I did not see your original question.
indiana said:
Can someone plz explain how a pc finds its own IP address.....
That will depend on how you connect to your ISP.
Typically, DHCP is used to request an IP address
from your ISP. That is, your IP address is assigned
dynamically. You might be assigned the same IP
address each time you start your system, if you
do that often enough.
In some circumstances, the IP address will be
assigned and configured statically. That is,
your ISP determines your IP adress one time, and
it is becomes part of your system's TCP/IP
configuration.
DHCP is a network protocol -- a method by which
your system's DHCP client communicates with a
DHCP server that is typically running on another
system.
When I want to connect to a site on the web does the connection
go through my ISP first, then redirected to the web site I want.
That depends on a number of factors, including ISP
network design and whether or not you rely on a web
proxy server. Go to
http://whatismyipaddress.net .
Compare the IP address it shows with the IP address
that you see when execute the command "ipconfig" in
the window that you open with Start -> Run -> "cmd".
How does the loopback work?
I am not exactly sure what you are asking. From your
following question, I wonder if you mean: what does
NIS mean by the term "loopback"?
To be honest, I am not sure. Strictly speaking, the
"loopback IP address" is 127.0.0.1. It is a way for
your system to address itself without known its own
IP address (or before one is assigned).
However, IP also "loop back" packets that are
addressed to a local IP address. I usually include
such packets when I speak of "loopback". I don't
know if NIS counts them as "loopback".
"Loopback" packets do not appear on the wire.
127.0.0.1 packets are always looped back within IP.
Usually the same is true for self-addressed packets.
(For testing purposes, a config option might allow
self-addressed packets to be looped back within the
driver.)
(Rarely and also for testing purposes, there are
hacks that allow self-addressed packets to go out
on the wire. You should never encounter this
situation, since it requires a special topology
to be useful.)
I received a alert from NIS '04' inbound UDP packet.
Local address,service is (255.255.255.255,bootps(67))
Remote address,service is (JDCS(192.168.1.9),bootpc(68))
Process name N/A. I am not sure whether to allow or
block the connection,what do you suggest.
I do not block them, unless my IP address is
configured statically.
But I say that with some uncertainty. See below.
Does it have
something to do with the PC finding it's own IP address.
Perhaps. DHCP is a superset of BOOTP, an earlier
network protocol for a system to use to discover
its own IP address (and more). DHCP uses the same
port numbers and op codes. So the "BOOTP" packets
that NIS would block might be your DHCP packets
and responses from a legitimate DHCP server.
So blocking "BOOTP" theoretically could prevent
your system from getting an IP address and functioning
on the internet.
But this is where my uncertainty lies.
First, DHCP packets are distinguishable from
"non-DHCP" BOOTP packets. So it is possible that
NIS only blocks the "non-DHCP" BOOTP packets. If
that is the case, there should be no harm in blocking
"BOOTP" packets.
(I like to block every protocol that I have no use
for because I am not smart enough to know if and
how a hacker could exploit it for malicious purposes.)
Second, I experimented with blocking inbound and
outbound "BOOTP" packets in NIS. My system networking
still functioned normally after I restarted it,
acquiring its IP address dynamically from both
dial-up (AOL) and cable networks. (I believe DSL
would behave equally well.)
Ostensibly, that would seem to confirm that NIS
only blocks "non-DHCP" BOOTP packets, and there is
no harm in blocking them.
However, I confess that I am not familiar with all
the details of Win XP. It is possible that the
system relied on stored IP information, since the
DHCP lease time had not expired. Thus, it is
possible that networking would stop working later,
when the lease expires, when I block "BOOTP" in NIS.
Historical note: BOOTP was originally designed
for bootstrapping diskless systems. It was not
intended to dynamically assign IP addresses. It
was simply a way to build cheaper hardware, depending
on one expensive system to provide disk storage.
So I would not expect a PC to depend on "non-DHCP"
BOOTP for IP address discovery. I would expect it
to use the DHCP extensions.
On the other hand, when I configure NIS to block
"BOOTP" messages, the NIS statistics do show that
the system sends some "BOOTP" messages outbound.
Moreover, the AOL 9.0 client sends two BOOTP
messages outbound when it starts up, in both "home"
dial-up) and "home network" modes.
A trace of network activity would dispose of my
uncertainty. I don't have time to do that right
now.
Bottom line: I play it "safe" and do not block
"BOOTP" messages in NIS.