi for mobile content and service providers

.edu domains are for accredited degree granting higher education institutions.
.org domains are for non-profit organizations, such as the International Trademark Association
.gov domains are for governmental organizations, such as the US Patent and Trademark Office
.mil domains are used exclusively by the US military (Department of Defense).
.int domains are restricted to organizations established by international treaties between governments,
including some agencies and organizations of the United Nations.

.tv was originally for websites from the South Pacific ccTLD (country code Top Level
island nation of Tuvalu . But, for $50 million, it's Domains) are designated by
being marketed as "television" around the world for ICANN based on ISO 3166-1-
businesses such as Tech.TV . alpha-2 code elements.
.fm for Micronesia is used for FM radio stations.

The .la ccTLD assigned to Laos is being associated with “Los Angeles”.
.cc for Cocos (Keeling Islands) is also “Country Club” by David Sams Industries.
.ph for Phillipines is also “Phone”
.vc for St. Vincent is also “Venture Capitalist”
.ws for Western Somoa is also “Website”
.nu for the South Pacific nation of Nieue is used by those who recognize that the word in French means

Several new top level domains approved by ICANN in 2001:

.biz further benefit lawyers who want to double revenues for repeating the same
trademark fight as .com

.info (information services) registras are authorized by Afilias

The 7,000 nic.coop domains registered so far are for members of the sponsor, the U.S.
National Cooperative Business Association (NCBA), or the International Co-operative Alliance

.pro, and 85,000 registrations of

.name domains.

.eu was approved by ICANN in March 2005 to launch in early 2006 through Belgium-based registrar

Domain Naming Strategies

Name already taken? Consider these variations:
e... i... internet... z... cyber... hyper... online... digital...
global... national... international... intl... (SCOPE/REACH)
free... official... public... academic...
1800... new...
the... extreme... total... all...
buy... ask... do... go... go2... think... try... (action verbs)
easy... fast... quick... fit... dynamic... rapid...
mobile... robo... wireless...
basic... advanced... mini... mass... massive... max... sample... special...
expert... helpful... wise... sound... smart...
useful... reliable... true... practical...
cool... fantastic... safe... open... real... bright... brilliant...
quality... magic... dynamic... phat... golden... amazing...
famous... killer... fantastic...
better... best... top... great... greatest... preferred... leading...
safer... optimal...
steel... titanium... granite... stone...
daily... your... my... our...
life... living... personal...
industry... commercial...
southern... (geographical)
irish... (social)
...online ...togo ...info ...portal ...tech ...link
...data ...database ...info ...share
...source ...bench ...bank
...sys ...systems ...app
...supply ...vendor
...command ...center ...control ...net
...summit ...group/s ...groupie ...afficiado ...forum
...haven ...site ...center ...central ...hub ...community
...heaven ...source ...resource
...house ...showroom ...loft ...store ...studio ...shack ...hotel
...avenue ...boulevard ...street ...highway ...corner
...station ...base ...depot ...zone ...lane
...galaxy ...universe ...orbit ...planet ...space
...home ...office ...desk ...paper ...tab ...box ...lockbox
...store ...shop ...pit ...bay ...garage ...pool ...rings ...lab/s ...factory
...clinic ...club ...school ...seminars
...help ...411 ...911 ...answers ...advice ...rx
...experts ...pro/s ...wiz ...geek/s ...champions ...kings
...consulting ...design/s ...initiative/s ...research ...survey/s ...alert
...advisor/s ...broker/s ...developer/s ...partners
...solutions ...tools ...toolkit ...app ...services
...corp ...enterprises ...fund ...foundation ...institute
...advantage ...keys Enter a Domain Name to lookup:
...ontime ...ready ...freedom
...forever ...4u ...baby ...fever www.
...fx ...magic ...science
...above ...love ...shock
...123 ...007 ...86 ...89
...canada ...america
...anxiety ...phobia ...syndrome
...jobs ...work

Even though Wal-Mart won Wal-MartCanadaSucks.com, the company proactively registered over 100
unflattering variations on it trade name. Other examples: IHate... Dontbuy... evil...
...stinks ...Bites javaSucks.com

Buy domains from the lowest cost/fastest service I know

Popular hate sites include ununited.com

Un-Obfuscating URLs Is the link below from the U.S. government? Click "Reveal URL"
Beware of obfuscated URLs and see how a spammer can obfuscate (hide) the true origin of
such as this, which their website:
impersonates ebay to steals
credit card and identity info: After translating character codes
After removing unused authentication text before the @ character:

http://cgi3.ebay.com : Real domain name of URL:


SignInRegisterEnterInfo &
siteid=0co_partnerid=2@ If the result is a numeric IP address, Reverse IP Lookup to find who owns the IP address. Report spammers annonymously to Spamcop.net.

