Delivering solid user friendly software solutions since the dawn of time.

TCP/IP Notes

Categories: Network

Snel leren werken met TCP/IP
by Albrecht Becker

RFC 1541 about DHCP replaced by RFC 2131

ipv4 (32bit) vs ipv6 (128bit)


  1. Physical: electricity, light, radio
  2. Datalink: crc
  3. Network: logic to physical, eg. MAC
  4. Transport: lost, duplicates, error free delivery, ...
  5. Session
  6. Presentation: encoding
  7. Application

Microsoft Stack

connected with sequence and no duplicates
connection, segments with sequence number
sender expects confirmation or resend
ports: 65536 (1024 first are well known ports)
20/21 ftp
23 telnet
25 smtp
80 www
110 pop3
139 NetBios

without connection
NetBios-app: NetBEUI, IPX/SPX possible
NetBios over tcp/ip: net use \\UNC\...
broadcast, dns, rip, snmp, video, audio
137 NetBios name service
138 NetBios datagram
161 SNMP

ARP: IP into MAC (Media Access Control - 48bits)

header: source ip, destination ip, tcp or udp, checksum, ttl


internet control message protocol (ping)
icmp source quench (when router overloaded, the clients should slow down)

internet group management protocol (multicast)
1-n ( reduce bandwidth

LAN + WAN: frames

router/default gateway: replace source address with address of router

TTL: time to live, -1 for each router hop, mostly 32 seconds (up to 255 seconds), each router can subtract from it (on average 1-3s)

MAC: ipconfig /all


  1. arp-cache: dynamic (max 10min) vs static (unlimited until reboot)
  2. broadcast on local network
  3. computer with ip will reply with it's MAC of the network card that has ip configured.
arp -a
arp -s ip MAC add
arp -d ip

www.internic.net (giving addressblocks to providers)

class A (eg. Apple, HP, IBM)
networkID: w
hostID: x.y.z

class B (eg. M$, Exxon)
networkID: w.x
hostID: y.z

class C
networkID: w.x.y
hostID: z

class D

class E

127.x.y.z: loopback addresses (16,7 milion)
w.x.y.255: broadcast addresses (eg. arp) whole network (wildcard)
...1: mostly used for routers
subnets local network:;;

NAT: Network Address Translation 1-1 from pool of addresses (internal maps to real outside)
PAT: Port and Address Translation 1-n
Subnetmask decides what part of ip belongs to networkID and which to hostID
CIDR: Classless Interdomain Routing (number of zeroes at end of bitmask /x )
default gateway: local & remote ip different networkID.
peer-to-peer: workgroup network (name for logical grouping)
check if tcp/ip is setup correctly: ping
tcp/ip is server service on windows


254 hosts:
62 hosts:
14 hosts:
6 hosts:


bridge allows broadcasts to pass through
router does not pass broadcasts

RIP (routing information protocol)
limited to 15 hops, for 10 to 50 networks
OSPF (open shortest path first)
will store information about neighboor routers

route print
default gateway: / / / IP / Metric (hops needed till destination)
if ip not found in routing table send to gateway
first in the list will be used unless unavailable
move routingtable to computer that is setup as default gateway
route add mask
persist after reboot: route -p add

DHCP: dynamic host configuration protocol

assigns ip addresses
params for default gateway
for DHCP initializing ports 67 and 68 need to be open


  1. dhcp discover message (sourceip, destip, mac)
  2. dhcp offer message (ip broadcasted until client accepts)
  3. dhcp request (to all dhcp servers with ip of dhcp so other servers can release the ip)
  4. dhcp ack/nack
  5. on reboot only request & ack

after 50% of the lease, server will try and prolong until 3 misses (actually client is supposed to initiated)

auto addressing without dhcp server: -
tries and uses if free
IP autoconfiguration can be enabled with a registry key

dhcp relay agent:
when network with more than 1 segment
will bypass router to the dhcp server
needed because dhcp broadcasts and they do not pass router

NetBios & WINS

before windows 2000
NETBEUI protocol (no routing)
convert computername into ip address

net use

name is 15 characters + peer byte

  • x00 workstation
  • x03 messaging
  • x20 server
  • x1b group
  • x?? user

return netbios name:

nbtstat -n
  1. local netbios cache
  2. nb nameserver
  3. broadcast
  4. lmhosts file
  5. hosts file
  6. dns

local netbios cache
default 10min timeout
small: 16 names
large: 128 names

reload lmhosts:

nbstat -R
nbstat -a <remotecomputername>
ipconfig /all

#PRE puts into cache
#MH multihoned (computers with multiple network cards)


max 255 alphanumeric tokens
ip / full qualified name / alias / alias / ...

DNS-Servers have partial database
Reverse dns lookup turns ip into hostnames

Domain Name Space
Root .
TLD .edu, .org, .com (assign by icann.com)
Second Level Domain .microsoft (internic.net), .nl (denic.nl)
Subdomains or hostname .europe www
Hostname server01
FQDN: computername.[subdomain].secondleveldomain.topleveldomain
gives ip to client for name through zone-file
primary vs secundary
cache-nameserver: does not contain zone-file

name conversion:

  • recursive: between client and local nameservers
  • iterative: client gets ip of another nameserver
  • inverse: in-addr.arpa (eg. for ip


  • a-record or host record: ip of host (select ptr record to allow reverse lookups)
  • ptr-record: pointer resource record
  • soa-record: start of authority to specify the primary name server, serienumber is to know if zonetransfer is needed, increase number by 1 for each change
  • ns-record: at least one (the soa-record), but can have additional name servers
  • cname-record: canonical name, alias for a-record
  • srv-record: location of services/protocols (eg. msdcs, _sites, _tcp, _udp)

you can configure multiple dns server for one network (fault tolerance)

nslookup <hostname>

Active Directory

users, computers, printers, release, ...
PDC: primary domain controller
BDC: backup domain controller
object + attributes
OU: organisational unit
The global catalog of a domain controller can be installed multiple times in the forest.

TCP/IP Troubleshoot

ping local ip
ping gateway
ping host other network
ping netbios/hostname