Internet Protocol

IP (Internet Protocol) address is a unique 32-bit number that is used to identify a device on a network. These addresses make it possible for devices to communicate with each other and with the internet. They are assigned automatically by a DHCP server or manually by an administrator.

On the internet, IP addresses are used the same way your street address is used by the postal service. The letter is the data packaged in an IP packet and the street number is your IP address which travels across the internet from the sender's IP address to the destination's address through a series of routers along the way.

The routers continuously forward packets to the next closest router along a path based on the destination address until the packets reach the destination.

Binary Numbers

When a host receives an IPv4 address, it examines all 32 bits as they are received by the network interface card (NIC). Humans, on the other hand, must transform those 32 bits into four-octet decimal equivalents. Each octet contains 8 bits, each of which has a value. The values in the four groups of eight bits are the same. The value of the rightmost bit in an octet is 1, and the remaining bits are 2, 4, 8, 16, 32, 64, and 128 in order from right to left.

As shown in the figure, you can determine the value of the octet by adding the values of positions wherever there is a binary 1 present:

If there is a 0 in a position, do not add the value.

If all 8 bits are 0s, 00000000 the value of the octet is 0.

If all 8 bits are 1s, 11111111 the value of the octet is 255 (128+64+32+16+8+4+2+1).

If the 8 bits are mixed, such as the example 00100111, the value of the octet is 39 (32+4+2+1).

So the value of each of the four octets can range from 0 to a maximum of 255

This binary game on cisco's learning network will help you. https://learningnetwork.cisco.com/s/binary-game

Types of IP versions

There are two types of IP versions

• IPv4
• IPv6

IPv4

IPv4 addresses are the first version to be widely used, it consists of four octets separated by decimal points. It is made up of 32 binary bits that, with the use of a subnet mask, can be divided into a network portion and a host portion. The 32 binary bits are divided into four octets (one octet equals eight bits). Each octet is decimalized and separated by a dot. For example 192.168.100.73

The first portion of the IP address is the Network portion, which denotes what network the address is a part of. The rest of the IP address denotes a specific host on that network. How much of the IP address is the Network portion depends on the class or CIDR (Classless inter-domain routing) mask in use.

Types of addresses

Unicast

Unicast communication is used in both client/server and peer-to-peer networks for conventional host-to-host communication. Unicast packets use the target device's address as the destination address and can be routed through internetwork. Also available in both IPv4 and IPv6

Broadcast

Using a broadcast address, broadcast packets are distributed to all hosts on the network. With a broadcast, the packet contains a destination IPv4 address with all ones (1s) in the host portion. The packet will be received and examined by all hosts on that local network (broadcast domain). Broadcasts are used by several network protocols, including DHCP.

When a host gets a packet addressed to the network broadcast address, it processes the packet as if it were addressed to its unicast address. Broadcasting can be directed or restricted. A directed broadcast is a message that is transmitted to all hosts on a given network. A limited broadcast is delivered to the address 255.255.255.255. Routers do not forward broadcasts by default.

Multicast

Multicast is a type of group communication in which data is sent to a group of destination computers at the same time. Multicast distribution can be one-to-many or many-to-many.

Classes of IPv4 addresses

As IPv4 became popular and more than 254 networks will be needed for the growing use of digital devices

Class A

The first octet of a Class A address is the network portion, resulting in a major network address of 1.0.0.0 - 127.255.255.255. Octets 2 through 4 are for the network administrator to divide into subnets and hosts as he or she sees fit. Within a given block, Class A allows for 128 possible networks, with each network capable of hosting 16,777,214 hosts.

Class B

The first two binary bits of the first octet in a Class B network are 10 (one-zero), corresponding to the addresses 128.0.0.0-191.255.255.255. The first two octets identify the network, and the following two octets identify the unique network host. Thus, the IP address "172.16.34.3" would be on the network "172.16.0.0."

Within a given block, Class B provides for 16,384 potential networks, with each network capable of hosting 65,534 hosts.