Copy and paste this to the

form to un-obfuscate the tricks
used by this URI to the format
of a URI:

http://account :
password &

The "ebay.com" at the

begginning are actually part of
the account and password
portions of website requests.
The real address is to the right
of the first @ sign,

The real IP address is also

obfuscated using extra
leading zeros that are
automatically ignored or
specifying octal or hex
addresses (which are preceded
with x, as in xF3).

IP Addresses from DHCP, APIPA, ICS, NAT


APIPA (Automatic IP Addressing) using

169.254 Dan DiNicolo's article on DHCP
By default, when Windows 98 and Windows
2000 clients cannot find a DHCP server, it
q130642 - How to Move a DHCP
automatically assigns an IP address which
Database to Another Windows Server
IANA reserved from the Class B range thru with a
subnet mask of
Dhcpexim.exe from the Resource
Kit exports the server configuration
This could be a security vulnerability for clients and database (scopes) from a DHCP
using other means (below) to obtain its IP server. It can only import into Windows
address, so disable this default behavior by 2000 DHCP servers. It does not export
adding onto the client a these items:
IPAutoconfigurationEnable REG_DWORD
entry with value 0 (zero) in registry key HKLM
\System \ Current\ CurrentControlSet\ o DHCP database path
Services\ Tcpip\ Parameters\ o DHCP database backup
DHCP o Audit log path
DHCP dynamically assign IP addresses to o Detect Conflict Retry
clients that request them. Reduced manual settings
fiddling of each machine almost eliminates o Multicast scopes
the chance (and hassle of tracking down)
duplicate IP address assignments. (Unique
static IP addresses cannot be assigned to o BOOTP tables
users through DHCP).
All Windows 2000 systems have a DHCP client
service that starts automatically by default
without being configured as DHCP clients.

Client workstations automatically lease IP

addresses from a DHCP server service [RFC
2131 & 2132 ] running on a Windows 2000
domain controller. The DHCP server service
must be manually installed on a Domain
Controller using Add/Remove Programs,
Windows Components.

The DHCP database DHCP.mdb is in folder


Registry keys used by DHCP are in

\CurrentControlSet \Services

To stop DHCP server from a command line:

net stop dhcpserver
net start dhcpserver

Client requests for DHCP can be routed 2


o through routers which are RFC

2131-compliant or
o through a DHCP Relay Agent

DHCP Server Authentication Protocol

New to Windows 2000: To avoid rogue
DHCP servers on a network, DHCP service
checks the Active Directory to see if its has
been authorized by a member of the
Enterprise Admins group.

o Windows 2000 servers manage

(authenticate) Authorized DHCP
servers by broadcasting a
DHCPINFORM message when it
boots up.
o DHCP servers reply with DHCPACK
containing its Active Directory root
o The DHCP service starts when it
sees itself on the list its domain
o The DHCP service continues to
check its status (by default every
5 minutes).


o DHCP Client broadcasts a

o DHCP Sever replies with a
DHCPOFFER of a possible
o DHCP Client sends a
DHCPREQUEST to say it likes the
IP address offered.
o DHCP Sever may (rarely) reply
with a DHCPNAK if it's no longer

o DHCP Client sends a

DHCPRELEASE to relinquish its
IP address.

DHCP Scopes
The scope of IP address ranges (and exclusions) are specified using the DHCP console.

To define IP scope options and client reservations:

o invoke DHCP from Administrative Tools or

o use the netsh dial-up scripting utility on the three sub-contexts: interface, ras,

Static IP Addresses used for servers on the network should be specified in DHCP Exclusion scopes.

