IP Address

[Guest]

Hi All
Can someone plz explain how a pc finds its own IP address. When I want to
connect to a site on the web does the connection go through my ISP first,
then redirected to the web site I want. If not plz plz explain.... How does
the loopback work? I received a alert from NIS '04' inbound UDP packet. Local
address,service is (255.255.255.255,bootps(67)) Remote address,service is
(JDCS(192.168.1.9),bootpc(68)) Process name N/A. I am not sure whether to
allow or block the connection,what do you suggest. Does it have something to
do with the PC finding it's own IP address. EG: bootstrap protocol.


Cheers

 

[Guest]

Everyone connected to the Internet has an IP or Internet Protocol
address. It's a set of numbers separated by dots. Something like 192.168.1.1
and is the Internet equivalent of a phone number.
Each segment of the IP number can have a value as high as 255 and as low
as 0.
Essentially an IP address is a unique identifier that is used to route
information from the Internet to the requesting machine.
Your computer's IP address will never be the same as someone else. There
is one exception to this rule. If your computer is on a network behind a
corporate firewall - that's a computer between a network and the Internet -
then you could have an IP address unique to your network, but not to all
networks.
Just as your phone extension on a company phone list could be the same
as someone else's at another company. Of course it wouldn't conflict because
your phone extension is unique to your company.
Your local IP address could be one of these "inside" IPs.
If you connect to the web directly, finding your IP should be easy.
If you have a cable modem you have an IP address that never changes. If you
are connected via a DSL connection your IP will change each time you drop a
connection or reboot.

If you connect via a modem the Internet Service Provider you use
automatically assigns a different IP number each time you connect.
In Windows 95 and 98, the best way to find you current IP address is to run
winipcfg.exe. Go to START then Run then type winipcfg in the "open" box and
click "ok".

In the pulldown box select your network card and click "More Info>>" the
IP address assigned to your computer will appear in the
IP Address box.

In Windows XP or 2000, click run and then "cmd" and then OK. A black
box will open. At the prompt (C:> or something like it) type "ipconfig" and
hit the enter key. This will show you your computer's IP address for each
network device (such as an ethernet card and wireless card, or modem) as well
as other settings if you are connected to a network. In thevent that you are
connected to a network, the IP address will be the internal address on your
network. Likely something like 192.168.x.x.

This isn't the IP address used to identify you on the Internet (think
of it as a telephone extension number). To get the IP address that IDs you on
the Internet click here.

On a Mac, select the Control Panel TCP/IP, here you will find all the
information you need. Sometimes, it doesn't show the IP Address. It will
something like "Get Address from Server". If this happens, you can use a
program like GetMyAddress which will display IP information. Get that program
here: http://cmgm.stanford.edu/help/manual/network/other/IP_Address.html

hope that explained it a little.

 

[Guest]

Thanx that was a great help. One more ? What does the Default gateway and
Subnet mean

 

[joeu2004]

What does the Default gateway and Subnet mean

If you consider the 4 octets of an IP address as a single
32-bit number, the IP address can be divided into two
parts: a subnetwork number and a host number. This is
somewhat analogous to an area code and local part of a
telephone number.

Without any other help, a system can only communicate with
other systems in the same subnet. (A system can also always
communicate with 127.0.0.1, the loopback address, which is
another way to address itself.)

If a default gateway is defined, the system can communicate
with systems in other subnets by forwarding packets to the
gateway. The gateway might know how to reach the other
subnets, which might require forwarding the packet to yet
another gateway, and so on.

(That is somewhat simplified. But it probably suffices for
your purposes.)

What part of a 32-bit IP address is the subnetwork number?

That is determined by the subnet mask. The subnet mask is
written in the same dot-notation form as an IP address,
representing 4 octets (8-bit values). But it represents a
contiguous sequence of 1's which are used as a bit mask,
which is AND'd with an IP address to determine the subnet
number. For example, if the subnet mask is 255.255.240.0
and the local IP address is 67.174.223.3, the subnet number
is 67.174.208.0.

