©2019 Security Unleashed | New Delhi

  • Animesh Gupta

What is IP Address?



An Internet Protocol address (IP address) is a logical numeric address that is assigned to every single computer, printer, switch, router or any other device that is part of a TCP/IP-based network.

The IP address is the core component on which the networking architecture is built; no network exists without it. An IP address is a logical address that is used to uniquely identify every node in the network. Because IP addresses are logical, they can change. They are similar to addresses in a town or city because the IP address gives the network node an address so that it can communicate with other nodes or networks, just like mail is sent to friends and relatives.

The numerals in an IP address are divided into 2 parts:

  • The network part specifies which networks this address belongs to and

  • The host part further pinpoints the exact location.

An IP address is the most significant and important component in the networking phenomena that binds the World Wide Web together. The IP address is a numeric address assigned to every unique instance that is connected to any computer communication network using the TCP/IP communication protocols.

Network nodes are assigned IP addresses by the Dynamic Host Configuration Protocol server as soon as the nodes connect to a network. DHCP assigns IP addresses using a pool of available addresses which are part of the whole addressing scheme. Though DHCP only provides addresses that are not static, many machines reserve static IP addresses that are assigned to that entity forever and cannot be used again.

IP addresses falls into two types:

  • Classfull IP addressing is a legacy scheme which divides the whole IP address pools into 5 distinct classes—A, B, C, D and E.

  • Classless IP addressing has an arbitrary length of the prefixes

IP Addressing | Classfull Addressing


IP addressing supports five different address classes: A, B, C, D and E. Only classes A, Band C are available for commercial use.

We can find the class of an address when given the address in binary notation or dotted decimal notation.

• If the address is given in binary notation, the first few bits can tell us the class of the address.

• If the address is given in dotted decimal notation, the first byte defines the class.


Class A addresses


1. Class A addresses are designed for large organizations with a large number of hosts or routers.

2. In this the first octet of the address identifies the network and the next three octets are used to identify the host.

3. The first bit of first octet is always 0 and the remaining 7 bits are used to identify the network address.

4. The next three octets i.e. 24 bits are used to identify the host.

5. The class support addresses from 0.0.0.0 to 0.255.255.255

6. The first block of network address starts with 1.0.0.0 and the last block of network address starts with 127.0.0.0.

7. As there are 7 bits in network address, 27 = 128 blocks of network address are possible. Out of these two network blocks are reserved. Hence total 126 address blocks are used.

8. Each network blocks can have 224--- 2 hosts i.e. 16,777,214 host address. Two addresses are less as one address is reserved for the broadcast address and one address is reserved for the network.

9. A block in class A is too large for almost any organization. This means most of the addresses in class A are wasted and are not used.


Class B address

1. The class B addresses are designed for medium sized organizations with tens of thousands of attached hosts or routers.

2. In this, the first two octets of the address identify the network and the next two octets identify the host within the network.

3. The first two bits (high order bits) of first octet are always 1,0. Thus the remaining 14 bits identify the network

4. The third and fourth octet i.e. 6 bits are used to identify the host.

5. The first network block of this class covers the addresses from 128.0.0.0 to 128.0.255.255 (net id 128.0). The last network block of this class covers addresses from 191.255.255.255 (net id 191.255)

6. The maximum number of network blocks in class B is 214 = 16384.

7 Each network block in class B can have 216--- 2 = 65,534 hosts.

8. A block in class B is also very large and most of the address in class B is also wasted.


Class C address


1. The class C addresses is designed for small organizations with a small number of attached hosts or routers.

2. In class C, the first three octets of address are used for network and the last octet is used to identify the host.

3. The first three bits of first octet are always set to 1, 1, 0.

4. The remaining 24 - 3 = 21 bits are used for network identification and only 8 bits are used for host.

5. In class C, 221 = 2,097,152 network blocks are possible.

6. Thus, each block in class C address can have 28 - 2 = 254 hosts.

7. The first block of network covers addresses from 192.0.0.0 to 192.0.0.255.

The last block of network covers the addresses form 223.255.255.0 to 223.255.255.255

