The TCP/IP Model

The TCP/IP suite of protocols maps to a four-layer conceptual model which is based off
of the seven layer Open System Interconnection (OSI) protocol model.

The detailed function of each layer of the Open System Interconnection (OSI) protocol
model is beyond the scope of this topic, however, the 60 second overview is as follows:

Physical Layer - Defines the interface between the medium and the device. This layer
also transmits bits (ones and zeros) and defines how the data is transmitted over the
physical medium. Some examples of Network Components found at this layer are
Multiplexers, Passive Hubs, Active Hubs, Repeaters and other types of signal Amplifiers.

Data Link Layer - This layer is actually divided into to sublayers, Logical Link Control,
which mainly handles error correction and flow control and Media Access Control, which
mainly handles the communication with the network adapter card. Some examples of
Network Components found at the Data Link layer are Bridges, Switches and certain
Advanced Cable Testers.

Network Layer - This OSI layer is responsible for translating logical network address
and names such as computer names to their MAC addresses and for addressing and
routing data packets over the network. If routers at this layer can’t forward the data
frames as large as the source node has sent, this OSI layer will break down the data into
smaller units that the devices can handle. Some examples of Protocols found at the
Network Layer are IP, ARP, RARP, ICMP, RIP, OSFP, IGMP, IPX, NWLink and
NetBEUI. Some examples of Network Components found at this layer are Brouters,
Routers, some types of ATM Switches and Frame Relay hardware.

Transport Layer - The Transport Layer adds an additional connection below the Session
layer and helps manage data flow control between nodes on the network. This layer
divides the data into packets on the sending node and the transport layer of the receiving
node reassembles the message from packets. The Transport Layer provides error-
checking to guarantee error-free data delivery by requesting retransmission if some
packets don’t arrive error-free. It also sends acknowledgment of successful transmissions
back to the sending node. Some examples of Protocols found at this layer are TCP, ARP,
RARP, SPX and NWLink. Some examples of Network Components found at the
Transport Layer are Gateways and certain types of Brouters.

Session Layer - This OSI layer, as the name implies, establishes, maintains and ends
sessions between transmitting nodes across the network and manages which node can
transmit data at a certain time and for how long. Some examples of Protocols found at
this layer are Names Pipes, NetBIOS Names, RPC and Mail Slots. Some examples of
Network Components found at the Session Layer are Gateways and certain types of
Proxy Servers.
Presentation Layer - The Presentation Layer technically performs the translation of the
data from the way applications understand it to the way networks understand it on the
transmission end and then back on the receiving node. It is responsible for protocol
conversions, data encryption / decryption, and data compression / decompression where
the network is considered. Some examples of Network Components found at the
Presentation Layer are Gateways and certain types of Redirectors. There are no Protocols
that normally operate in this layer.

Application - The Application Layer of the OSI model allows access to network services
for applications specifically written to run over the network, such as email and file
transfer programs such as FTP. There are many Protocols found at the Application Layer,
some of which include FTP, TFTP, BOOTP, SNMP, SMTP, TELNET, NCP, and SMB.

The TCP/IP suite four-layer conceptual model is as follows;

Network Interface Layer - This layer effectively puts the frames on the wire from the
sending node and pulls frames off the wire at the receiving node and basically correlates
to the Physical Layer of the OSI model.

Internet Layer - Internet layer protocol of the TCP/IP suite encapsulate packets into
Internet datagrams. There are four Internet protocols that operate at this layer. The
Internet Layer basically (but not entirely) correlates to the Network Layer of the OSI
model.

Internet Protocol provides connectionless packet delivery for all other protocols
and does not guarantee packet arrival or correct packet sequence nor does it
IP
acknowledge packet delivery. IP has the main responsibility of addressing and
routing packets between nodes and it does not try to recover from network errors.
Address Resolution Protocol maps IP addresses to a physical machine addresses
(MAC addresses) that are located on the LAN. IP broadcasts a special ARP inquiry
packet containing the IP address of the destination system. The system that owns
ARP
the IP address replies by sending its physical address to the requester. The MAC
sublayer communicates directly with the network adapter card and is responsible
for delivering error-free data between network.
Internet Control Message Protocol is a message control and error-reporting
ICMP protocol used between network nodes. Higher level protocols use the information
in these datagrams to recover from any transmission or other errors.
The Internet Group Management Protocol provides a way for nodes to report
their multicast group membership to nearby multicast routers. Multicasting
allows nodes to send content to multiple other nodes within that multicast
IGMP group by sending IP multicast traffic to a single MAC address but by allowing it
to be processed by multiple nodes. IGMP is part of the Network layer of the
OSI model. Windows XP Professional supports multicast for things such as
Windows 2000 Server NetShow Services.

Transport Layer - The two Transport layer protocols provide communication sessions
between computers and these sessions can be connection oriented or connectionless, as
outlined below. The Transport Layer basically (but not entirely) correlates to the
Transport Layer of the OSI model.

Transmission Control Protocol is a connection-oriented protocol that provides

reliable communication by assigning a sequence number to each segment of data
that is transmitted so that the receiving host can send an acknowledgment (ACK) to
TCP verify that the data was received. If an ACK is not received, the data is
retransmitted. TCP guarantees the delivery of packets, ensures proper sequencing of
the data, and provides a checksum feature that validates both the packet header and
its data for accuracy.
User Datagram Protocol is a connectionless protocol that does not guarantee the
delivery or the correct sequencing of packets. Applications that use UDP typically
UDP
transfer small amounts of data at once and the data sent is usually not considered
critical. TFTP (Trivial File Transfer Protocol) uses UDP.

