NetBIOS, NetBEUI, and SMB are Microsoft Protocols used to support Microsoft Networking. The following parts of Microsoft networking stack work at the application level:
- Redirector - It directs requests for network resources to the appropriate server and makes network resources seem to be local resources.
- SMB - Server Message Block provides redirector client to server communication.
Other parts of the stack include:
- NetBIOS - Works at the session layer and controls the sessions between computers and maintains connections.
- NetBEUI - Works at the transport layer and provides data transportation. It is not a routable transport protocol which is why NBT exists on large networks to use routable TCP protocol on large networks.
NetBEUI can now handle more than 254 sessions.
NWLink is Microsoft's way of implementing IPX/SPX.
Network Protocols used by NetBIOS for network transport
Microsoft can bind its protocol to use any combination of NetBEUI, NWLink, or TCP/IP for transport.
- NBT - NetBIOS over TCP/IP
- NBF - NetBIOS over NetBEUI
- NWNBLink - NetBIOS over NWLink
NetBIOS over TCP/IP (NBT)
NetBIOS messages are encapsulated in TCP/IP or NetBEUI datagrams. When utilizing TCP/IP for transport, the protocol is called NetBIOS over TCP/IP (NBT). It is defined by RFC 1001 and RFC 1002. NetBIOS has three layers which are:
- SMB - Server Message Block protocol works at the presentation level to provide peer to peer communication.
- NetBIOS API - Works at the session layer.
- NBF - NetBIOS Frame protocol.
NetBIOS may utilize NetBEUI for transport and network layer support rather than TCP/IP.
NetBIOS Extended User Interface (NetBEUI)
This is a separate protocol from NetBIOS. Supports small to medium networks. It provides transport and network layer support. NDS and the NIC driver provide data link level support. It is fast and small. Since it is small, it works well for the DOS operating system. It is not a routable protocol.
NetBIOS names are 15 characters long with a 16th invisible character assigned by the system that is based on function. Three methods of mapping NetBIOS names to IP addresses:
- IP broadcasting - A data packet with the NetBIOS computer name is broadcast when an associated address is not in the local cache. The host who has that name returns its address.
- The lmhosts file - This is a file that maps IP addresses and NetBIOS computer names.
- NBNS - NetBIOS Name Server. A server that maps NetBIOS names to IP addresses. This service is provided by the nmbd daemon on Linux.
System wide methods of resolving NetBIOS names to IP addresses are:
- b-node - Broadcast node
- p-node - Point-to-point node queries an NBNS name server to resolve addresses.
- m-node - First uses broadcasts, then falls back to querying an NBNS name server.
- h-node - The system first attempts to query an NBNS name server, then falls back to broadcasts if the name server fails. As a last resort, it will look for the lmhosts file locally.
NetBIOS name services use port 137 and NetBIOS session services use port 139. NetBIOS datagram service uses port 138.
To resolve addresses from names, a computer on a Microsoft network will check its cache to see if the address of the computer it wants to connect to is listed there. If not it sends a NetBIOS broadcast requesting the computer with the name to respond with its hardware address. When the address is received, NetBIOS will start a session between the computers. On larger networks that use routers, this is a problem since routers do not forward broadcasts, nor is NetBEUI a routable protocol. Therefore Microsoft implemented another method of resolving names with the Windows Internet Name Service (WINS). The following steps are taken to resolve names to IP addresses on larger networks using TCP/IP (NBT):
- NetBIOS name cache
- WINS Server
- NetBIOS broadcast
- lmhosts file
- hosts file
- DNS server
Windows Internet Name Service (WINS)
WINS is the Microsoft implementation of NetBIOS name service. Samba on Linux can be used as a WINS server.
Computers configured to use WINS, when booted, contact the WINS name server and give the server their NetBIOS name and IP address. The WINS server adds the information to its database and it may send the information to other WINS servers on your network. When a computer that is configured to use WINS needs to get an address of another computer, it will contact the WINS server for the information. Without the use of a WINS server, NetBIOS will only be able to see computers on the unrouted sections of the local network. Does this mean a WINS server must exist in each routed section of the network?
The Windows Networking Environment
A domain in a Microsoft networking environment refers to a collection of computers using user level security. It is not the same as the term domain used with regard to the domain name system (DNS). Domain related terms are:
- BDC - Backup Domain Controller is a backup for a PDC
- TLD - Top Level domain
- PDC - Primary Domain Controller is an NT server providing central control of user access permissions and accounts on a network.