8. The class C addresses are too less for many organizations as it supports only 254 hosts in a network.


Class D address


1. Class D addresses are used for multicast groups (multicasting)

2. The concept of division of octets into network id and host id does not apply to class D.

3. The first four bits of first octet in class D are always set to 1,1,1,0.

4. The address range is 224.0.0.0 to 239.255.255.255


Class E address

1. The Class E address are reserved for future use and are experimental.

2. The concept of network id and hostid does not apply on class E also.

3. The first four bits of first octet are always set to 1,1,1,1.

4. The address range for class E is 240.0.0.0 to 255.255.255.255.

IP Addressing | Classless Addressing

• The fast growth of Internet led to the near depletion of the available addresses.

• We have run out of class A and B addresses, and a class C block is too small for most midsize organizations.

• To overcome the problem of address depletion and give more organizations access to internet, classless addressing was designed and implemented.

• In this scheme, there are no classes, but the addresses are still granted in blocks.

• In classless addressing, when an entity, small or large, needs to be connected to Internet, it is granted a block or range of addresses.

• The size of the block (the number of addresses) varies based on the nature and size of the entry. For example, a household may be given only two addresses; a large organization may be given thousands of addresses. An ISP, may be given thousands or hundreds of thousands based on the number of customer it may serve.

• To simplify the handling of addresses, the Internet authorities impose three restrictions on classless address blocks:

1. The addresses in a block must be contiguous, one after the other.

2. The number of addresses in a block must be a power of 2 (1, 2, 4,8, .... ).

3. The first address must be evenly divisible by the number of address.


Network Address and Mask


Network address – It identifies a network on internet.  Using this, we can find range of addresses in the network and total possible number of hosts in the network.


Mask – It is a 32-bit binary number that gives the network address in the address block when AND operation is bitwise applied on the mask and any IP address of the block.

The default mask in different classes are :


Class A – 255.0.0.0

Class B – 255.255.0.0

Class C – 255.255.255.0


Example : Given IP address 132.6.17.85 and default class B mask, find the beginning address (network address).

Solution : The default mask is 255.255.0.0, which means that the only the first 2 bytes are preserved and the other 2 bytes are set to 0. Therefore, the network address is 132.6.0.0.


Subnetting:  Dividing a large block of addresses into several contiguous sub-blocks and assigning these sub-blocks to different smaller networks is called subnetting. It is a practice that is widely used when classless addressing is done.

Some values calculated in subnetting :


1. Number of subnets : Given bits for mask – No. of bits in default mask

2. Subnet address : AND result of subnet mask and the given IP address

3. Broadcast address : By putting the host bits as 1 and retaining the network bits as in the IP address

4. Number of hosts per subnet : 2(32 – Given bits for mask) – 2

5. First Host ID : Subnet address + 1 (adding one to the binary representation of the subnet address)

6. Last Host ID : Subnet address + Number of Hosts


What is CIDR?


CIDR stands for Classless Inter-Domain Routing and is used for IP addressing and routing. It allocates IP addresses in a more flexible manner as compared to the original system of Internet Protocol (IP) address classes. In this way, it increases the number of available IP addresses with extensive use of NAT (Network Address Translation)

By providing a new, more efficient way to allocate network addresses, CIDR has reduced the issue of wasted address space in the routers. With CIDR, one entry in the routing table entry represents a combination of networks existing in the forward path. This network aggregation in a single address is known as Supernet.


CIDR Notation

CIDR IP addresses can be described as consisting of two groups of bits. The most significant group of bits denotes the prefix i.e., a network address that is used for the identification of a network or sub-network. The least significant group of bits is known as host identifier that determines the total number of bits in the address. It is used to signify the device on the work that will receive incoming information packets.

For example, consider the following CIDR Notation

182.0.1.2/28

Here, the prefix is – 182.0.1.2, and

The total number of bits in this address is 28.

CIDR Block


The prefix, first group of bits in the notation allows you to group the multiple blocks of network addresses into a single routing network. CIDR blocks share the first group of bits (the binary representation of the network addresses). The blocks are also identified using same decimal dot notation system as IPv4 addresses.