Application Layer - The Application Layer is where applications that are specifically
written to operate over networks, gain their access. There are two TCP/IP services,
Winsock and the NetBIOS over TCP/IP (NetBT) interface, that network applications
most commonly use on Windows XP Professional networks. The Application Layer
basically (but not entirely) correlates to the Application Layer of the OSI model.

Winsock is the standard interface used for socket-based applications and TCP/IP
protocols. Winsock allows the network application to bind to a specific port and
Winsock
IP address on a node, initiate and accept a connection, send and receive data,
and close then close the connection.
NetBIOS over TCP/IP is the standard interface for NetBIOS services, including
name, datagram, and session services. It also provides a standard interface
between NetBIOS-based applications and TCP/IP protocols and is the network
NetBT
component that performs computer name to IP address mapping name
resolution. There are currently four NetBIOS over TCP/IP name resolution
methods: b-node, p-node, m-node and h-node.

Internet Protocol Addressing Overview

The Transmission Control Protocol/Internet Protocol is a network communication

protocol. It can be used as a communications protocol on private networks and it is the
default protocol in use on the internet. When you set up any system to have direct access
to the Internet, whether it is via dial-up or one of the high speed technologies in use
today, your system will need to utilize the TCP/IP protocol whether it is a Windows
based system or not.

Also, if the given system needs to communicate to other TCP/IP systems on the local
LAN or WAN it will need to utilize the TCP/IP protocol as well.

TCP/IP version 4 (IPv4) addresses are made of up four 8-bit fields (octets) and are 32-
bits in size total. Microsoft TCP/IP version 4 supports the standard classes of address,
which defines which bits are used for the network ID and which bits are used for the host
ID. There are five TCP/IP version 4 (IPv4) addresses, although for the most part, only the
A, B, and C classes are used. The system of IP address classes described here form the
basis for IP address assignment. Classless Inter-Domain Routing (CIDR) addressing is
now being used more often and I will cover that later in the article. Classless Inter-
Domain Routing is making the IP address classes in their current for "less defined", for
lack of a better term. Still, the classes form the base of any addressing scheme.

TCP/IP version 4 address are made of both a network ID and a host ID. The network ID
address identifies the physical network where the hosts exist. The host ID address
identifies the individual TCP/IP host on a network. The host ID must be unique on the
internal network, that is, no two nodes on a given network can have the same network ID
AND host ID.

[NOTES FROM THE FIELD] - You can have two hosts with the IP host name of
112.12.44 if one is on network 10 and another is on network 11. (The full IP addresses of
these hosts would be 10.112.12.44 and 11.112.12.44. The subnet mask would be
255.0.0.0.) You cannot assign both of these nodes the host address of 112.12.44 if they
are both on network 10 or both on network 11.

The "division" point between the network ID and the host ID is called the subnet mask.
The subnet mask is used to determine where the network number in an IP address ends
and the node number in an IP address begins.

The bits in a subnet mask are set consecutively from left to right and there can be no
"skips" in the setting structure. The subnet mask of 255.255.128.0 is valid because all
eight bits are set in the first two octets and the first bit of the next octet is also set.
(11111111.11111111.10000000.00000000). The subnet mask of 255.255.64.0 is not valid
because there is a "missing" bit that is not allowed.
(11111111.11111111.01000000.00000000).

[NOTES FROM THE FIELD] - The left most bit in a TCP/IP version 4 address is
called the Most Significant Bit (MSB) and has the highest value. The right most bit in a
TCP/IP version 4 address is called the Least Significant Bit (LSB) and has the lowest
value.

I have detailed subnet masks in a little more detail in a following section.

The value of the bits, in order from the Most Significant Bit (MSB) to the Least
Significant Bit (LSB) are 128, 64, 32, 16, 8, 4, 2, 1. These numerical designations are
what make up the TCP/IP version 4 address. Each set bit (noted by a "1") are added
together to give you the address. The TCP/IP version 4 address of 171.144.62.12 converts
to a binary number of 10101011.10010000.00111110.00001100 and a hexadecimal
number of AB.90.3E.0C

[NOTES FROM THE FIELD] - While it's important to know that the TCP/IP version 4
address converts to a binary number or a hexadecimal number it is not often used in day
to day operations of the MCSA/MCSE. It is more so for the Network Administrator. For
the 70-270 exam, concentrate on the different classes of addresses, how subnet masks
work, Classless Inter-Domain Routing (CIDR) addressing and a basic understanding of
the binary conversion of a TCP/IP version 4 address. Basically, know the Most
Significant Bit (MSB) and the Least Significant Bit (LSB) and the order of numbers.