You might be able to see the cascading of gateways by
opening a cmd window (click Start -> Run and type "cmd")
and executing the command `tracert google.com`.

Caveat: The tracert output might fail prematurely if
you are sitting behind a corporate firewall that limits
inbound traffic in a certain way. If you are nonetheless
able to access google.com in a browser, it is because
your network administrator has set up a web proxy server,
a special gateway that sits at the edge of your corporate
network and that is not impeded by the firewall.

 

[joeu2004]

What does the Default gateway and Subnet mean

[....]
If a default gateway is defined, the system can communicate
with systems in other subnets by forwarding packets to the
gateway. The gateway might know how to reach the other
subnets, which might require forwarding the packet to yet
another gateway, and so on.

(That is somewhat simplified. But it probably suffices for
your purposes.)

As I said, that was intended to be a simplified explanation.
But two questions might arise immediately.

First, what is a gateway?

A gateway is a system that runs software specifically
designed to do this forwarding operation. In the case of
IP forwarding, usually the gateway is called a router.

Second, what if the "default gateway" IP address is your
own system's IP address?

It means that your system tries to send all packets over
its directly-connected network connection, even if the
packet is being sent to another subnet.

This will work only if there is a gateway on your subnet
that is willing to act as "proxy" for other subnet. It
works exactly as I described earlier, except that your
system is not aware of the existence of the gateway. The
packets are forwarded to other subnets through the "proxy"
gateway.

 

[joeu2004]

I did not see your original question.

Can someone plz explain how a pc finds its own IP address.....

That will depend on how you connect to your ISP.
Typically, DHCP is used to request an IP address
from your ISP. That is, your IP address is assigned
dynamically. You might be assigned the same IP
address each time you start your system, if you
do that often enough.

In some circumstances, the IP address will be
assigned and configured statically. That is,
your ISP determines your IP adress one time, and
it is becomes part of your system's TCP/IP
configuration.

DHCP is a network protocol -- a method by which
your system's DHCP client communicates with a
DHCP server that is typically running on another
system.

When I want to connect to a site on the web does the connection
go through my ISP first, then redirected to the web site I want.

That depends on a number of factors, including ISP
network design and whether or not you rely on a web
proxy server. Go to http://whatismyipaddress.net .
Compare the IP address it shows with the IP address
that you see when execute the command "ipconfig" in
the window that you open with Start -> Run -> "cmd".

How does the loopback work?

I am not exactly sure what you are asking. From your
following question, I wonder if you mean: what does
NIS mean by the term "loopback"?

To be honest, I am not sure. Strictly speaking, the
"loopback IP address" is 127.0.0.1. It is a way for
your system to address itself without known its own
IP address (or before one is assigned).

However, IP also "loop back" packets that are
addressed to a local IP address. I usually include
such packets when I speak of "loopback". I don't
know if NIS counts them as "loopback".

"Loopback" packets do not appear on the wire.
127.0.0.1 packets are always looped back within IP.
Usually the same is true for self-addressed packets.

(For testing purposes, a config option might allow
self-addressed packets to be looped back within the
driver.)

(Rarely and also for testing purposes, there are
hacks that allow self-addressed packets to go out
on the wire. You should never encounter this
situation, since it requires a special topology
to be useful.)

I received a alert from NIS '04' inbound UDP packet.
Local address,service is (255.255.255.255,bootps(67))
Remote address,service is (JDCS(192.168.1.9),bootpc(68))
Process name N/A. I am not sure whether to allow or
block the connection,what do you suggest.

I do not block them, unless my IP address is
configured statically.

But I say that with some uncertainty. See below.

Does it have
something to do with the PC finding it's own IP address.

Perhaps. DHCP is a superset of BOOTP, an earlier
network protocol for a system to use to discover
its own IP address (and more). DHCP uses the same
port numbers and op codes. So the "BOOTP" packets
that NIS would block might be your DHCP packets
and responses from a legitimate DHCP server.