A Superscope combines individual scopes (within a single physical segment) into a logical multinet.
Superscopes are used when several DHCP servers serve a single subnet. (In Windows 2000, they can
only be specified after a scope has been defined) To ensure that individual DHCP clients always receive
addresses from the same DHCP server, create on each DHCP server the same superscope with a
member scope for the IP range managed by each DHCP server. This is so DHCP servers do not send
DHCPNak messages for ranges of other DHCP servers. Then on each DHCP server exclude ranges for
other servers.

MADCAP (Multicast Address Client Allocation Protocol) is used to multicast to IPv4 Class D
addresses. Use the 239.x.x.x range and avoid 224-238 to prevent multicast traffice from
being copied to the adjoining host.

Activating the scope is a separate manual step commonly missed.

DHCP Lease Durations

DHCP Lease durations are changed in Scope properties. The default is 3 days in Windows
NT and 8 days in Windows 2000.

By default, the dynamic update client dynamically registers A and PTR resource records:

o Every 24 hours
o Its TCP/IP configuration is changed
o Its DHCP address is renewed or new lease obtained
o A Plug and Play event occurs

Some DHCP clients cannot perform dynamic updates.

Client OS Command
Commands to force re-registration of IP
addresses differ by OS:
Windows 2000 ipconfig /registerdns

The client broadcasts a DHCPREQUEST to attempt Windows NT 4

to renew its lease at 50% (point T1) and at 87.5% ipconfig /release
(point T2). ipconfig /renew

By default, DHCP servers are set to “Automatically Windows 9x winipcfg /renew

update DHCP client information in DNS” — A and
PTR records.

DHCP Advanced User Classes

A convenient way to specify one set of DHCP configuration settings
for a group of DHCP clients (such as short lease period for mobile
DHCP clients who typically log in for only a few hours at a time),
from the DHCP console tree, choose from the context menu "Define
User Class" and click Add. Specify the class name and description.
Then configure advanced options for the user class.

To invoke DHCP class id XXXX on each DHCP client computer:

Key Data Default

Type Value
ActivityLogFlag REG_DWORD 1

DhcpLogFilePath REG_SZ System32\dhcp

DhcpLogMinSpaceOnDisk REG_DWORD 20 MB

DhcpLogDiskSpaceCheckInterval REG_DWORD 50 MB

DhcpLogFilesMaxSize REG_DWORD 7 MB

ipconfig /setclassid xxxx

DHCP Logging
HKLM\ SYSTEM\ CurrentControlSet\ Services\ DhcpServer\

Network Address Translation

NAT provides IP address assignment and
DNS Proxy name resolution services to
internal network clients.

NAT is emphasized over ICS because NAT

provides a higher level of customization and

A NAT server allows outbound traffic to the

external internet. By default, a NAT server
allows inbound traffic only through
connections already established by an internet
host (typically port 80).

To access traffic from a special port from an

external host:

If the public interface of the NAT

server is configured with a single
IP address, add a Special Port
in the Routing and Remote Assess
MMC console.

If the public interface of the NAT

server is configured with multiple IP
addresses, make address
reservations to map specific
external addresses to specific
internal addresses.

Selection of 006 DNS Servers

option at the scope level overrides
the selection at the server level.

Internet Connection Sharing (ICS) using

ICS is used in small offices to do the work
of a DNS server for name resolution, and
DHCP servers for automatic Internet
Protocol (IP) address allocation. In other
words, ICS can NOT be used on a network
with DNS and DHCP servers. After ICS is
enabled, no further configuration of DNS or
IP addressing services can be allowed on
the network.

ICS provides a proxy server service and

Internet gateway. ICS and Windows 2000
routes packets from the internal LAN through
one NIC on the internal subnet and out
another NIC facing the external internet.

ICS allows clients to use standard Internet

tools to access e-mail or the Web, or perform
any other operations supported by the

ICS is implemented by setting the TCP/IP

connection property.

During ICS installation, the ICS DHCP

allocator is automatically enabled. Windows
2000 Server uses the ICS DHCP allocator (a
simplified DHCP process) to automatically
assign clients private IP addresses in the
range of to
and a class C subnet mask of

The server's NIC which connects to the internal

LAN is assigned the “LINKLOCAL Network”
static private IP address of This
is the IP gateway address for other clients on
the LAN.