The way I remember it was to remember that the Least Significant Bit (LSB) of each octet
was "1" and each place to the left of it doubled in value up to the end of the octet on the
far left. After the DOT I would start back to "1"

TCP/IP version 6 (IPv6) addresses are a set of specifications from the Internet
Engineering Task Force (IETF) and has been designed to overcome the current shortage
of addresses under TCP/IP version 4. TCP/IP version 6 also has some other built in
improvements that goes beyond the scope of the discussion here. The single most
important thing you will need to know for the 70-270 exam (a little more depth may be
needed for the upcoming Exam 70-275: Installing, Configuring and Administering
Microsoft .NET Server and Exam 70-276: Implementing and Administering a
Microsoft .NET Server Network Infrastructure) is that IPv6 addresses are 128 bits in
length as opposed to 32 bits under IPv4.

Classless Inter-Domain Routing (CIDR) is a newer way to allocate IP addresses that is

more flexible than with the original Class addressing scheme used in the past. This makes
it so that the utilization of the number of remaining available Internet addresses has been
increased. CIDR is now the routing system used by virtually all gateway hosts on the
Internet's backbone network.

The original Internet Protocol defines IP addresses in five classes, Classes A through E.
Each of these classes allowed the use of one portion of the 32-bit Internet address scheme
to the network address and the remaining portion to the nodes on the network. One of the
main reason for the IP address shortage was in the situation where many companies
needed more than 254 host machines that were allowed under the Class C scheme but far
fewer than the 65,533 host addresses of the Class B scheme. They would request a unique
B Class address but often ended up not using many of the addresses within their allotted
block. This meant that many addresses with their pool were unutilized. This is one of the
main reasons the IP address pool was drying up and for this reason the big push was on
for TCP/IP version 6 (IPv6) and its 128-bit address. Because many of the Internet
authorities realized that it would be some time before IPv6 was in widespread use,
Classless Inter-Domain Routing was born.

Using Classless Inter-Domain Routing, each IP address has a network prefix that
identifies either a collection of network gateways or an individual gateway. The length of
the network prefix is also specified as part of the IP address and varies depending on the
number of bits that are needed (rather than any arbitrary class assignment structure). A
destination IP address or route that describes many possible destinations has a shorter
prefix and is said to be less specific. A longer prefix describes a destination gateway
more specifically. Routers are required to use the most specific or longest network prefix
in the routing table when forwarding packets.

A Classless Inter-Domain Routing network address looks like this: 201.44.112.00/18

201.44.112.00 is the address of the network and the "18" says that the first 18 bits are the
network part of the address, leaving the last 14 bits for the address of the node.
(Effectively, the 18 is the subnet mask from the "old" style of address classes.) Classless
Inter-Domain Routing lets one routing table entry represent a collection of networks that
exist in the forward path that don't need to be specified on that particular gateway. This
collecting of networks in a single address is sometimes referred to as a supernet as by
their definition they mean the same thing.

Classless Inter-Domain Routing is supported by The Border Gateway Protocol, the

prevailing exterior (interdomain) gateway protocol. (The older exterior or interdomain
gateway protocols, Exterior Gateway Protocol and Routing Information Protocol, do not
support Classless Inter-Domain Routing.) Classless Inter-Domain Routing is also
supported by the OSPF interior or intradomain gateway protocol.

Subnet Masks - Implementing subnewtorks (commonly referred to as subnets in the

field) helps to control network traffic. Every node on the same physical Ethernet network
sees all the packets of data sent out on the network. Often this has the result of multiple
collisions causing network performance to be slow. Routers or gateways are used to
separate networks into subnets. Subnet masks on each of the nodes allow the nodes on the
same subnetwork to continue to communicate with one another and to the routers or
gateways they use to send their messages.

Subnet masks allows you to identify the network ID and the host (node) ID of an IP
address.

Given the following example of a default B Class subnet mask:

10011110.00010101.00111001.01101111 158.21.57.111
11111111.11111111.00000000.00000000 255.255.000.000
--------------------------------------------------------
10010110.11010111.00000000.00000000 158.21.000.000

we can determine that the network ID is 158.21 and the host ID is 57.111

Network Address : 158.21.0.0

Subnet Address : 158.21.0.0

Subnet Mask : 255.255.0.0
Subnet bit mask : nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
Subnet Bits : 16
Host Bits : 16
Possible Number of Subnets : 1
Hosts per Subnet : 65534

Additional bits can be added to the subnet mask for a given class of addresses to subnet
networks further.

Given the following example of a B Class address using an additional bit subnet mask:

10011110.00010101.00111001.01101111 158.21.57.111
11111111.11111111.11110000.00000000 255.255.240.000 Subnet Mask
--------------------------------------------------------
10010110.11010111.00010000.00000000 150.215.016.000 Network address

Subnet Mask : 255.255.240.0

Subnet bit mask : nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh
Subnet Bits : 20
Host Bits : 12
Possible Number of Subnets : 16
Hosts per Subnet : 4094

we can see that rather than having the single subnet and 65534 Hosts per Subnet allowed
under the default subnet mask we are able to have up to 16 subnets with up to 4094 Hosts
per Subnet by using a Subnet Mask of 255.255.240.000.

