On Mon, Apr 17, 2017 at 4:23 PM, Adam Van Ymeren adam.vany@gmail.com wrote:
Interesting. Any chance you can link to some documentation about the network neighbourhood protocol? Or outline what about it made it so resilient? Thanks!
the first thing is: it was documented as rfc1001 / rfc1002.which is an extension of NETBEUI (a layer 2 protocol) on top of TCP/IP. if memory serves correctly this was done by IBM.
SMB was dropped *on top* of NBT, as a registered service. there are actually several registered services, some equivalent to TCP and some to UDP.
one of the things that was missing from rfc1001 / 1002 was "please give me a full list of participants in a particular group". so microsoft ended up adding an RPC function (on top of LANMAN, which was on top of NamedPipes, which are on top of SMB which are on top of NBT which are on top of TCP) whereby any participant in the network neighbourhood can obtain a full list of participants in a group name registration. typically this would involve contacting the Primary Domain Controller to ask for a list of members of a "workgroup".
so that's some of the background.
specific features which make the network neighbourhood robust:
* the use of a central WINS server, similar to a DNS server. this allowed for cross-subnet / cross-network spanning *without* requiring UDP broadcasting to be enabled across subnets (which many networks DID enable... causing mayhem in the process. the correct use of a WINS server removed the need to screw with your network)
* the "name conflict" concept. if two parties try to register the same name, they are REQUIRED to publish a "Name Conflict detected" message, with associated user notification popups.
* scopes. this is equivalent to dns "zones" (and actually *uses* the DNS "zone" field) and allows for isolation of networks of names even on the same subnets. unfortunately microsoft fucked up and FAILED to respect scope.... rendering the feature totally useless.
lastly it's worth noting that the network neighbourhood is so comprehensive and complex that *every* single organisation that has ever attempted to implement it has taken at least THREE YEARS to get their implementation correct and bug-free.
l.