1.1.3 NetBIOS Programming Fundamentals (1)

1.1.3 NetBIOS Programming Fundamentals (1)

NetBIOS is the basic input/output system for the network, is an application interface for the exchange between source and destination, that is, the ability to support computer applications and devices to communicate with the various have a clear and simple communication protocol, you must use a special sequence of commands to call NetBIOS.

In the reference hierarchy model, NetBIOS is between the presentation layer and the session layer and is the upper level of the reference model. Therefore, the application of its interface program is largely (and essentially) isolated from the lower level of the various activities. It supports the Logic Link Control Protocol of IEEE 802.2. NetBIOS is now rapidly becoming a widely used communication platform in different operating system environments, including PC DOS, OS/2, UNIX, and Windows.

1. Process

NetBIOS provides the process of establishing session services as follows.

(1) Establishing a session

This process is similar to the connection establishment process in C/S mode, which is not discussed here. It is important to note that the client side of NetBIOS is calling the other party instead of Connect.

(2) Transfer of data

Because the NetBIOS session service is implemented in the form of a duplex stream, both sides (or parties) of the session can send or receive data at the same time, regardless of the other's state.

NetBIOS command send supports two modes, one is send, its data block length is 64KB, and is in contiguous memory space, the other is the chain send command. As the name implies, it sends data in multiple buffers (two), so the command can transmit 64KBX2 data at the maximum. The corresponding NetBIOS receive command has the following 3 types.

Receive: It receives data as a handle to the session number that was obtained when the session was established to uniquely identify the other person.

Receive any: This command can obtain data from multiple sessions established by a name.

Receive Any-any: It can receive any data from any session.

(3) Terminate session

When a session party issues a hang-up command, it can terminate the conversation and release the appropriate resources.

2. NetBIOS command

NetBIOS, as an interface, has many interfaces that implement certain functions. The most commonly used NetBIOS commands are shown in table 1-3.

Table 1-3 NetBIOS Command list

Class	Life Order	Command code		Function description
		Wait	No wait
Name Management	Add Name Add Group name Delete Name	30h 36h 31h	b0h b6h b1h	Add Local only Add Local group name Delete local name
Data Reporting Services	Send Datagram Send broadcast Receive datagram Receive broadcast	20h 22h 21h 23h	a0h a2h a2h A3h	Send Datagrams Send a Broadcast datagram Receiving datagrams Receive broadcast datagrams
Session Services	Pager Listen Send Chain Send Send No-ack Chain Send No-ack Receive Receive any Hang Up	10h 14h 17h 71h 72h 15h 16h 12h	90h 94h 97h f1h F2H 95h 96h 92h	Call Setup Session Listening to establish a session Send data by session number Send double buffered data by session number Send data by session number, do not answer Send double buffered data, do not answer Receive data by session number Receive data from any session number Remove current session
General Command	Repeat Adapter Status Session Status Cancel Unlink	32h 33h 34h 55. 70h	B3h b4h	Initializing the network adapter Read network adapter Status Read current session state by name Undo a NetBIOS command Disconnecting remote connections

1.1.3 NetBIOS Programming Fundamentals (2)

3. NetBIOS name resolution

Because NetBIOS is an independent development of TCP/IP, although it can use TCP/IP as the transport protocol, but because of the conceptual difference, it does not take advantage of the full capabilities of TCP/IP, but instead uses its own way to do similar work. The biggest difference is in the name resolution method. NetBIOS has its own independent name resolution concept and ability, so it uses the name resolution method--dns different from the standard parsing mode in TCP/IP. After the corresponding IP address must be obtained by NetBIOS name resolution, the NetBIOS session can be established on the basis of a normal TCP connection. So in NetBIOS, name resolution is the biggest difference between a NetBIOS session and a normal TCP connection.

The biggest difference between NetBIOS name resolution and DNS name resolution is that NetBIOS is dynamic, and the computer needs to register its name first before it can be resolved to that name. Dynamic parsing, while great convenience, is complex and inefficient, so it can only be used in small-scale LANs.

Each NetBIOS name can be up to 16 characters, and the 16th character is used to identify the type of program to use when entering a name. When a NetBIOS computer communicates, it must be based on the NetBIOS name, not the IP address. A NetBIOS Service program must first register its NetBIOS name, while an application needs to query for the NetBIOS name required. For example, each Windows computer initializes the network when it is started, using the configured computer name to initialize the NetBIOS name it uses.