So blocking "BOOTP" theoretically could prevent
your system from getting an IP address and functioning
on the internet.

But this is where my uncertainty lies.

First, DHCP packets are distinguishable from
"non-DHCP" BOOTP packets. So it is possible that
NIS only blocks the "non-DHCP" BOOTP packets. If
that is the case, there should be no harm in blocking
"BOOTP" packets.

(I like to block every protocol that I have no use
for because I am not smart enough to know if and
how a hacker could exploit it for malicious purposes.)

Second, I experimented with blocking inbound and
outbound "BOOTP" packets in NIS. My system networking
still functioned normally after I restarted it,
acquiring its IP address dynamically from both
dial-up (AOL) and cable networks. (I believe DSL
would behave equally well.)

Ostensibly, that would seem to confirm that NIS
only blocks "non-DHCP" BOOTP packets, and there is
no harm in blocking them.

However, I confess that I am not familiar with all
the details of Win XP. It is possible that the
system relied on stored IP information, since the
DHCP lease time had not expired. Thus, it is
possible that networking would stop working later,
when the lease expires, when I block "BOOTP" in NIS.

Historical note: BOOTP was originally designed
for bootstrapping diskless systems. It was not
intended to dynamically assign IP addresses. It
was simply a way to build cheaper hardware, depending
on one expensive system to provide disk storage.
So I would not expect a PC to depend on "non-DHCP"
BOOTP for IP address discovery. I would expect it
to use the DHCP extensions.

On the other hand, when I configure NIS to block
"BOOTP" messages, the NIS statistics do show that
the system sends some "BOOTP" messages outbound.
Moreover, the AOL 9.0 client sends two BOOTP
messages outbound when it starts up, in both "home"
dial-up) and "home network" modes.

A trace of network activity would dispose of my
uncertainty. I don't have time to do that right
now.

Bottom line: I play it "safe" and do not block
"BOOTP" messages in NIS.

 

[Guest]

Hi Joe
I checked the ipconfig you mentioned, the result was the same IP [my]
address & the same Subnet as the alert from NIS. You suggested not to block
them unless my IP addy is configured statically. I have a constant connection
to the net and I have an ADSL broadband connection. I have blocked that
connection can I reconfigure it or should I wait until it tries to connect
again and then allow the connection.

Cheers
indiana

 

[joeu2004]

You suggested not to block them unless my IP addy is configured
statically. I have a constant connection to the net and I have an
ADSL broadband connection.

"Constant connection" is not what I meant by "statically
configured".

To determine whether you have a "statically configured"
or "dynamically assigned" IP address, the following
procedure will work, whether or not your network is
connected.

Click Start / Settings / Network Connections, double-click
Local Area Connection, click Properties, scroll until you
see Internet Protocol (TCP/IP), click Internet Protocol,
click Properties.

You will see two radio buttons. If "Obtain an IP address
automatically" is selected, you depend on DHCP for a
dynamically-assigned IP address. If "Use the following
IP address" is selected, you have a statically-configured
IP address, and you do not rely on DHCP.

I have blocked that connection can I reconfigure it or
should I wait until it tries to connect again and then
allow the connection.

If you selected "block always", you will not know if the
system "tries to connect again". (It is not really
"connecting". It is discovering its IP address.)

If you have a dynamically-assigned IP address, do __not__
block "BOOTP" messages (incoming, outgoing).

By tracing packets, I have determined that when we block
"BOOTP" (really DHCP) messages in that case, the system
does __not__ succeed in sending any DHCP requests.

(I was wrong earlier.)

In my case, the system apparently eventually "learned"
its IP configuration. But not from any network
transactions that I could see. And it took longer.

I suspect the system simply used a previously-stored IP
configuration. I assume that might fail later, if the
DHCP "lease" expires (the time limit on the validity of
a previously-assigned IP address).

To reiterate: do __not__ block "BOOTP" messages if you
have a dynamically-configured IP address ("Obtain an IP
address automatically").