The external NIC can include a standard

telephone modem. If so, check the “Enable
On-Demand Dialing” option.

DNS (Domain Name Service)

DNS servers obtain IP address from URL If you have a dynamic IP address
names by forwarding requests it cannot (such as a DSL modem), you can
resolve from its own tables. still give out a URL address if your
machine has DynSite which
constantly updates your actual IP
Clients -- called resolvers -- make requests of
address in the table referenced by
DNS name servers. Two DNS servers are
usually specified (in client machine TCP/IP the DNS server associated with the
properties) for load balancing and fault URL you give out. Companies such
tolerance. as DtDNS offer DNS servers which
refer to Dynamic Hostnames (FREE
or at $5 a year).
DNS servers refer to 3 types of records to
answer 3 types of queries:
My notes on Routers and Routing
A (host Address) records are used
to answer forward lookup of an
FQDN (host name) to a specific IP My notes on Data Communications
address. The host name to IP
address mappings for a zone are
stored in the Domain.dns file in Dan DiNicolo's article on DNS
folder. Name Server (NS) Registry.com
allows you to check if a name server is
PTR (Pointer resource) records are
used to answer a reverse lookup of
an IP address to a host name
(another DNS domain name Windows 2000: WINS and DNS:
location). IP address to host name What's New.: November 16, 1999
mappings are in the z.y.w.x.in-
addr.arpa file. Create file zone file Windows 2000: WINS and DNS:
for reverse lookup. What's New: November 16, 1999

SRV (Server location) records --

new in Windows 2000 DNS -- are Windows 2000: Installing and
used to locate domain Configuring the DNS Dynamic Update
controllers. SRV specifies the Protocol: December 23, 1999
server to which a DNS name server
forwards when it cannot resolve a
query. Windows 2000 server
requires DNS to locate domain How Microsoft Windows 2000
controllers. On Windows 2000, DNS Dynamic DNS Updates Work by Tim
is installed as a Windows component Rains May 3, 2001
on a domain controller with a static
(not dynamic) IP address. How to Change a Computer's Domain
Name System Server from the
Other types of resource records: Command Line [using Regfind]

NS records notate which DNS

DNS in the Active Directory Tree
servers are designated as
Part 1: by Mark Simos, September 12,
authoritative for the zone. 2000

SOA (Start Of Authority) records

indicate the name of origin and DNS in the Active Directory Tree
other basic properties for each zone, Part 2: Best Practices, Common
including the name of the primary Problems, and Troubleshooting by Mark
server for the source for information Simos and JR Nieves, March 6, 2001
about the zone,

CNAME (Cononical name) records Microsoft Metadirectory Services

define aliases. by Paige Verwolf August 8, 2000

MX (Mail exchanger) records define

the owner and mail exchange server DNS and Bind by Cricket Liu
DNS name, with preference (O'Reilly) Bind v8.1.2 (not 8.1)

There is a separate set of these DNSNode

records for each DNSZone handled by a DNS
server. DNS only resolves queries for zones to
which it has authority. Zones are part of a
hierarchial structure of top-level domains
over Second-level domains (represented by
the organization's name, such as Microsoft or
Compaq), etc.

Active Directory
DNSZone Container Objects

DNSNode Leaf Objects

DNS zone data can be stored in text files on
Primary or Secondary domain controllers. This
is under the single master model.
Alternately, you can change a Windows 2000
DNS service to use the Active Directory
Integrated database. Replication of AD data
to other servers makes this a multi-master

This is done using the DNS Console Manager

GUI -- in a zone's Properties dialog box
General tab, click the change button.
Alternately, use a script to issue sub-
commands from command interface

Default Server:

AD Integration is reversed in the Advanced

tab by setting the “Load Data On Startup” field
to “From Registry”.

Use the Windows 2000 Network

Monitor to monitor and capture packets sent
to and from DNS servers.

DNS server administration can be done by

a script using this utility from the Windows
2000 Server product CD:


Servers send an A (resource) record to DNS

when it first boots up. To force a member
server to register itself to DNS:

ipconfig /registerdns

In the Event Log, the DNS log file shows

DNS request activities. But it doesn't show
specific zone property changes or information
about existing zone transfers.