(1) NetBIOS name parsing method

Finding the appropriate node address from the NetBIOS name (IP address in the TCP/IP protocol) has several different ways to find it.

Local broadcast: Sends a broadcast on the local network to find its corresponding IP address by broadcasting the NetBIOS name of a device. Broadcasts can also be used to register their NetBIOS name, for example, a computer can announce its own use of this NetBIOS name to other computers by broadcasting the name of the machine.

Buffering: Each NetBIOS-enabled computer maintains a list of NetBIOS names and corresponding IP addresses that have a certain lifetime so that they can be updated in a timely manner.

NetBIOS name server: Use a name server to provide resolution tasks between name and IP, this NetBIOS name server is known as NBNS (NetBIOS name server), and Microsoft implements the NBNS name server for wins ( Windows Internet Name Service). The NetBIOS computer first registers its NetBIOS name with NBNS and completes the name registration process.

Predefined files Lmhosts:microsoft windows can identify the NetBIOS name and IP relationship on the network by locating the data stored in the local file Lmhosts, which is not the standard for NetBIOS name recognition. But it is the way Microsoft is implemented and therefore a fact standard.

Parsing through DNS and hosts files: The data stored in the DNS server and the local hosts file is used in the standard TCP/IP protocol for conversion between names and IPs, but when the corresponding node addresses are not found in other ways, Microsoft Windows typically also converts names and IPs through the standard TCP/IP name resolution method. Also this is not a NetBIOS standard, but a Microsoft extension.

From the above 5 types of NetBIOS recognition methods, and the different name registration methods, different combinations can be realized, thus constituting different name recognition strategies. In the NetBIOS standard, a pattern that uses a different name recognition policy is called a different NetBIOS node type.

B-node: Registering and identifying NetBIOS names by means of broadcasting. For the net BIOS on the IP protocol, it is necessary to broadcast based on UDP, which works well on small networks, but when the network grows, it is used by routers to divide large networks into several small nets. In general, routers do not forward broadcast data, and broadcast packets are sent only to the local network. Although routers can be configured for B-node broadcast forwarding, this will result in a large amount of useless network data being generated by UDP broadcasts, and the difficulty of registering and parsing names is increased. Therefore, for larger networks, this approach is undesirable.

P-node (Peer-to-peer): The equivalence mode can provide a very effective method for identifying names, it uses the NetBIOS name server for name registration and name recognition. Therefore, for each NetBIOS computer, you must specify the same IP address for the NBNS server. In this way, if the NBNS server is down or changes settings (such as IP address, etc.), the name resolution cannot be completed and NetBIOS communication cannot be made. Of course NetBIOS computers can be configured to use more than one NBNS server to use a backed up server in one of the problems when they occur.

M-node (Mixed): In order to correctly parse NetBIOS names, it is best to use the broadcast and name servers in a comprehensive way, so that name recognition is a composite process. M-node first through the B-node broadcast method for the name recognition process, when the broadcast mode fails, then use P-node method to query.

H-node (Hybrid): H-node mode is also a composite pattern, which differs from M-node in the order in which it is found. H-node first find the NBNS name server and then use the broadcast method to query.

The name recognition method that is actually used in Windows is an extension of the standard H-node way, and the Windows family of computers will first check the contents of the cache, then view the WINS server, then broadcast, and then locate the Lmhosts file. and lookup through hosts and DNS. Actual NetBIOS recognition is a complex process, mainly because NetBIOS is a dynamic name resolution method, and each computer must register itself.

(2) The process of NetBIOS name recognition

Unlike DNS, NetBIOS names are managed in a dynamic manner. DNS data is static, and adding and removing DNS names requires the administrator to manually change the configuration file. However, NetBIOS requires the computer to automatically register its name on the network, and the name that is occupied after the computer is down is freed, and the process does not require administrator intervention. Because it requires additional network data to complete the process of name registration, it makes it unsuitable for large networks such as the Internet.

NetBIOS name recognition takes the following 3 steps.

① Name registration: When NetBIOS starts, the computer uses a NetBIOS name for the entire network statement, and if another computer already occupies the name, the computer receives an error message. Registration is accomplished by declaring information to a network broadcast or registering with a NetBIOS name server.

② name resolution: Resolves a NetBIOS name by broadcasting or querying the NetBIOS name server. You can also resolve names by Lmhosts files and DNS assistance.

1.1.3 NetBIOS Programming Fundamentals (3)

③ name deletion: When the system shuts down or the provided workstation service finishes, it deletes the NetBIOS name it occupies.

