Monday, July 4, 2011

NetBIOS | Understanding and definition of the NetBIOS

    NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. Older operating systems ran NetBIOS over IEEE 802.2 and IPX/SPX using the NetBIOS Frames (NBF) and NetBIOS over IPX/SPX (NBX) protocols, respectively. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. This results in each computer in the network having both an IP address and a NetBIOS name corresponding to a (possibly different) host name.

    NetBIOS was developed in 1983 by Sytek Inc. as an API for software communication over IBM's PC-Network LAN technology. On PC-Network, as an API alone, NetBIOS relied on proprietary Sytek networking protocols for communication over the wire. Because PC-Network only supported up to 80 devices in its most accommodating mode (baseband), NetBIOS was itself designed with limited nodes in mind.

    In 1985, IBM went forward with the token ring network scheme and a NetBIOS emulator was produced to allow NetBIOS-aware applications from the PC-Network era to work over this new design. This emulator, named NetBIOS Extended User Interface (NetBEUI), expanded the base NetBIOS API with, among other things, the ability to deal with the greater node capacity of token ring. A new networking protocol, NBF, was simultaneously produced to allow NetBEUI (NetBIOS) to provide its services over token ring — specifically, at the IEEE 802.2 Logical Link Control layer.

    Also in 1985, Microsoft created a NetBIOS implementation for its MS-NET networking technology. As in the case of IBM's token ring, the services of Microsoft's NetBIOS implementation were provided over the IEEE 802.2 Logical Link Control layer by the NBF protocol.

    In 1986, Novell released Advanced Novell NetWare 2.0 featuring the company's own NetBIOS emulator. Its services were encapsulated within NetWare's IPX/SPX protocol using the NetBIOS over IPX/SPX (NBX) protocol.

    In 1987, a method of encapsulating NetBIOS in TCP and UDP packets, NetBIOS over TCP/IP (NBT), was published. It was described in RFC 1001 ("Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods") and RFC 1002 ("Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Detailed Specifications"). The NBT protocol was developed in order to "allow an implementation [of NetBIOS applications] to be built on virtually any type of system where the TCP/IP protocol suite is available," and to "allow NetBIOS interoperation in the Internet."

    After the PS/2 computer hit the market in 1987, IBM released the PC LAN Support Program, which included a driver for NetBIOS.

    Worth noting is the popular confusion between the names NetBIOS and NetBEUI. NetBEUI originated strictly as the moniker for IBM's enhanced 1985 NetBIOS emulator for token ring. The name NetBEUI should have died there, considering that at the time, the NetBIOS implementations by other companies were known simply as NetBIOS regardless of whether they incorporated the API extensions found in that emulator. For MS-NET, however, Microsoft elected to name its implementation of the NBF protocol "NetBEUI" — literally naming its implementation of the transport protocol after IBM's second version of the API. Consequently, even today, Microsoft file and printer sharing over Ethernet continues to be called NetBEUI, with the name NetBIOS commonly used only in reference to file and printer sharing over TCP/IP. In truth, the former is NetBIOS over NBF, and the latter is NetBIOS over NBT.

    Since its original publishing in a technical reference book from IBM, the NetBIOS API specification has become a de facto standard.

    NetBIOS provides three distinct services:
    1. Name service for name registration and resolution.
    2. Session service for connection-oriented communication.
    3. Datagram distribution service for connectionless communication.
    (Note: SMB, an upper layer, is a service that runs on top of the Session Service and the Datagram service, and is not to be confused as a necessary and integral part of NetBIOS itself. It can now run atop TCP with a small adaptation layer that adds a packet length to each SMB message; this is necessary because TCP only provides a byte-stream service with no notion of packet boundaries.

    In order to start sessions or distribute datagrams, an application must register its NetBIOS name using the name service. NetBIOS names are 16 octets in length and vary based on the particular implementation. Frequently, the 16th octet is used to designate a "type" similar to the use of ports in TCP/IP. It is called the NetBIOS Suffix (read below) or "resource type", and is used to tell other applications what type of services the system offers. In NBT, the name service operates on UDP port 137 (TCP port 137 can also be used, but it is rarely, if ever, used).

    The name service primitives offered by NetBIOS are:
    1. Add name — registers a NetBIOS name.
    2. Add group name — registers a NetBIOS "group" name.
    3. Delete name — un-registers a NetBIOS name or group name.
    4. Find name — looks up a NetBIOS name on the network.
    NetBIOS name resolution is not supported by Microsoft for Internet Protocol Version 6 (IPv6).

    Session mode lets two computers establish a connection for a "conversation", allows larger messages to be handled, and provides error detection and recovery. In NBT, the session service runs on TCP port 139.

