Tuesday, May 20, 2014


In order to properly describe NetBEUI, the transport protocol sometimes used for Microsoft networking, it is necessary to describe Microsoft networking in some detail and the various protocols used and what network layers they support.

NetBIOS, NetBEUI, and SMB are Microsoft Protocols used to support Microsoft Networking. The NetBIOS stack includes SMB, NetBIOS, and NetBEUI which are described in the table below. The following are parts of the Microsoft networking stack:

Network Layer

Directs requests for network resources to the appropriate

server and makes network resources seem to be local



Server Message Block provides redirector client to server



Controls the sessions between computers and maintains


Provides data transportation. It is not a routable transport

protocol which is why NBT exists on large networks to use


Transport, Network routable TCP protocol on large networks. This                                            protocol may  sometimes be called the                                             NetBIOS frame (NBF) protocol.

NDIS allows several adapter drivers to use any number of

NDIS and NIC driver Data Link
transport protocols. The NIC driver is the driver software for

the network card.

NetBIOS Extended User Interface (NetBEUI)

This is a separate protocol from NetBIOS. It supports small to medium networks providing transport and network layer support. It is fast and small and works well for the DOS operating system but NetBEUI is not a routable protocol.

Name Resolution

There are three methods of mapping NetBIOS names to IP addresses on small networks that don't perform routing:

1.     IP broadcasting - A data packet with the NetBIOS computer name is broadcast when an associated address is not in the local cache. The host who has that name returns its address.
2.    The lmhosts file - This is a file that maps IP addresses and NetBIOS computer names.

3.    NBNS - NetBIOS Name Server. A server that maps NetBIOS names to IP addresses. This service is provided by the nmbd daemon on Linux.

System wide methods of resolving NetBIOS names to IP addresses are:

1.    b-node - Broadcast node

2.    p-node - Point-to-point node queries an NBNS name server to resolve addresses.

3.    m-node - First uses broadcasts, then falls back to querying an NBNS name server.

4.    h-node - The system first attempts to query an NBNS name server, then falls back to broadcasts if the nameserver fails. As a last resort, it will look for the lmhosts file locally.

NetBIOS name services use port 137 and NetBIOS session services use port 139. NetBIOS datagram service uses port 138.

To resolve addresses from names, a computer on a Microsoft network will check its cache to see if the address of the computer it wants to connect to is listed there. If not it sends a NetBIOS broadcast requesting the computer with the name to respond with its hardware address. When the address is received, NetBIOS will start a session between the computers. On larger networks that use routers, this is a problem since routers do not forward broadcasts, nor is NetBEUI a routable protocol. Therefore Microsoft implemented another method of resolving names with the Windows Internet Name Service (WINS). The following steps are taken to resolve NetBIOS names to IP addresses for H-node resolution on larger networks using TCP/IP (NBT):

1.    NetBIOS name cache

2.    WINS Server

3.    NetBIOS broadcast

4.    lmhosts file

5.    hosts file

6.    DNS server

For a more complete explanation of NetBIOS name resolution, WINS, and Windows networking in general, see the manuals in the Windows operating system section such as the "Windows TCP/IP Reference." Also a Windows Networking manual will be written for this section.


Since NetBEUI is not a routable protocol, Microsoft implemented NBT for larger networks. NetBIOS messages are normally encapsulated in NetBEUI datagrams, but when using NBT, they are encapsulated in TCP/IP datagrams. The NBT protocol is defined by RFC 1001 and RFC 1002.


NWLink is Microsoft's implementation of IPX/SPX. NWLink will act as a transport mechanism for NetBIOS similar to the use of TCP/IP described in the NBT section above. NWLink is normally used to support medium networks and may be used where NetWare servers are present.

Windows Internet Name Service (WINS)

WINS is the Microsoft implementation of NetBIOS name service. Samba on Linux can be used as a WINS server.

Computers configured to use WINS, when booted, contact the WINS name server and give the server their NetBIOS name and IP address. The WINS server adds the information to its database and it may send the information to other WINS servers on your network. When a computer that is configured to use WINS needs to get an address of another computer, it will contact the WINS server for the information. Without the use of a WINS server, NetBIOS will only be able to see computers on the unrouted sections of the local network. Does this mean a WINS server must exist in each routed section of the network? The answer is no. This is because WINS uses TCP/IP which is routable. Only one WINS server needs to exist on the network.

The Windows Networking Environment

A domain in a Microsoft networking environment refers to a collection of computers using user level security. It is not the same as the term domain used with regard to the domain name system (DNS). Domain related terms are:

     BDC - Backup Domain Controller is a backup for a PDC

     TLD - Top Level domain

     PDC - Primary Domain Controller is an NT server providing central control of user access permissions and accounts on a network. 

Wednesday, May 14, 2014


IPX/SPX is a routable protocol and can be used for small and large networks. The following protocols are part of the IPX/SPX suite:

     SAP - Service Advertising Protocol packets are used by file and print servers to periodically advertise the address of the server and the services available. It works at the application, presentation, and session levels.

     NCP - NetWare Core Protocol provides for client/server interactions such as file and print sharing. It works at the application, presentation, and session levels.

     SPX - Sequenced Packet Exchange operates at the transport layer providing connection oriented communication on top of IPX.

     IPX - Internetwork Packet Exchange supports the transport and network layers of the OSI network model. Provides for network addressing and routing. It provides fast, unreliable, communication with network nodes using a connection less datagram service.

     RIP - Routing Information Protocol is the default routing protocol for IPX/SPX networks which operates at the network layer. A distance-vector algorithm is used to calculate the best route for a packet.

ODI - Open Data-link Interface operates at the data link layer allowing IPX to work with any network interface card. 

NetWare frame types

Novell NetWare 2.x and 3.x use Ethernet 802.3 as their default frame type. Novell NetWare 4.x networks use Ethernet 802.2 as their default frame type. If communication does not occur between two NetWare computers it is a good idea to check the netware versions of the two computers to be sure their frame types match. If the frame types do not match on an ethernet network, the computers cannot communicate.

Fiber Distributed Data Interface (FDDI)

Standard is ANSI X3T9.5 . Topology is ring with two counter rotating rings for reliability with no hubs. Cable type is fiber-optic. Connectors are specialized. The media access method is token passing. The maximum length is 100 kilometers. The maximum number of nodes on the network is 500. Speed is 100 Mbps. FDDI is normally used as a backbone to link other networks. A typical FDDI network can include servers, concentrators, and links to other networks.

Devices called concentrators provide functions similar to hubs. Most concentrators use dual attachment station network cards but single attachment concentrators may be used to attach more workstations to the network.

FDDI token passing allows multiple frames to circulate around the ring at the same time. Priority levels of a data frame and token can be set to allow servers to send more  data frames. Time sensitive data may also be given higher priority. The second ring in a FDDI network is a method of adjusting when there are breaks in the cable. The primary ring is normally used, but if the nearest downstream neighbor stops responding the data is sent on the secondary ring in attempt to reach the computer. Therefore a break in the cable will result in the secondary ring being used. There are two network cards which are:

1.    Dual attachment stations (DAS) used for servers and concentrators are attached to both rings.

2.    Single Attachment stations (SAS) attached to one ring and used to attach workstations to concentrators.

A router or switch can link an FDDI network to a local area network (LAN). Normally FDDI is used to link LANs together since it covers long distances.