Windows Server Troubleshooting - Protocols

Click here to start saving with ING DIRECT!

Home | Up | Methodology | Architecture | Tools | Memory | Processor | Registry | File System | Active Directory | Contents

Get the Book

Major Topics
Methodology
Architecture
Tools
Memory
Processor
Registry
File System
Network
Active Directory
Contents
Other Topics
Counters
Browser
Bindings
Network Monitor
Commands
Name Resolution
Ethernet
Protocols
More Detail
Routing

eXpert Genealogy

Memory from Crucial.com


2003-2006 Team Approach Limited
All rights reserved


Protocol Compatibility

For clients and servers to communicate, they need a common protocol. Most networks today used TCP/IP, so there is no problem. There is a problem if clients and servers do not have a common protocol.


        NetBEUI      TCP/IP

To support different client types a server can support multiple protocols as shown below. To connect to different server types a client can support multiple protocols.

                       
         NetBEUI     TCP/IP                                      NetBEUI      TCP/IP

Encapsulation

Each protocol has a packet header with fields to provide whatever functionality is required for that protocol. The highest layer protocol has application data as in the example of a HTTP packet sending a web page. Lower layer protocols have the higher layer packet as data. Each protocol layer encapsulates the higher layer packet until they are put into an Ethernet frame which can be sent on the cable as a bit stream.

Ethernet header
IP header
TCP header
HTTP header Web page

TCP/IP

TCP/IP is a suite of protocols. Some of the component protocols are shown in the following diagram.

FTP File Transfer Protocol HTTP Hypertext Transfer Protocol SMTP Simple Mail Transfer Protocol TFTP Trivial File Transfer Protocol SNMP Simple Network Management Protocol
TCP Transmission Control Protocol UDP User Datagram Protocol
IP Internet Protocol - ARP Address Resolution Protocol
                           - ICMP Internet Control Protocol
Physical and Data Link Layer

TCP is a connection oriented protocol that establishes a virtual circuit before it sends data. It is designed to ensure that we have a connection to the destination before we send data just as you do with a telephone conversation. When large amounts of data are exchanged, TCP is normally used. TCP uses sequence numbers and acknowledgements to ensure that no data is lost.

                                                       
TCP establishes a virtual circuit connection whereas UDP sends connectionless datagrams

UDP is a  connectionless protocol that provides a datagram service. Data is sent and no acknowledgement is required. It provides a best-effort service and does not retransmit lost data. It is used for sending small amounts of data and broadcasts where loss of data is not a serious problem. It is like sending junk mail, where if the junk mail is lost, you will be sent another message in the near future.

TCP Window Size

Traditionally network protocols exchanged information and acknowledgements in a pin-pong fashion. Although the data get through, delays accumulate and performance is poor. TCP supports the transfer of more than one packet for each acknowledgement through a process known as a sliding window. The bigger the window size the fewer acknowledgements are sent. If the window is too large, there will be too much unnecessary traffic after a server failure. In general, a smaller widow size is appropriate for slow WAN Wide-Area Networks, and a larger windows size should be used for high speed LANs.

To optimize the TCP Windows Size, use Network Monitor to observe typical network traffic. If the number of replies fills the TCP windows, then your performance is limited by the TCP window size and it should be increase. If the number of replies is less then the TCP windows size, then increasing the size will have no benefit.

The TCP windows size is set in the registry key
        HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize
The maximum Ethernet segment size, excluding header overhead, is 1460 bytes. The default value for Windows NT is 8KB.

Ping-pong protocol       TCP Sliding Window  
request
reply
request
reply
request
reply
  request
reply
request
reply
request
reply

 

Protocol Identification

Software sorts out protocol packets by checking encoded fields. The EtherType field indicates which protocol is encapsulated within the Ethernet data field. EtherType=0800 indicates IP and EtherType=0806 indicates ARP. Similarly the protocol field in IP indicates which transport protocol is used, e.g. TCP or UDP. TCP and UDP have port numbers which are used to identify application services. The following diagram shows shows how packets are encoded on the server and decoded on a client.

FTP
 
HTTP
 
TFTP
 
SNMP
 
FTP
 
HTTP
 
TFTP
 
SNMP

Port=20m

iPort=80 iPort=69 lPort=161  

Port=20j

hPort=80 hPort=69 kPort=161
 
TCP
 
UDP
     
TCP
 
UDP
 
  Protocol=6m iProtocol=17       Protocol=6j hProtocol=17  

ARP
 
IP
     
ARP
 
IP
iType=806 iType=800       hType=806 hType=800
Ethernet
     
Ethernet
LAN