    The session service primitives offered by NetBIOS are:
    1. Call — opens a session to a remote NetBIOS name.
    2. Listen — listen for attempts to open a session to a NetBIOS name.
    3. Hang Up — close a session.
    4. Send — sends a packet to the computer on the other end of a session.
    5. Send No Ack — like Send, but doesn't require an acknowledgment.
    6. Receive — wait for a packet to arrive from a Send on the other end of a session.
    In the original protocol used to implement NetBIOS services on PC-Network, to establish a session, the computer establishing the session sends an Open request which is responded to by an Open acknowledgment. The computer that started the session will then send a Session Request packet which will prompt either a Session Accept or Session Reject packet. Data is transmitted during an established session by data packets which are responded to with either acknowledgment packets (ACK) or negative acknowledgment packets (NACK). Since NetBIOS is handling the error recovery, NACK packets will prompt retransmission of the data packet. Sessions are closed by the non-initiating computer by sending a close request. The computer that started the session will reply with a close response which prompts the final session closed packet.

    Datagram mode is "connectionless". Since each message is sent independently, they must be smaller; the application becomes responsible for error detection and recovery. In NBT, the datagram service runs on UDP port 138.

    The datagram service primitives offered by NetBIOS are:
    1. Send Datagram — send a datagram to a remote NetBIOS name.
    2. Send Broadcast Datagram — send a datagram to all NetBIOS names on the network.
    3. Receive Datagram — wait for a packet to arrive from a Send Datagram operation.
    4. Receive Broadcast Datagram — wait for a packet to arrive from a Send Broadcast Datagram operation.
    The NetBIOS name is 16 ASCII characters, however Microsoft limits the host name to 15 characters and reserves the 16th character as a NetBIOS Suffix. This suffix describes the service or name record type such as host record, master browser record, or domain controller record. The host name (or short host name) is specified when Windows networking is installed/configured, the suffixes registered are determined by the individual services supplied by the host. In order to connect to a computer running TCP/IP via its NetBIOS name, the name must be resolved to a network address. Today this is usually an IP address (the NetBIOS name-IP address resolution is often done by either broadcasts or a WINS Server — NetBIOS Name Server). A computer's NetBIOS name is often the same as that computer's host name (see below), although truncated to 15 characters, but it may also be completely different. NetBIOS names can include almost any combination of alphanumeric characters except for spaces and the following characters: [ \ / : * ? " ; | +
    ]

    The Windows LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server.

    A Windows machine's NetBIOS name is not to be confused with the computer's host name. Generally a computer running TCP/IP (whether it's a Windows machine or not) has a host name (also sometimes called a machine name or a DNS name). Generally the host name of a Windows computer is based on the NetBIOS name plus the Primary DNS Suffix, which are both set in the System Properties dialog box.

    There may also be "connection specific suffixes" which can be viewed or changed on the DNS tab in Control Panel → Network → TCP/IP → Advanced Properties. Host names are used by applications such as telnet, ftp, web browsers, etc. In order to connect to a computer running the TCP/IP protocol using its HOST name, the host name must be resolved into an IP Address. Host name- or Fully Qualified Domain Name (FQDN)-IP address resolution is typically done by a Domain Name System (DNS) server.

    The node type of a networked computer relates to the way it resolves NetBIOS names to IP addresses. There are four node types.
    1. B-node: 0x01 Broadcast
    2. P-node: 0x02 Peer (WINS only)
    3. M-node: 0x04 Mixed (broadcast, then WINS)
    4. H-node: 0x08 Hybrid (WINS, then broadcast)
    The node type in use is displayed by opening a command line and typing ipconfig /all. A Windows computer registry may also be configured in such a way as to display "unknown" for the node type.

    The NetBIOS suffix, alternately called the NetBIOS End Character (endchar) is the 16th character of a NetBIOS name. This character specifies the record or service type for the registered name record. The number of record types is limited to 255. However in actual use the number of commonly used NetBIOS Suffixes is substantially smaller. The most common NetBIOS Suffixes:

    ASCII Values of 16th characters of NetBIOS "names"
    1. 00: Workstation Service
    2. 03: Messenger Service
    3. 20: File Service (also called Host Record)
    4. 1B: Domain Master Browser - Primary Domain Controller for a domain
    5. 1C: Domain Controllers for a domain (group record with up to 25 IP addresses)
    6. 1D: Master Browser
    7. 1E: Browser Service Elections
    The Microsoft adaptation of the IBM NetBIOS protocol. NetBEUI expands on NetBIOS by adding a Transport layer component. NetBEUI is a fast and efficient protocol that consumes few network resources, provides excellent error correction, and requires little configuration.
    Source URL: https://newsotokan.blogspot.com/2011/07/netbios-understanding-and-definition-of.html
    Visit Sotokan for Daily Updated Hairstyles Collection

No comments:

Post a Comment

Popular Posts

My Blog List

Blog Archive