Caching-only DNS servers work from data

cached while resolving queries using server in
Root Hints stored in the Cache.dns file
rather than from DNS zone transfers.

Dynamic DNS
Windows 2000 uses Dynamic DNS [RFC
2136] which communicates with DHCP to
dynamically register DNS A (resource) and
PTR resource records.

Under DDNS, DCs dynamically register SRV

(SeRVice location resource) records, which
simplifies setup of Active Directory. Active
Directory provides replication.

Earlier AXFR (All zone transfer) entire file is


Incremental Zone Transfer (IXFR) [RFC 1995]

is requested by a message with a serial
number (SOA) so only the most recent
changes are sent back.

Secure dynamic update, defined in IETF

Internet-Draft "GSS Algorithm for TSIG (GSS-
TSIG)" API [RFC 2078], protects zone and
resource records from being manipulated:

o Prevent host name hijacking:

Authoritative name server accepts
updates only from clients and
servers that are authorized to
make dynamic updates.
o Enables granular control: specify
exactly which users and groups
can modify zones and resource

SMTP in Anti-Spam
"It has been observed that when a domain
has both a primary (high priority, low
number) and a secondary (low priority, high
number) MX record configured in DNS,
overall SMTP connections will decrease
when the primary MX is unavailable. This
decrease is unexpected because RFC 2821
(Simple Mail Transfer Protocol) specifies
that a client MUST try and retry each MX
address in order, and SHOULD try at least
two addresses. It turns out that nearly all
violators of this specification exist for the
purpose of sending spam or viruses.
Nolisting takes advantage of this behavior
by configuring a domain's primary MX
record to use an IP address that does not
have an active service listening on SMTP
port 25. RFC-compliant clients will retry
delivery to the secondary MX, which is
configured to serve the role normally
performed by the primary MX)."

IPv4 Addresses vs. IPv6 — IPng (IP Next Generation) Addresses

Each IP number points to a specific address: Visualroute (a Java
applet) displays
traceroutes on a world
map. Very cool.
o 1 per workstation, server, network printer, and
other device. RFC 1918 lists TCP/'IP
o 2 per router addresses not routed by
the Internet.

Allocation of IP's
IP adddresses are pre-allocated by the IANA in its IP
version 4 (IPv4) RFC 1918 first published September,

Each IP address has network address and host portion. IANA

allocates network address prefixes to organizations, which then
manage their host portion.

With IPv6 CIDR defined by RFC 2471, instead of blocks of IP

addresses being assigned in powers of 256, blocks will be
assigned in powers of 2 — making more efficient use of the
available address space.

Let showmyip.com lookup the geographic location

associated with an IP Address

or Host
100 Lookups allowed per day for
unregistered users.

Size Matters
Each IPv4 address is 32 bits. Although 2 to the power of
32 is 4,294,967,296, there are only 3,720,314,628
possible hosts because some address are reserved by
IANA. So, 25% of the pool of addresses is underutilized.

Each IPv6 address is 128 bits, which provides an address

space of 3.4 times 1038 unique addresses. That's 1,500
address for each square meter on the earth's surface. Enough?

For convenience, the 32 bits of IP addresses Sources of information on IPv6:

are expressed in dotted decimal notation
and formated in 4 segments: w.x.y.z. An IP
IP Next Generation Overview
address such as represents 4
octets of 8 bits each. The “oct” prefix in
octet is a Greek word equivalent to the The IPv6 Working Group Charter
English word “eight”. and Documents

RFC 2073 describes the hierarchical structure of IPX Stream.com

IPv6 addresses divided into 16 segments of 8
bits each:
Technical Management of Internet
The IPv6 Unicast Format [RFC 2073] Names and Addresses 2/98 Federal

o First 16 bits for Top Level

backbone routers
o Next 48 bits for the ISP
o Next 16 bits for the Network
o Next 48 or 64 bits of the MAC

Decimal expressions do not include leading

zeroes and extraneous zeros are replaced with
a double colon (::).

RFC 2026 - IPv6 is processed tunnel within IPv6

equipment. RFC 1883 uses 128 bit of 6 octets.