For example, a CIDR block is shown below

10.0.1.0/24

Here /24 signifies the total number of 1’s bits in the routing mask (network mask).

This IP address can be shown as below in the binary format:

11111111.11111111.11111111.00000000

Here the first 24 bits are marked as 1.

It would be equivalent to a network mask of 255.255.255.0

Note that the network addresses that have the identical prefix and the same number of bits, always belong the same block. Also, the large and small blocks can be distinguished by the length of the prefix.


Calculating the Network Mask


Let’ say that we have given a notation of /20 as the mask, how can we calculate the network mask

We can do this with the help of the below table notation.

1286432168421

For a mask of /20, the equivalent binary format would be as follows

11111111.11111111.11110000.11111111

From the third octet, e can see that there are 4 leading 1’s. This corresponds to the first 4 columns of our table

1286432168421

If we add these numbers we get – 240

Hence our network mask would be 255.255.240.0


Calculating the Number of Subnets and Hosts


Now based on a CIDR block, let’s say we need to calculate the number of subnets and hosts possible. We can do this with the following equations.

  • Number of Networks possible in a CIDR network, use 2n where n is the number of 1s in the subnet mask

  • Number of hosts possible in a CIDR network, use 2n-2 where n is the number of 0s in the host mask

  • Every network needs 2 addresses, 1 for network and 1 for broadcast

Let’s consider the following example,

There is a given CIDR block of IP address 192.168.1.0/28

So first let’s get the decimal format in place

11111111.11111111.11111111.11110000

Now, here the first 3 octets are dedicated to the Network

11111111.11111111.11111111.11110000

The first 4 bits of 1’s of the 4th octet is what gives us the possibility of the subnets. So the value of n is 4.

11111111.11111111.11111111.11110000

So the number of subnets is (2*2*2*2) = 16

Next, we need to calculate the number of hosts

Since the number of host bits is 4, hence the value of n is also 4

11111111.11111111.11111111.11110000

So the number of hosts is (2*2*2*2) – 2 = 14


IPV4 vs IPV6



IPv4 and IPv6 are two generations of Internet Protocols where IPv4 stands for Internet Protocol version 4 and IPv6 for Internet Protocol version 6. 

IPv4 is a protocol for use on packet-switched Link Layer networks (e.g. Ethernet). It is one of the core protocols of standards-based inter-networking methods on the Internet and was the first version deployed for production in the ARPANET in 1983. IPv4 uses 32-bit source and destination address fields which limit the address space to 4.3 billion addresses. This limitation stimulated the development of IPv6 in the 1990s.

IPv6 is more advanced and has better features compared to IPv4. It has the capability to provide an infinite number of addresses. It is replacing IPv4 to accommodate the growing number of networks worldwide and help solve the IP address exhaustion problem. IPv6 was developed by the Internet Engineering Task Force (IETF).

One of the main difference between IPv4 and IPv6 is their address space. As we already said the size of an address in IPv4 is 32-bits. Where IPv6 address fields are 128-bits.

Because of their difference in address space — appearance of the IP addresses in IPv4 and IPv6  also looks different. In IPv4 IP addresses are appeared as four 1 byte decimal numbers, separated by a dot (eg: 192.168.1.1) and in IPv6 IP addresses appears as hexadecimal numbers that are separated by colons (eg: fe80::d4a8:6435:d2d8:d9f3b11).

Clients using IPv4 addresses use the Dynamic Host Configuration Protocol (DHCP) server to establish an address each time they log into a network. This address assignment process is called stateful auto-configuration. IPv6 supports a revised DHCPv6 protocol that supports stateful auto-configuration, and supports stateless auto-configuration of nodes. Stateless auto-configuration does not require a DHCP server to obtain addresses. Stateless auto-configuration uses router advertisements to create a unique address. This creates a «plug-and-play» environment, simplifying address management and administration. IPv6 also allows automatic address configuration and reconfiguration. This capability allows administrators to renumber network addresses without accessing all clients.

These are the basic difference between IPv4 and IPv6.

Advanced differences are :