280 likes | 401 Views
“Windows Networking”. ITL. Overview. Networking under Windows Mixture of applications and protocols. Windows Protocols. Application Layer: “Providers”: Vendor-specific networking clients Application (http, ftp, etc.) Presentation Layer Usually empty. Windows Protocols. Session Layer
E N D
Overview • Networking under Windows • Mixture of applications and protocols
Windows Protocols • Application Layer: • “Providers”: Vendor-specific networking clients • Application (http, ftp, etc.) • Presentation Layer • Usually empty
Windows Protocols • Session Layer • Redirectors – linked to Provider modules • Servers • Transport Layer • TDI – Transport Driver Interface • Various transport protocols (TCP, NWLink, NBF) • Lower Layers
Some Definitions • NBF: NetBIOS Frame Protocol • Based on NetBEUI (Network Basic Input Output System Extended User Interface) • NWLink • Implementation of the Novell protocols IPX/SPX • IPX: Internet Packet Exchange • SPX: Sequence Packet Exchange
Protocol Structure NetBIOS (Kernel) TCP/IPNetBT SPX/IPX NBF NDIS NIC Driver Note: TCP/NetBT and IPX/SPX are routable, NBF (NetBEUI) is not.
Specifications & Info • Karanjit S. Siyan, “Windows NT TCP/IP”, New Riders Professional Library • RFCs 1001 & 1002 • SNIA CIFS Spec 0.9
Some History • Windows networking • Windows for Workgroups • LAN Manager (various versions) • Intended for small LANs • Similar to AppleTalk
History … • Novell used for server-based large networks • Windows networking used for Peer-to-Peer • RFCs 1001 and 1002 define NetBIOS over TCP (NetBT)
UNC • Uniform Naming Convention • \\ServerName\ShareName\Path\FileName • Defines a flat namespace used to locate network resources
SMB • Server Message Block • Application layer protocol • Defines access to files, printers, and named pipes • SMB specs are not public • CIFS specs are public under SNIA
Protocol Stacks for SMB SMB NetBIOS IPX/SPX TCP/IP NetBEUI Data Link Layer
SMB Functions • Session Setup and Disconnect • File Access • Printer Access • Directory Searching • Setting File Attributes • File Creation and Deletion
SMB File Access • Open and Close • Read and Write • Record and byte range locking • File Locks • “Opportunistic” locks (caching support)
SMB Variants • SMB is not a single specification • Microsoft and other vendors made numerous enhancements • SMB session setups include a required version negotiation
Name Resolution • NetBIOS uses 15 character names • Flat name space inside a NetBIOS Scope • Nodes assert a name upon startup • Assertion is successful unless challenged
Node Types • b-nodes • Use broadcast for name resolution • Can interact only with b-nodes (and mixed nodes) • p-nodes • Use a NetBIOS name server (NBNS, Microsoft WINS) • Cannot interact with b-nodes
Mixed Node Types • m-nodes • mixed operation, broadcast first • h-nodes • mixed, NBNS, LMHOST file, broadcst • Windows defaults: • b-node • h-node if a WINS server is specified
Some Notes • WINS is NBNS as defined in RCFs 1001 and 1002, but • WINS replications (server to server updates) are vendor-specific • WINS is dynamic, entries come from NetBIOS name registration at system startup
WINS and DNS • Up to Windows NT 4, these are separate • Computers can have unrelated DNS and NetBIOS names • DHCP clients without dynamic DNS • Have “generic” or no DNS names • Dynamically register NetBIOS names
Windows 2000 • Pure Windows 2000 networks use dynamic DNS • WINS lookups used for mixed environments • Names lookups can trigger • DNS queries • WINS queries • Broadcasts
WINS and DNS names • Windows 2000 machines use FQDN (Fully Qualified Domain Names) • NetBIOS names are derived from the host name • Pad short names with spaces up to 15 characters • Truncate names with >15 chars
Microsoft DNS • Dynamic Updates • Replication (If used with Active Directory aka LDAP) • UTF-8 character coding unless restricted to RFC 1123 • Additional DNS record types
Service Discovery • LDAP - based starting with Windows 2000 • Previous versions use a proprietary systen of “domain browsers” • Creates some broadcast traffic
Access Control in SMB • “Share Level Access” • Used with FAT16 and FAT32 • Single password for a directory tree • User Level Access • Requires User/Password Authentication • NTFS required to make access file-specific
Security Models • “Workgroup” • relies on share level security or • user/password settings on Windows NT or 2000 workstations • Domain Controller • Windows NT or 2000 server which contains a central user database
Dual Access Control • NTFS-based file sharing checks credentials twice • Share-level permissions • File level access control lists • Non-file objects (e.g. printers) can have share permissions
Security protocols in CIFS • Authentication required for session setup to a server • Plain Text Password (discouraged for obvious reason) • Challenge-response • Requires a shared secret (password) • May be stored on a separate authentication server