The 6bone experimental IPv6 network can run

over IPv4 tunnels as it transitions to native
IPv6. Beginning with Release 12.0(21)ST1,
Cisco's 12000 series Internet Routers support

Classless Interdomain Routing (CIDR)

Classless Interdomain Routing (CIDR)
[ RFC1419] replaces the IPv4 concept of
class A, B, and C IP addresses with a
generalized “IP prefix” consisting of an IP
addresses and a mask length (the number
of leftmost contiguous significant bits in the
corresponding network address). Examples
of current addresses:

Varible-length Subnet Masks (VLSMs)

VSLM result in less IP addresses in routing
tables by aggregating at the origin AS level

Organization assigned to Autonomous System

(AS) number cache used by the CIDR-Report

L2TP (Layer 2 Tunneling Protocol), submitted to

IETF in RFC 2661, merges Microsoft's PPTP and
Cisco's L2F for Secure IP (IPSec).

IPv4 Address Classes

The number of bits in each portion depends on the class of that IP address.

• The number of available addresses from the network portion of IP addresses excludes two
reserved by the IANA:
o All 0's - used for “this network”
o All 1's - used for “boardcast”
• The number of available addresses from the host portion of IP addresses exclude two reserved
by the IANA:
o for use as the default route.

o for loopback functions.

Class C addresses sometimes have an added “/24” (“slash 24”) because they have 24 bits in their network

1985 RFC 950 allow a Network Number assigned by IANA to be divided into several physical segments in a TCP/IP
environment, each segment with a unique Extended Network Prefix containing a Subnet number.

Max. n
for alloc.
1985 RFC
Class / Bits Dot 950 to
in Highest Decimal Default subnet Max #
Network Order First Subnet or host Hosts
Prefix Bit Val. Octet Mask ID (2n-2)
A /8 0xxxxxxx 001 - 126 24 bits 16,777,214

Diag. 01111111 127 .

B /16 10xxxxxx 128 - 191 16 bits 65,534

C /24 110xxxxx 192 - 223 8 bits 254

Reserved 111xxxxx 224 - 253 .

D - Multicasting 1110 254 .

Experimental 11111111 255 .

In a Class C address, the remaining 8 bits from the total 32 is for identifying hosts. But because
of reserved addresses, two addresses cannot be used (all 0's and all 1's).

Practice constructing this table quickly. When you start the test, write it down from memory on
the blank paper the proctor gives you. Don't bring your own papers into the testing center.

Octet Conversion: Between Decimal and Binary

Number systems are positional. For example, the number “321” in the Decimal (base 10)
system we normally use for commerce has a value of 300 plus 20 plus 1 because each position
has a different value. Positions start “Low” on right and go “Higher” to the left as you get more
positions to work with. Each higher position available increases the value of a number

Deep down, computers handle only 1's and 0's -- a Binary (base 2) system of counting. Because
each position has only two (rather than 10) values, “10” (102) is equivalent to 2 in the decimal system.

Binary 1000 0000 is equivalent to 128 in our normal decimal system. All 1's is decimal 255.

The Decimal Value is calculated by the power of 2 (values 0 and 1). 128 is 2 to the 8th power.

Practice Bit Positions 8 7 6 5 4 3 2 1

this table Decimal Value 128 64 32 16 8 4 2 1 Total=255
quickly to of position
between binary Accumulating 128 192 224 240 248 252 254 255
and base 10 High to Low
systems. Accumulating 255 127 63 31 15 7 3 1
Low to High

Right before
starting to
answer an exam,
write this table
down on scratch
paper the
proctor gives you
(do not bring
this on your own
paper into the

During the
exam, refer to
this table rather
than wasting
Use the “Low to High” row to quickly convert decimal value 109
to Binary representation: start from a decimal value less than
the one you're translating: Octet Etudes
109 is less than 128, so the 8th position must be zero. 8 = 0 0 0 0 1 0 0
Keep adding ... from the highest order bit until the
sum is higher than the target value:
0 + 64 + 32 = 96
63 = 0 0 1 1 1 1 1
0 + 64 + 32 = 96 + 16 = 112 (too much) 1
0 + 64 + 32 = 96 + 0 + 8 = 104
0 + 64 + 32 = 96 + 0 + 8 = 104 + 4 = 108 192 = 1 1 0 0 0 0 0
0 + 64 + 32 = 96 + 0 + 8 = 104 + 4 = 108 + 2 = 0
110 (too much)
0 + 64 + 32 = 96 + 0 + 8 = 104 + 4 = 108 + 0 + 1 254 = 1 1 1 1 1 1 1
= 109 0
0 1 1 0 1 1 0 1
96 = 0 1 1 0 0 0 0
Bitmaps for Special Addresses reserved by IANA 0