By using NetBIOS names and shared directory names, you can locate resources on Windows computers. Microsoft uses a UNC form to determine the location of a network resource, starting with a double backslash, followed by the NetBIOS name of the resource computer, followed by the share name that provides the resource on that computer, followed by the following directory and file name. such as \\ntserver\share\files.

So the command format for using a resource is as follows:

1. \ c> net use f: \\ntserver\share
2. \ c> F:
3. F:\>

(3) How the name server works

Because B-node broadcast will generate a large amount of information flow on the network, especially when the network is composed of multiple subnets, and the use of routers is to isolate the broadcast information, but in order to name resolution, you have to forward the B-node broadcast packets, which does not reduce the useless network traffic purposes.

Using the name server to resolve the problem can be avoided, the customer through the name of the server query rather than broadcast, the information flow does not have to propagate to each subnet, can reduce broadcast data, reduce the burden of the network, save bandwidth, and can effectively improve the speed and accuracy of name resolution.

The actual Windows network even rarely use the name server for name resolution, which makes these network name resolution has a big problem, often appear different computer network neighbor list is different, the root cause is that the broadcast mode is not guaranteed, must turn to the name server way to solve the name resolution problem.

When the normal NetBIOS computer and the NBNS server communicate, there are 4 different communication processes.

Name registration: When each NetBIOS computer starts, it is registered on the name server. This keeps the database updated automatically and has the feature of dynamic update. The name server will return a confirmation message, along with the lifetime TTL of the name. If the customer's requested name is already occupied, the server queries whether the customer occupying the name is still on the network to determine if the name can be used again. This occurs mainly in the process of re-enlistment after the Windows computer freezes, because at this time, before the computer crashes, it registers the name in the name of the server still exists, if the name server simply refused to provide a name, then the computer will not be able to obtain their own name. A customer's name registration will fail only in the event of a real conflict.

Name update: Due to the existence of a lifetime TTL for each name, the customer updates the server with a request to refresh the TTL setting on the server when it goes through the TTL.

Name release: When a customer shuts down with the server to release the NetBIOS name it occupies, its name TTL timeout also causes the server to release the name.

Name recognition: Customers can send query name requests to the NBNS server for name resolution.

In some cases, the customer is not set up to support the name server, or the use of the client software does not support the name server for resolution, you can set up a WINS proxy, it can be converted between broadcast data and query name server, it helps customers register and respond to customer's broadcast query.

4. What is NetBEUI

NetBEUI is a reinforced version of the NetBIOS protocol used by the network operating system. It standardizes transfer frames that are not normalized in NetBIOS and adds additional functionality. Transport-layer drives are often used by Microsoft LAN Manager (Microsoft LAN Administrator).

NetBEUI implements the OSI LLC2 protocol. NetBEUI is the original PC network protocol and an interface designed by IBM for the LanManager (LAN Manager) server. This agreement is later adopted by Microsoft as a standard for their network products. It specifies the method by which high-level software sends and receives information through the NetBIOS frame protocol. This agreement is run on the standard 802.2 Data Link protocol layer.

5. NetBIOS Range

The NetBIOS Range ID provides additional naming services for NetBIOS built on TCP/IP (called NBT) modules. The primary purpose of the NetBIOS scope ID is to isolate NetBIOS traffic on a single network and those nodes that have the same NetBIOS range ID. The NetBIOS range ID is a string attached to the NetBIOS name. The NetBIOS range IDs on two hosts must match, or the two hosts cannot communicate. The NetBIOS Scope ID allows the computer to use the same computer name, with different range IDs. The scope ID is part of the NetBIOS name and makes the name unique.

6. NetBIOS control block

The NetBIOS control block (NCB) is a programming structure that is used by all NetBIOS applications to access the NetBIOS service, and is the only one. Device drivers also use a similar structure. The definition structure of the NetBIOS control block is as follows:

1. typedef struct _NCB {
2. BYTE Ncb_command;
3. BYTE Ncb_retcode;
4. BYTE Ncb_lsn;
5. BYTE Ncb_num;
6. DWORD Ncb_buffer;
7. WORD ncb_length;
8. BYTE ncb_callname[16];
9. BYTE ncb_name[16];
10. BYTE Ncb_rto;
11. BYTE Ncb_sto;
12. BYTE Ncb_post;
13. BYTE Ncb_lana_num;
14. BYTE ncb_cmd_cplt;
15. BYTE ncb_reserved[14];
16. } NCB, *PNCB;

1.1.3 NetBIOS Programming Fundamentals (1)