Selected Subnet : 158.21.0.0/255.255.240.0

Usable Addresses : 4094
Host range : 158.21.0.1 to 158.21.15.254
Broadcast : 158.21.15.255

Subnet Mask Subnets Host Range Broadcast

158.21.0.0 255.255.240.0 4094 158.21.0.1 to 158.21.15.254 158.21.15.255
158.21.16.0 255.255.240.0 4094 158.21.16.1 to 158.21.31.254 158.21.31.255
158.21.32.0 255.255.240.0 4094 158.21.32.1 to 158.21.47.254 158.21.47.255
158.21.48.0 255.255.240.0 4094 158.21.48.1 to 158.21.63.254 158.21.63.255
158.21.64.0 255.255.240.0 4094 158.21.64.1 to 158.21.79.254 158.21.79.255
158.21.80.0 255.255.240.0 4094 158.21.80.1 to 158.21.95.254 158.21.95.255
158.21.96.0 255.255.240.0 4094 158.21.96.1 to 158.21.111.254 158.21.111.255
158.21.112.0 255.255.240.0 4094 158.21.112.1 to 158.21.127.254 158.21.127.255
158.21.128.0 255.255.240.0 4094 158.21.128.1 to 158.21.143.254 158.21.143.255
158.21.144.0 255.255.240.0 4094 158.21.144.1 to 158.21.159.254 158.21.159.255
158.21.160.0 255.255.240.0 4094 158.21.160.1 to 158.21.175.254 158.21.175.255
158.21.176.0 255.255.240.0 4094 158.21.176.1 to 158.21.191.254 158.21.191.255
158.21.192.0 255.255.240.0 4094 158.21.192.1 to 158.21.207.254 158.21.207.255
158.21.208.0 255.255.240.0 4094 158.21.208.1 to 158.21.223.254 158.21.223.255
158.21.224.0 255.255.240.0 4094 158.21.224.1 to 158.21.239.254 158.21.239.255
158.21.240.0 255.255.240.0 4094 158.21.240.1 to 158.21.255.254 158.21.255.255

[NOTES FROM THE FIELD] - A subnet address cannot be all 0's or all 1's.

TCP/IP Class A Address Overview

The "A" class addressing scheme has an official start address of 0.0.0.0 and
an official last address of 127.255.255.255.

Not all of these address can be used and you will OFTEN see conflicting
information on this.

1.0.0.1 to 126.255.255.254 is the range of IP addresses that are included in

the "A" class addressing scheme that are the useable range for node
assignment

126.255.255.255 is a broadcast address and in most case cannot be

assigned. (There are exceptions to the rule.)

The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is
set to use one and cannot assign itself an address using APIPA.

1.0.0.1 to 126.255.255.254 is the useable range.

There are 126 Class A networks total, each allowed to have up to 16,777,214
hosts

The 127.x.x.x range is used for internal host loopback

There are three IP network addresses reserved for private networks. 10.0.0.0
- 10.255.255.255 with the subnet mask 255.0.0.0 is the range for Class A IP
addresses.

They can be used by anyone setting up internal IP networks, such as a lab or

home LAN behind a NAT or proxy server or a router. It is always safe to use
these because routers on the Internet will never forward packets coming
from these addresses.

These addresses are defined in RFC 1918.

While 10.0.0.0 - 10.255.255.255 addresses with the subnet mask 255.0.0.0

are available to only internal IP networks, they are still considered part
of the Class "A" range.

TCP/IP Class B Address Overview

The "B" class addressing scheme has an official start address of 128.0.0.0 and an
official last address of 191.255.255.255.

Not all of these address can be used and you will OFTEN see conflicting information
on this.

128.0.0.1 to 191.255.255.254 is the range of IP addresses that are included in the

"B" class addressing scheme that are the useable range for node assignment.

The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is set to
use one and cannot assign itself an address using APIPA.

There are three IP network addresses reserved for private networks. 172.16.0.0 -
172.31.255.255 with the subnet mask 255.240.0.0 is the range for Class B IP
addresses.

They can be used by anyone setting up internal IP networks, such as a lab or home
LAN behind a NAT or proxy server or a router. It is always safe to use these because
routers on the Internet will never forward packets coming from these addresses.

These addresses are defined in RFC 1918.

While 172.16.0.0 - 172.31.255.255 addresses with the subnet mask 255.240.0.0 are
available to only internal IP networks, they are still considered part of the Class "B"
range.

TCP/IP Class C Address Overview

The "C" class addressing scheme has an official start address of 192.0.0.0 and an
official last address of 223.255.255.255.

Not all of these address can be used and you will OFTEN see conflicting information
on this.

192.0.0.1 to 223.255.255.254 is the range of IP addresses that are included in the

"C" class addressing scheme that are the useable range for node assignment.

The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is set to
use one and cannot assign itself an address using APIPA.

There are three IP network addresses reserved for private networks. 192.168.0.0 -
192.168.255.255 with the subnet mask 255.255.0.0 is the range for Class C IP
addresses.

They can be used by anyone setting up internal IP networks, such as a lab or home
LAN behind a NAT or proxy server or a router. It is always safe to use these because
routers on the Internet will never forward packets coming from these addresses.

These addresses are defined in RFC 1918.

While 192.168.0.0 - 192.168.255.255 addresses with the subnet mask 255.255.0.0

are available to only internal IP networks, they are still considered part of the Class
"C" range.
TCP/IP Class D Address Overview

The IP version 4 addresses of 224.0.0.0 through 239.255.255.255 are set aside

through IANA (Internet Assigned Numbers Authority) as a special class of addresses
for Multicast uses. At the present, ISPs are unable to allocate Class D address space
to their customers. These addresses must be allocated through IANA.