100 = 0 1 1 0 0 1 0
• (all 32 bits with value 1) is the broadcast 0
address read by all hosts.
• The Bit mask for the loopback address used for diagnosis: 198 = 1 1 0 0 0 1 1
0 1 1 1 1 1 1 1 0
0+64+32+16+8+4+2+1 = 127

0 0 0 1 1 1 1 1
0+0+0+16+8+4+2+1 = 31

• Decimal value of "high" octal bit 110 boundry for Class C addresses:
1 1 0 0 0 0 0 0
128 + 64 + 0 + 0 + 0 + 0 + 0 + 0 = 192
• range 172.16.xxx.xxx through 172.32.xxx.xxx
• range thru with a subnet mask of for Automatic IP

• 192.168.xxx.xxx for Network Address Translation

Decimal IP Addresses

To do arithmetic on IP addresses (such as determining whether a particular address is within a range

between IP_FROM and IP_TO obtained from the IP-to-country database), first convert IP addresses in
A.B.C.D form into decimal numbers.

A=192 + B=168 + C=101 + D=62 = ?

A*m^3 + B*m^2 + C*m^1 + D*m^0 = ?

A x (256*256*256) + B x (256*256) + C x 256 + D = ?

A x 16777216 + B x 65536 + C x 256 + D = ?

3221225472 + 11010048 + 25856 + D = 3232261438

PHP 4 provides functions to convert between the two formats:

$dotted_ip_address = $_SERVER['REMOTE_ADDR'];
$ip_number = sprintf("%u", ip2long($dotted_ip_address));
$dotted_ip_address = long2ip($ip_number);

MySQL provides its functions to convert:

SELECT country_name FROM iptocountry

WHERE inet_aton('$remote_addr') >= ip_from
AND inet_aton('$remote_addr') <= ip_to;

In VBScript:

function vbLong2ip(ipLong)
ipLong = abs(ipLong)
ipA = fix(ipLong/256^3)
ipB = fix((ipLong-ipA*256^3)/256^2)
ipC = fix((ipLong-(ipA*256^3+ipB*256^2))/256)
ipD = fix(ipLong-((ipA*256^3)+(ipB*256^2)+(ipC*256)))
vbLong2ip=ipA & "." & ipB & "." & ipC & "." & ipD
end function

Phython custom functions:

def num2dot(c):
assert c > 0 and c < 4294967295
ip = []
for i in xrange(3, 0, -1):
p = 256 ** i
c -= (c/p)*p
return '.'.join([str(x) for x in ip])

def dot2num(s):
ip = [int(x) for x in s.split('.')]
i = 0
for x in xrange(3, 0, -1):
i += ip.pop(0) * (256 ** x)
i += ip.pop(0)
return i

Allocating Classful Subnets

Class Subnet Mask Binary Value n Bits # of # of
(in 1 for subets for Subnets Host ID's
Dot.Decimal) h for hosts alloc.
or host
A 0 & 24 0 16,777,214

B 0 & 16 0 65,534

B 1hhhhhhh.hhhhhhhh 1 & 15 32,766

B 11hhhhhh.hhhhhhhh 2 & 14 16,382

B 111hhhhh.hhhhhhhh 3 & 13 8,190

B 1111hhhh.hhhhhhhh 4 & 12 4,096

B 11111hhh.hhhhhhhh 5 & 11 2,046

B 111111hh.hhhhhhhh 6 & 10 1,022

B 1111111h.hhhhhhhh 7 & 9 124 510

B 11111111.hhhhhhhh 8 & 8 254 254

C 11111111.hhhhhhhh 0 & 8 0 124

C 1hhhhhhh 1 & 7 ???

C 11hhhhhh 2 & 6 2 62

C 111hhhhh 3 & 5 6 30

C 1111hhhh 4 & 4 14 14

C 11111hhh 5 & 3 30 6

C 111111hh 6&2 62 2

C 1111111h 7 & 1 ???

