I. PROTOCOL ANALYSIS: A LOOK AT THE PLAYERS.
1. Basic Network Models. The OSI Model.Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer. The IEEE 802 Project. Enhancements Made to the OSI Model. Logical Link Control Layer (LLC). Media Access Control Layer (MAC). A Look at How Data Makes it Onto the Wire. The Packet Creation Process. Ethernet Communication Specifics. What Is the Role of Protocols in All This? Protocol Stack. A Layered Approach. So How Do I Tie All This Together? Application Protocols. Transport Protocols. Network Protocols. Connection-Oriented Network Service. Connectionless Network Service. Data Link Layer Addresses. Network Layer Addresses. Data Encapsulation. IP over LAN Technologies. Flow Control. Internetworking Functions of the OSI Network Layer. WAN Services. Chapter Review. In the Next Chapter.
2. The TCP/IP Protocol Suite. Transmission Control Protocol. A Look at the TCP Header. A Look at the Three-Way Handshake. The TCP Quiet Time Concept. Half-Open Connections and Other Anomalies. Reset Generation. Reset Processing. Scenario 1: Local User Initiates the Close. Scenario 2: TCP Receives a FIN from the Network. Scenario 3: Both Users Close Simultaneously. The Communication of Urgent Information. Managing the Window. User/TCP Interface. TCP User Commands. Send. Receive. Close. Status Abort. TCP/Lower-Level Interface. Events That Occur: User Calls. LISTEN STATE. SEND Call. Internet Protocol. The IP Header. Chapter Review. In the Next Chapter.
3. The SPX/IPX Protocol. SPX Protocol. SPX Header. IPX Protocol. Connectionless Protocol. Operates at the OSI Network Layer. Packet Structure. IPX Addressing. Network Number. Reserved Network Numbers. Internal Network Number. Node Number. Socket Number. How IPX Routing Works. Session and Datagram Interfaces. Message Header Structures. Chapter Review. In the Next Chapter.
4. Server Message Blocks. SMB Operation Overview. Server Name Determination. Server Name Resolution. Message Transport. Sample Message Flow. Dialect Negotiation. Connection Establishment. Backwards Compatibility. Session Setup. Connection Management. SMB Signing. Opportunistic Locks. Exclusive Oplocks. Batch Oplocks. Level II Oplocks. Security Model. Resource Share/Access Example. Authentication. Distributed File System (DFS) Support. SMB Header. TID Field. UID Field. PID Field. MID Field. Flags field. Flags2 Field. Status Field. Timeouts. Data Buffer (BUFFER) and String Formats. Access Mode Encoding. Open Function Encoding. Open Action Encoding. File Attribute Encoding. Extended File Attribute Encoding. Batching Requests ("AndX" Messages). Chapter Review. In the Next Chapter.
II. NETWORK TRAFFIC ANALYSIS AND OPTIMIZATION: A LOOK AT THE ISSUES
5. A LOOK AT CLIENT TRAFFIC. CLIENT INITIALIZATION DHCP traffic. WINS Client Traffic. Name Registration and Renewal. Logon Traffic. Finding a Logon Server. Netlogon Optimization. Browsing. Browser Host Announcements. Where Are the Backup Browsers? Browser Traffic Optimization. Chapter Review. In the Next Chapter.
6. A Look at Server Traffic. DNS Resolving an Address. Recursive Look-ups. Integration with WINS. DNS Optimization. BDC Initialization. Where Is the PDC? Updates to the Database. Optimizing Account Sync Traffic. NetLogon Service. Chapter Review. In the Next Chapter.
7. A Look at Application Traffic File and Print WINS Request 194Broadcast. ARP. Three-Way Handshake. NetBIOS Session. SMB Dialect Negotiation. Internet Browsing. Web Pages. Secure Sockets. Optimizing Intranet Browser Traffic. Chapter Review. In the Next Chapter.
8. Exchange and Internet Mail. Exchange Opening and Closing the Session. Exchange Server in Action. POP3 Protocol. Exchange Server to Server. Chapter Review. In the Next Chapter.
III. COMMON NETWORK MONITORS: A LOOK AT THE TOOLS.
9. Microsoft's Network Monitor Family. Network Monitor Making the Capture. Manually Capturing Traffic. Viewing the Capture. Saving the Capture. Filtering the Capture. Analyzing the Capture. Network Monitor Security. Password Protection. Network Monitor Installations: Detecting Others. Systems Management Server. Network Monitor. Additional Features. Connecting to Remote Agents. The Wizards. Configuring Triggers. Network Monitor 2.0. The Cool New Features. Things That Don't Work. Additional Security Features. Chapter Review. In the Next Chapter.
IV. TROUBLESHOOTING SCENARIOS: A LOOK AT COMMON PROBLEMS.
10. Troubleshooting Issues Workstation Cannot Logon Can We Ping the Server? Workstation Cannot Logon Can We Ping the Server? Now We Have a Case for a Laptop! Workstation Cannot Obtain DHCP Lease. Look at the Conversation. Analyze What Is Missing. Workstation Is Slow. Can You Define Slow? What Is the Source of Your Discontent? Logon Problems. I Am Trying to Authenticate, but Where? Strange Event Log Errors. A Method for Looking at Server Problems. Running Unattended. Excessive Broadcasts. Who Is Doing It? Why Are They Doing It? Chapter Review. In the Next Chapter.
11. Security Issues Rogue DHCP Servers.Have I Got an Address for You? Well, Where Are You? Unauthorized Sniffing. First, You Have to Find Them. Then You Give Their Sniffer a Sinus Problem! Chapter Review.
Appendix A: A List of Well-Known TCP and UDP Port Numbers Appendix B: Command Line Utilities Appendix C: Common NCPs Appendix D: Troubleshooting Common Network Errors. Runt/Long Frames. CRC or FCS Errors. Collisions. Late Collisions.
Appendix E: NetBIOS Suffixes. Appendix F: Domain Controller Startup. Appendix G: Opening a Web Page. Glossary. Index.