Class D addresses are only required if you wish to be a multicast source. You can still
receive multicast data without the need for a separate Class D address.

TCP/IP Class E Address Overview

The IP version 4 addresses of 240.0.0.0 to 254.255.255.255 are set aside through

IANA (Internet Assigned Numbers Authority) as a special class of addresses for
experimental and future use.

The IP address of 255.255.255.255 broadcasts to all hosts on the local network and
therefore, is not to be considered as part of the E class of IP addresses.

The Transmission Control Protocol/Internet Protocol is a network communication

protocol. It can be used as a communications protocol on private networks and it is the
default protocol in use on the internet. When you set up any system to have direct access
to the Internet, whether it is via dial-up or one of the high speed technologies in use
today, your system will need to utilize the TCP/IP protocol whether it is a Windows
based system or not.

Also, if the given system needs to communicate to other TCP/IP systems on the local
LAN or WAN it will need to utilize the TCP/IP protocol as well.

Windows XP Professional offers several native programs to use to help in

troubleshooting TCP/IP.

PING - Ping can be used to test your TCP/IP connection by sending a message to the
remote node or gateway from a local system. (It can also be used to test the loopback
locally only to see if it is working correctly.) If the remote node or gateway receives the
message, it responds with a reply message. The reply consists of the remote's IP address,
the number of bytes in the message, how long it took to reply-given in milliseconds (ms),
the length of time-to-live (TTL) in seconds and it will also show any pack loss in terms of
percentages.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name

Switches:

 -t Ping the specified host until stopped. To see statistics and continue - type
Control-Break; To stop - type Control-C.
 -a Resolve addresses to hostnames.
 -n count Number of echo requests to send.
 -l size Send buffer size.
 -f Set Don't Fragment flag in packet.
 -i TTL Time To Live.
 -v TOS Type Of Service.
 -r count Record route for count hops.
 -s count Timestamp for count hops.
 -j host-list Loose source route along host-list.
 -k host-list Strict source route along host-list.
 -w timeout Timeout in milliseconds to wait for each reply.

ARP - Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]

ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

 -a Displays current ARP entries by interrogating the current protocol data. If

inet_addr is specified, the IP and Physical addresses for only the specified
computer are displayed. If more than one network interface uses ARP, entries for
each ARP table are displayed.
 -g Same as -a.
 inet_addr Specifies an internet address.
 -N if_addr Displays the ARP entries for the network interface specified by
if_addr.
 -d Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to
delete all hosts.
 -s Adds the host and associates the Internet address inet_addr with the Physical
address
 eth_addr. The Physical address is given as 6 hexadecimal bytes separated by
hyphens. The entry is permanent.
 eth_addr Specifies a physical address.
  if_addr If present, this specifies the Internet address of the interface whose
address translation table should be modified. If not present, the first applicable
interface will be used.

Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a .... Displays the arp table.

IPCONFIG - Use the ipconfig command to get the local system's basic IP configuration
information, including the IP address, subnet mask, and default gateway.

The IPCONFIG/all switch produces a detailed configuration report for all interfaces,
including any configured remote access adapters.

USAGE: ipconfig [/? | /all | /renew [adapter] | /release [adapter] | /flushdns | /displaydns
| /registerdns | /showclassid adapter | /setclassid adapter [classid] ]

 /all Display full configuration information.

 /release Release the IP address for the specified adapter.
 /renew Renew the IP address for the specified adapter.
 /flushdns Purges the DNS Resolver cache.
 /registerdns Refreshes all DHCP leases and re-registers DNS names
 /displaydns Display the contents of the DNS Resolver Cache.
 /showclassid Displays all the dhcp class IDs allowed for adapter.
 /setclassid Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and default gateway for each
adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address leases for all
adapters bound to TCP/IP will be released or renewed.

NBTSTAT - NetBT Statistics (Nbtstat.exe) is used for troubleshooting network NetBIOS

names over TCP/IP (NetBT) resolution problems from the command line. It displays
protocol statistics and current TCP/IP connections that are using NetBT.

When a network is functioning, NetBT resolves NetBIOS names to IP addresses . It uses

several options for NetBIOS name resolution, including local cache lookup, WINS server
query, broadcast, Lmhosts and Hosts file lookup, and DNS server query.

Displays protocol statistics and current TCP/IP connections using NBT

(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval]
]

 -a (adapter status) Lists the remote machine's name table given its name
  -A (Adapter status) Lists the remote machine's name table given its IP address.
 -c (cache)Lists NBT's cache of remote [machine] names and their IP addresses
 -n (names)Lists local NetBIOS names.
 -r (resolved) Lists names resolved by broadcast and via WINS
 -R (Reload) Purges and reloads the remote cache name table
 -S (Sessions) Lists sessions table with the destination IP addresses
 -s (sessions) Lists sessions table converting destination IP addresses to computer
NETBIOS names.
 -RR(ReleaseRefresh) Sends Name Release packets to WINS and then, starts
Refresh
 RemoteName - Remote host machine name.
 IP address - Dotted decimal representation of the IP address.
 interval - Redisplays selected statistics, pausing interval seconds between each
display. Press Ctrl+C to stop redisplaying statistics.

NETSTAT - Netstat (Netstat.exe) displays TCP/IP protocol statistics and active

connections to and from your computer from the command line and also provides an
option to display the number of bytes sent and received, as well as network packets
dropped (if any).