Class C

The network part is represented by the first three octets. The figure above shows a Class C example with the main network address ranging from 192.0.0.0 to 223.255.255.255. Class C provides for 2,097,152 different networks within a particular block, and each network can have 254 hosts on it

Class D (224.0.0.0-239.255.255.255)

These network addresses are reserved for use with multicast, a protocol for broadcasting data to multiple hosts simultaneously.

Class E (240.0.0.0-255.255.255.254)

An experimental address block.

Reserved addresses

Many IPv4 addresses are reserved for specific purposes, making them inaccessible to the general public.

• The first and last addresses on any given network, for example, are reserved. As the network identifier, the first address on any network (for instance, 192.168.0.0) is reserved.
• The last address on any network (such as 192.168.255.255) is reserved as the broadcast address for that network.
• Local loopback addresses: The IP address range 127.0.0.0-127.255.255.255 are unique addresses that point to your system (i.e., any traffic sent to it loops straight back to where it came from). Although any address in that range will work, the most often used loopback address is 127.0.0.1.
• For link local addresses, the IP range 169.254.0.0-169.254.255.255 is reserved (also known as APIPA, or Automatic Private IP Addressing). When a machine connects to a network and does not have a manual IP address, it attempts to receive one automatically. If it cannot, it assigns itself a link-local address in this range, allowing it to communicate with other nearby computers that have link-local addresses.
• Private IP address: Finally, three IP ranges are reserved for private usage (10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255). These addresses are intended for usage on internal networks by machines that do not need a direct Internet connection. These addresses are non-routable, which means that their traffic cannot be routed directly on the Internet.

Private IP addresses are widely utilized in a variety of networks, ranging from huge commercial networks to modest residential networks. They are not allotted to any one organization and may be used by anyone (similar to an unlicensed spectrum). Organizations can avoid wasting valuable public IP addresses by using private IP addresses because a single Internet connection can be shared via a proxy server or NAT.

IPv6

IPv6 is intended to be the IPv4 successor. It was created as a long-term solution for a new address scheme with 340 undecillion (340 followed by 36 zeroes) addresses which are roughly equivalent to the number of grains of sand on Earth. IPv6 features a wider 128-bit address space, which is more than just a larger address space. The illustration compares the IPv4 and IPv6 address spaces. Other advantages of the IPv6 protocol includes:

• There is no need for NAT. Each device is capable of having its own globally routable address.
• Address administration is made easier with autoconfiguration features.

Because the quantity of available IPv4 address blocks was fast dwindling, the inventors of IPv6 anticipated that it would be widely adopted. There is no set date for transitioning to IPv6. IPv4 and IPv6 will coexist, and the changeover will take several years.

Subnet mask

Subnet mask (also called netmask) is used to distinguish different sections of your IP address. We stated that your IP address is comparable to your physical address. Your street address normally consists of multiple parts. A street name and a house number are provided.

An IP address is, likewise, made up of several elements. There is a HOST and a NETWORK section. Subnet masks are used to determine which part of the address is the host and which part is the network.

The bits in the subnet mask are the same as the bits in the network address. In other words, all bit locations in the subnet mask set to 1 are part of the network address in the real IP address.

The network and host elements of the address can be separated by lining up the IP address and the subnet mask:

11000000.10101000.01111011.10000100 - IP address (192.168.123.132)

11111111.11111111.11111111.00000000 - Subnet mask (255.255.255.0)

Subnet mask Classes

Class A networks have a default subnet mask of 255.0.0.0 and the first octet of 0-127. The IP address 10.52.36.11 belongs to the class A network. Its first octet is 10, which falls between 1 and 126.

Class B networks have a default subnet mask of 255.255.0.0 and the first octet of 128-191. The address 172.16.52.63 is classified as a class B address. Its first octet is 172, which falls between 128 and 191.

Class C networks have a default subnet mask of 255.255.255.0 and its first octet is 192-223. The IP address 192.168.123.132 belongs to the class C network. Its first octet is 192, which falls between 192 and 223.

Subnetting

Subnetting enables the creation of numerous logical networks within a single Class A, B, or C network. You can only use one network from your Class A, B, or C network if you do not subnet, which is ridiculous.

