Name Resolution as Used within MS Windows Networking
MS Windows networking is predicated on the name each machine is given. This name is known variously (and
inconsistently) as the “computer name,” “machine name,” “networking
name,” “NetBIOS name,” or “SMB name.” All terms mean the same thing with the
exception of “NetBIOS name,” which can also apply to the name of the workgroup or the domain
name. The terms “workgroup” and “domain” are really just a simple name with which
the machine is associated. All NetBIOS names are exactly 16 characters in length. The
16th character is reserved. It is used to store a 1-byte value that indicates
service level information for the NetBIOS name that is registered. A NetBIOS machine name is therefore
registered for each service type that is provided by the client/server.
Unique NetBIOS names and
group names tables
list typical NetBIOS name/service type registrations.
Table28.1.Unique NetBIOS Names
||Server Service is running on MACHINENAME
||Generic machine name (NetBIOS name)
||LanMan server service is running on MACHINENAME
||Domain master browser
||Generic name registered by all members of WORKGROUP
||Domain cntrollers/netlogon servers
||Local master browsers
||Browser election service
It should be noted that all NetBIOS machines register their own
names as per
Unique NetBIOS names and
group names. This is in vast contrast to TCP/IP
installations where the system administrator traditionally
determines in the
/etc/hosts or in the DNS database what names
are associated with each IP address.
One further point of clarification should be noted. The
file and the DNS records do not provide the NetBIOS name information
that MS Windows clients depend on to locate the type of service that may
be needed. An example of this is what happens when an MS Windows client
wants to locate a domain logon server. It finds this service and the IP
address of a server that provides it by performing a lookup (via a
NetBIOS broadcast) for enumeration of all machines that have
registered the name type *<1C>. A logon request is then sent to each
IP address that is returned in the enumerated list of IP addresses.
Whichever machine first replies, it then ends up providing the logon services.
The name “workgroup” or “domain” really can be confusing, since these
have the added significance of indicating what is the security
architecture of the MS Windows network. The term “workgroup” indicates
that the primary nature of the network environment is that of a
peer-to-peer design. In a workgroup, all machines are responsible for
their own security, and generally such security is limited to the use of
just a password (known as share-level security). In most situations
with peer-to-peer networking, the users who control their own machines
will simply opt to have no security at all. It is possible to have
user-level security in a workgroup environment, thus requiring the use
of a username and a matching password.
MS Windows networking is thus predetermined to use machine names
for all local and remote machine message passing. The protocol used is
called Server Message Block (SMB), and this is implemented using
the NetBIOS protocol (Network Basic Input/Output System). NetBIOS can
be encapsulated using LLC (Logical Link Control) protocol in which case
the resulting protocol is called NetBEUI (Network Basic Extended User
Interface). NetBIOS can also be run over IPX (Internetworking Packet
Exchange) protocol as used by Novell NetWare, and it can be run
over TCP/IP protocols in which case the resulting protocol is called
NBT or NetBT, the NetBIOS over TCP/IP.
MS Windows machines use a complex array of name resolution mechanisms.
Since we are primarily concerned with TCP/IP, this demonstration is
limited to this area.