C 11111111 broadcast

• The value in the Decimal Value column replaces the last octet of a subnet mask for a class C IP
address. For example: 192 goes in
• “Binary Value” means that each digit can only be either “1” or “0”.
• In each Binary Value entry, 0 (zero) bits indicate the number of bits available to come up with
Host ID's within the same subnet.
• The more subnets, the less host ID's.
• The default subnet mask for a Class C address has a Binary Value of 00000000, resulting in a
subnet of
• The first bit on the Binary Value is always 1 because it has been reserved.
• The last bit on the Binary Value is always 0 because it has been reserved for the broadcast
address, so a Class C subnet has 7 bits to allocate.

Another explanation: (11000000) uses 2 bits to yield (2**2=4 -2 =2) subnets of (2**4=64-2==)62 hosts
each (11100000) uses 3 bits to yield 6 subnets of (2**4=32 -2==30 hosts each (11110000) uses 4 bits to yield 14 subnets of 14 hosts each (11111000) uses 5 bits to yield 30 subnets of 6 hosts each (11111100) uses 6 bits to yield (2**6)=64 - 2 == 62 subnets, leaving one bit of 2
hosts each

Dan DiNicolo's Subnetting practice exams

Subnetting Class A and B Addresses

• Question 1: Class B subnet has 12 bits to allocate: subnet mask
• Question 2: In a range of class C addresses of, what subnet mask would be
required to provide two networks each allowing at least 300 hosts?


Correct Answer: c. subnet mask will provide a network with 510 host addresses.

• Question 3: What is the host address in the IP Address with a subn t mask of

Answer: Three of the third octet's bits are still part of the host ID. This means that the
network ID for this address is Removing the network address from the full
IP address leaves as the correct host address.

When a host requests communications to be
initiated, ARP obtains hardware MAC
addresses of destination hosts by examining
the subnet mask, Routing table, and default

1. ARP checks the subnet mask to

see if the address is local or

To collect data packets to analyse them with a

spreadsheet program, use Performance

Get Certified on Networking

Here are links to my pages on exam topics Braindumps for 70-216
common to several exams on networking:

Take the Brainbench

certification test on TCP/IP
Exam 70- 70-
Topic 221 216
Design Admin
Network 4

DHCP 3 2

DNS 4 1

WINS 5 5

Remote 6 3


Connection 8

Routing 9 6

Multicasting 10

Demand-Dial 11

VPN 12

IPSec 13

Connection 14 7 (NAT)

Proxy Server 15

Certificate - 8

Exams on Networking

• Microsoft's MCP Exam 70-216: Implementing

and Administering a Microsoft® Windows®
2000 Network Infrastructure

Installing, Configuring, Managing,

Monitoring, and Troubleshooting ... in a
Windows 2000 Network Infrastructure.

Related Microsoft Courses 0950-0, 0989-6,

1380-x, 1388-5, 2153

• Microsoft's MCP Exam 70-221 Designing a

Microsoft® Windows® 2000 Network

Module 1: Windows 2000 Networking

Introducing Windows 2000 networking
Developing implementation and
management designs

Module X: Developing a/an YYY Strategy

Role of YYY in a network
Developing a/an YYY implementation
Developing a/an YYY management strategy
Achieving YYY business goals

• Cisco Certified Networking Administrator

Readiness Review by Dave Perkovich.

(Redmond, Wash.: Microsoft Press, 2000)

To help you prepare, Microsoft CTEC's

such as Quickstart offer a $1,700
classroom 4 day course 1562:
Designing a Microsoft Windows 2000
Networking Services Infrastructure

Best 2000 Web Links

Address Resolution Protocol
Generic Security Service
Internet Assigned Number Authority
Internet Engineering Task Force
Media Access Control
Multicast Address Dynamic Client Allocation Protocol
Network Address Translation

Portions ©Copyright 1996-2007 Wilson Mar. All rights reserved. | Privacy Policy | Last updated

Search for word:

Top of Page
Your rating of this page: Your first name:
Low High
Your family name: Thank you!

Your comments on this topic,

please: Your location (city,
Publish this comment publicly
Your Email address:

Email me updates