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

 -a Displays all connections and listening ports.

 -e Displays Ethernet statistics. This may be combined with the -s option.
 -n Displays addresses and port numbers in numerical form.
 -o Displays the owning process ID associated with each connection.
 -p proto Shows connections for the protocol specified by proto; proto may be any
of: TCP, UDP TCPv6, or UDPv6. If used with the –s option to display per-
protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6,
UDP, or UDPv6.
 -r Displays the routing table.
 -s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6,
ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to
specify a subset of the default.
 interval Redisplays selected statistics, pausing interval seconds between each
display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print
the current configuration information once.

ROUTE - You can use the route command line tool to display the current IP routing
table and add or delete IP routes.

ROUTE [-f] [-p] [command] [destination] [MASK netmask] [gateway] [METRIC metric]
[IF interface]

 -f Clears the routing tables of all gateway entries. If this is used in conjunction
with one of the commands, the tables are cleared prior to running the command.
  -p When used with the ADD command, makes a route persistent across boots of
the system. By default, routes are not preserved when the system is restarted.
Ignored for all other commands, which always affect the appropriate persistent
routes.

commands

 PRINT Prints a route

 ADD Adds a route
 DELETE Deletes a route
 CHANGE Modifies an existing route

 destination - Specifies the host.

 MASK -Specifies that the next parameter is the 'netmask' value.
 netmask - Specifies a subnet mask value for this route entry. If not specified, it
defaults to 255.255.255.255.
 gateway - Specifies gateway.
 interface - Specifices the interface number for the specified route.
 METRIC - Specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database file
NETWORKS. The symbolic names for gateway are looked up in the host name database
file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,

(wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination

routes are printed. The '*' matches any string, and '?' matches any one char. Examples:
157.*.1, 157.*, 127.*, *224*.

Invalid MASK generates an error, that is when (DEST & MASK) != DEST.

Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1 The route addition
failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.

Examples:

route PRINT
route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
      destination^            mask^    gateway^        metric^    ^Interface

If IF is not given, it tries to find the best interface for a given gateway.

route PRINT 112* .... Only prints those matching 112*

route CHANGE 112.0.0.0 MASK 255.0.0.0 112.89.8.5 METRIC 2 IF 2
CHANGE is used to modify gateway and/or metric only.

HOSTNAME - Hostname is used to show the local computer's host name for
authentication by the Remote Copy Protocol (RCP), Remote Shell (RSH), and Remote
Execution (REXEC) tools

TRACERT - Tracert is sometimes used to verify that IP addressing has been correctly
configured on a client. It will basically show the route taken to reach a remote system 

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options:

 -d Do not resolve addresses to hostnames.

 -h maximum_hops Maximum number of hops to search for target.
 -j host-list Loose source route along host-list.
 -w timeout Wait timeout milliseconds for each reply.

PATHPING - Pathping also shows the route taken to reach a remote system as does
TRACERT but PATHPING does so with more detail and allows for more functionality
as well.

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q
num_queries] [-w timeout] [-P] [-R] [-T] [-4] [-6] target_name

Options:
 -g host-list Loose source route along host-list
 -h maximum_hops Maximum number of hops to search for target. 
 -i address Use the specified source address.
 -n Do not resolve addresses to hostnames.
 -p period Wait period milliseconds between pings.
 -q num_queries Number of queries per hop.
 -w timeout Wait timeout milliseconds for each reply.
 -P Test for RSVP PATH connectivity.
 -R Test if each hop is RSVP aware.
 -T Test connectivity to each hop with Layer-2 priority tags.
 -4 Force using IPv4.
 -6 Force using IPv6.

There are additional tools that can be used to test TCP/IP connectivity. They are standard
use tools for the TCP/IP protocol.

FTP

- FTP is the File Transfer Protocol and it is used to transfer files from system to system.

Internet Explorer interconnectivity allows for a Windows Explorer type of GUI

environment for the file transfer by allowing functionality of file and folder views and
drag and drop / copy and paste.

The command line FTP allows for more functionality. FTP is considered to be a
connected session using Transmission Control Protocol (TCP).

FTP commands are listed in the table below.

! delete literal prompt send

? debug ls put status
append dir mdelete pwd trace
ascii disconnect mdir quit type
bell get mget quote user
binary glob mkdir recv verbose
bye hash mls remotehelp  
cd help mput rename  
close lcd open rmdir  

FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-w:windowsize] [-A] [host]
 -v Suppresses display of remote server responses.
 -n Suppresses auto-login upon initial connection.
 -i Turns off interactive prompting during multiple file transfers.
 -d Enables debugging.
 -g Disables filename globbing (see GLOB command).
 -s:filename - Specifies a text file containing FTP commands; the commands will
automatically run after FTP starts.
 -a Use any local interface when binding data connection.
 -A - login as anonymous.
 -w:buffersize - Overrides the default transfer buffer size of 4096.
 host - Specifies the host name or IP address of the remote host to connect to.

[NOTES FROM THE FIELD] - Use mget and mput commands take y/n/q for
yes/no/quit.
Use Control-C to abort actively executing commands.

TFTP - The Trivial File Transfer Protocol allows for the connectionless transfer of files
to and from systems using User Datagram Protocol (UDP).