Let's say you have a wide area network with 150 hosts spread over three networks (in various cities) linked by a router, and each network has 50 hosts. You have been assigned the class C network address 192.168.123.0.

Two addresses that can't be used in your example are 192.168.123.0 and 192.168.123.255 because binary addresses with a host portion of all ones and all zeros are invalid. The zero address is invalid because it's used to specify a network without specifying a host. The 255 address (in binary notation, a host address of all ones) is used to broadcast a message to every host on a network. Just remember that the first and last address in any network or subnet can't be assigned to any individual host.

You should be able to assign IP addresses to 254 hosts now. It works perfectly if all 150 machines are connected to the same network. Your 150 computers, on the other hand, are connected to three different physical networks. Rather than requesting additional address blocks for each network, you divide your network into subnets that allow you to use a single block of addresses on several physical networks.

In this example, you divide your network into four subnets by employing a subnet mask, which increases the network address and decreases the available range of host addresses. In other words, you're 'borrowing' some of the host address bits and utilizing them for the network portion of the address.

The subnet mask 255.255.255.192 creates four networks, each with 62 hosts. It works because 255.255.255.192 is the same as 1111111.11111111.1111111.11000000. The first two digits of the last octet are converted into network addresses, resulting in the additional networks 00000000 (0), 01000000 (64), 10000000 (128), and 11000000. (192). (Some administrators will only employ two of the subnetworks with a subnet mask of 255.255.255.192. RFC 1878 contains more information on this subject.)

The last six binary digits of a host address can be used in these four networks. Using a 255.255.255.192 subnet mask, your 192.168.123.0 network becomes four networks: 192.168.123.0, 192.168.123.64, 192.168.123.128, and 192.168.123.192. The following host addresses would be valid for these four networks:

• 192.168.123.1-62
• 192.168.123.65-126
• 192.168.123.129-190
• 192.168.123.193-254

Once again, that binary host addresses with all ones or all zeros are invalid, so you can't use addresses with the last octet of 0, 63, 64, 127, 128, 191, 192, or 255. More examples are below.

Default gateway

Computers on the same Layer 2 network segment can communicate directly with one another. Your computer determines whether or not a computer with whom it wishes to communicate is on the same network by inspecting its IP address and subnet mask. If this is not the case, the computer will route the packets to a router for delivery.

The default gateway is the router's IP address to which a computer sends network packets if it is unsure where else to send them. The traffic will then be routed by the default gateway to its destination, which will most likely require a succession of other routers. The default gateway is usually the router that is closest to a computer or device.

DHCP- Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically assigns an IP host an IP address as well as other configuration information such as the subnet mask and default gateway.

IP addresses for new computers or computers relocated from one subnet to another must be manually set or IP addresses for computers withdrawn from the network must be manually recovered If there is no DHCP server.

When a client requires an IP address, it sends a "DHCP discover" packet to the entire network. When a DHCP server receives a request, it checks to determine if it has any IP addresses available to lease to the client. It may also check to verify if the client is permitted to make requests from them, or if there is a pre-configured IP address that should be assigned to that client.

Any servers that do have an IP address available for that client will respond with a DHCP offer, which allocates that IP addresses tentatively to that client. The client will then accept the first DHCP offer it receives and send a DHCP request to that specific DHCP server.

That DHCP server will then respond with a DHCP acknowledgment, which legally leases that IP address to that client and also supplies the client with any additional network information required (such as the subnet mask, default gateway, DNS servers, NTP servers, WINS servers, etc.).

Dora, the Explorer can help you remember the DHCP process:

Discover, Offer, Request, and Acknowledgement.

Also, note that there is a race issue with the DHCP offer. Since the client takes the first one it receives, an attacker could configure a malicious DHCP server that is quicker and manage the victim's network configuration.

The attacker, for example, could configure the client to use a malicious DNS server or even a malicious default gateway, allowing the attacker to monitor (or even manipulate) all of the victim's traffic. It is relatively simple to react faster than the legitimate server because the attacker's malicious server is likely to be located fewer network hops away than the legitimate one.