[NOTES FROM THE FIELD] - User Datagram Protocol (UDP) is a connectionless

protocol that does not guarantee delivery of data packets between hosts and is used when
data transfer acknowledgments are not required. It can transmit only small portions of
data at a time because it is not capable of segmenting and reassembling frames and does
not implement sequence numbers.

While TFTP is limited in functionality, there are still some command line switches that
can be used to tailor its performance.
TFTP [-i] host [GET | PUT] source [destination]

 -i Specifies binary image transfer mode (also called octet). In binary image mode
the file is moved literally, byte by byte. Use this mode when transferring binary
files.
 host - Specifies the local or remote host.
 GET - Transfers the file destination on the remote host to the file source on the
local host.
 PUT - Transfers the file source on the local host to the file destination on the
remote host.
 source - Specifies the file to transfer.
 destination - Specifies where to transfer the file.

TELNET - Telnet is a terminal emulation program, which allows user to perform

commands on a remote computer from a command window.

telnet [-a][-e escape char][-f log file][-l user][-t term][host [port]]

 -a Attempt automatic logon. Same as -l option except uses the currently logged on
user's name.
 -e Escape character to enter telnet client prompt.
 -f File name for client side logging
 -l Specifies the user name to log in with on the remote system. Requires that the
remote system support the TELNET ENVIRON option.
 -t Specifies terminal type. Supported term types are vt100, vt52, ansi and vtnt
only.
 host - Specifies the hostname or IP address of the remote computer to connect to.
 port - Specifies a port number or service name.

RCP - RCP copies files to and from computer running the RCP service. RCP uses the
Transmission Control Protocol (TCP) toutilize the connected and reliable delivery of data
between the client and the host and can be scripted in a batch file and does not require a
password. The remote host must be running the RSHD service, and the user’s username
must be configured in the remote host’s .rhosts file. RCP is one of the r-commands
available on all UNIX systems.

[NOTES FROM THE FIELD] - Microsoft’s implementation of TCP/IP includes the

RCP client software but not rshd services.

RCP [-a | -b] [-h] [-r] [host][.user:]source [host][.user:] path\destination

 -a Specifies ASCII transfer mode. This mode converts the EOL characters to a
carriage return for UNIX and a carriage return/line feed for personal computers.
This is the default transfer mode.
 -b Specifies binary image transfer mode.
 -h Transfers hidden files.
  -r Copies the contents of all subdirectories; destination must be a directory.
 host Specifies the local or remote host. If host is specified as an IP address OR if
host name contains dots, you must specify the user.
 .user: Specifies a user name to use, rather than the current user name.
 source Specifes the files to copy.
 path\destination Specifies the path relative to the logon directory on the remote
host. Use the escape characters (\ , ", or ') in remote paths to use wildcard
characters on the remote host.

RSH - RSH is a TCP/IP utility that enables clients to run commands directly on remote
hosts running the RSH service without having to log on to the remote host. RSH is one of
the UNIX r-commands that are available on all UNIX systems.

Remote Assistance configuration is accessed and settings are enabled via the System
Properties page on a Windows XP system either by selecting it from the Start Menu by
right clicking My Computer and choosing Properties or by selecting My Computer from
the Windows Explorer and right clicking My Computer and choosing Properties.

[NOTES FROM THE FIELD] - What your Start Menu options look like all depend on
how you have the menu set. If you are using the Classic Start Menu, you would not see
My Computer as a selection to right click on.

I seem to continually repeat this from article to article, but it is important to stress, the
Windows XP Professional exam rarely tests you on Classic anything. You need to know
how to get from Windows XP Professional settings to Classic and back, but in 90% of the
cases you're going to find instructions laid out in the Windows XP Professional vein. I
will do my best to point out alternatives in the [NOTES FROM THE FIELD] section as
I have done here.

Local Administrators and certain permitted individuals have the rights to make
configuration settings for the local systems to allow or prevent remote assistance
invitations. Once the system is properly configured by the Administrator, any user can
make a request for remote assistance.

After the Properties page has been brought up for a local system, it can be set to allow
Remote Assistance invitations by selecting the Allow Remote Assistance invitations to
be sent from this computer checkbox on the Remote tab.

Once this option is set the Advanced button becomes available which displays the
Remote Assistance Settings dialog box when selected.
[NOTES FROM THE FIELD] - The default settings are shown in the image above. You
can configure the Invitation settings in the drop down menu of numbers in a range from
1 to 99 and the definition box to the right can be set to MINUTES, HOURS, or DAYS.

The default option of Allow This Computer To Be Controlled Remotely is selected

and allows the person offering the assistance to take over the full control of the local
system. Clearing this check box allows the remote user only the ability to view a remote
session. (Think of it as a "Read Only" session).

Remote Assistance via the Windows Messenger

There are many different ways to solicit help via Remote Assistance. I will outline the
main ways to ask via the local system.

You can ask for Remote Assistance via the Windows Messenger by logging in to the
Windows Messenger and going to Actions on the Menu bar and selecting Ask for
Remote Assistance.
This allows you to select a person from your list of contacts, provided they are online at
the time.

You can also select the Other tab to enter the e-mail address of another person to contact.
The invitation from the My Contacts list will show up in the conversation window.

Also, if you already have a conversation session established with the person you want to
request help from, you can simply select the Ask for Remote Assistance button from the
I want to....menu.

Once the person accepts the invitation you will see a dialog box asking you to confirm
permission. In order for the session to continue you would need to click Yes.

They can then operate on your system at whatever level of control that has been allowed.
(Either view or full control.)

[NOTES FROM THE FIELD] - The client requesting the remote session maintains
ultimate control of the session even thought they have granted temporary controlling
access to the invitee. Although you relinquish control of your computer temporarily, you
retain control over the Remote Assistance session itself. The client requesting the remote
session can end the session immediately by clicking the Stop Control button or pressing
the ESC key.

Remote Assistance via the Help and Support Center

You can also initiate a session via Help and Support from the Start Menu.

This will open the Help and Support Center where you can ask for assistance from the
main menu.
Selecting Invite a friend to connect to your computer with Remote Assistance from
the Ask a friend to help section (from the Support menu on the left section of the
screen, not shown in the above image) will bring you to the next Help and Support Center
window.

From here you can select Invite someone to help you which will open the next screen to
select either a Windows Messenger user or allow you to make a solicitation by email.
You can select a user from the list and click the Invite this person button which will
bring up the Web Page Dialog box.

[NOTES FROM THE FIELD] - This box will stay open until it is accepted on the
remote end or cancelled on the requesting end.

You can also elect to save your invitation as a file.

When you save the invitation, you can elect to require the recipient to use a password.
(You will have to get this password to the recipient, it is not sent from this tool.)

To configure your Windows XP Professional system as a DNS client you need to either
go to the Control Panel and click Network And Internet Connections or go to My
Network Places on the start menu, right click it and choose Properties.
In the Network Connections window you would right click your Local Area Connection
(which is the default location to set the local system as a DNS client) and choose
Properties.

On the property page for the Local Area Connection you would highlight the TCP/IP
protocol on the general tab and select the Properties button.
The image below shows a client configured to use the DHCP (as the Obtain an IP address
automatically radio button is set) or APIPA service (in the event the DHCP server is
unavailable). This is also the default selection for the TCP/IP properties at operating
system installation and/or protocol installation when the Typical Settings radio button is
selected.

The client can be configured to use a static (fixed) or dynamic IP address. In either case,
configuring the system as a DNS client is exactly the same.
[NOTES FROM THE FIELD] - Windows XP Professional, like Windows 98 and
Windows 2000, uses Automatic Private IP Addressing which will provide DHCP clients
an IP address and limited network connectivity (usually the same subnet only) in the
event a DHCP server is unavailable. The Automatic Private IP Addressing feature uses
the reserved 169.254.0.0 through 169.254.255.255 IP address range and is enabled by
default, but it can be disabled by configuring the settings on the client to use an alternate
configuration if a DHCP server cannot be located.

When you select the Obtain DNS Server Address Automatically option, your
network's Dynamic Host Configuration Protocol (DHCP) server will provide the IP
address of a DNS server to the client.

When you elect to choose Use The Following DNS Server Addresses, you will
manually list the IP address of the Preferred DNS Server and the optional Alternate DNS
Server address that you want the client to use.

You can also click on the Advanced button and enter these values as well as some other
settings.
You can set the client's DNS server addresses in the upper box and arrange them in order
of use from top to bottom (the first two entries of which will be any settings you provided
on the main TCP/IP page) by entering them with the Add button and using the arrows on
the right side to change their order.

There are also other sections on this property page where more settings can be
configured. The Append Primary And Connection Specific DNS Suffixes option is
selected by default and this setting tells the DNS resolver to append the client name to the
primary domain name, as well as the domain name defined in the DNS Domain Name
field. The resolver then searches for the Fully Qualified Domain Name. If the search for
the Fully Qualified Domain Name fails, the DNS resolver will use the entry (if any)
supplied in the DNS Suffix For This Connection text box.

If the DHCP server has been enabled to configure this connection and you do not specify
a DNS suffix, the connection is assigned by the DHCP server. If you specify a DNS
suffix, it is used instead.

The Append Parent Suffixes Of The Primary DNS Suffix check box is enabled by
default and this configuration causes the DNS resolver to drop the leftmost portion of the
primary DNS suffix and attempt to use the resulting domain name. If this fails, it
continues dropping the next leftmost name and repeating this process until only two
names such as 2000Trainers and COM remain. Rather than do this, you might opt to set
the Append These DNS Suffixes (In Order) radio button which will allow you to
specify a list of domains for the DNS resolver to try. The DNS resolver will attempt each
one of these suffixes, one at a time and in the order you specified in the text box. Any
attempts are limited to the domains that you have listed in here.

You can also select the Register This Connection's Addresses In DNS check box
which will cause the client itself to attempt to dynamically register the IP addresses via
DNS with its full computer name as shown on the Computer Name tab of the System
properties page.

The last available option to set from this property page is the Use This Connection's
DNS Suffix In DNS Registration check box which uses DNS dynamic updates to
register the IP addresses and the connection-specific domain name. The connection-
specific name is the computer name, (the first label of the full computer name specified in
the Computer Name tab), and the DNS suffix of this connection. If the Register This
Connection's Addresses In DNS check box is selected, this registration enabled here is
in addition to the DNS registration of the full computer name.