Introduction

This blog post is the first in a series I’m starting called “Networking 101 for Hackers” This series of blog posts aims to teach people enough about networking to get them started in cybersecurity.

This particular post is about IP addresses. As you’ll learn in the next section, an IP address is the most crucial thing in today’s digital age as we identify and communicate with other devices connected to the internet via IP addresses. If you need to hack any device connected to a network, you’ll first need to know its IP address to “talk” to it and eventually pwn it.

What is IP?

“IP” stands for Internet Protocol, a set of rules for routing and packet addressing decisions in a network. Since IP defines the rules for routing packets, it also decides how to identify various networks and how to identify each host (networking term for a “device”) connected to that network. IP uses what are known as IP addresses. Each host connected to a network is assigned an IP address unique to that host in that particular network.

IPv4 VS IPv6

In the early days of networking, when IP addressing was implemented, no one ever thought that the world would eventually run out of IP addresses. However, in just a decade, the number of internet users increased from 569 million to 2,27 billion. Therefore, the Internet Engineering Task Force (IETF) developed a new version.

IPv4

IPv4 is the older version of the IP address. Each IPv4 address is 32 bits long, which gives 4,294,967,296 possible addresses. Each IPv4 address is made up of four bytes, each separated by a decimal point, and each byte is usually called an octet. Each octet can have a decimal value in the following range: 0-255. Here are a few examples of IPv4 addresses:

  • 192.168.1.1
  • 10.1.154.210
  • 0.0.0.0
  • 127.0.0.1

IPv6

As mentioned before, IPv6 is the newer version of the IP address, developed to solve the problem of running out of IP addresses. Each IPv6 address is 128 bits long, providing 3.4028237e+38 possible addresses; that’s a lot of IP addresses! Similar to IPv4, each IPv6 address is divided into eight parts separated by a colon (:), and each of the parts is 2 bytes long and has four hexadecimal numbers. Since each hexadecimal number is four bits long, each IPv6 address has 32 hexadecimals. Here are a few examples of IPv6 addresses:

  • 2001:0db8:0020:130f:0b0d:0000:087c:05bc
  • 0000:0000:0000:0000:0000:0000:0000:0000
  • FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

IPv6 also have three different forms in which address can be represented:

  • Regular form: 2001:0db8:0020:130f:0ccd:0aa0:087c:05bc
  • Compressed form: FF01:0000:0000:0000:0000:0000:0000:43 becomes FF01::43 as a result of replacing a stream of 0s with ::
  • IPv4-compatible: 0000:0000:0000:0000:21.123.10.31 or ::21.123.10.31

IP Classes and Subnetting

Each IP address not only identifies a host on a network, but also identifies the network itself. This is achieved by dividing each IP address into two parts: the network part that identifies the network and the host part that identifies the particular host on that network.

Subnetmasks

To find the network address from an IP address, we use something called the subnet mask. A common subnet mask, which is probably being used in your home network, is 255.255.255.0. This basically tells us that the first three octets of an IP address identify the network, and the last octet identifies the hosts. That’s great, but how did we figure this out? Easy! Let’s find the network part of the IP address 192.165.1.12 using the subnet mask 255.255.255.0:

  1. Convert the IP address and the subnetmask into binary format IP Address: 11000000.10100101.00000001.00001100 Subnetmask: 11111111.11111111.11111111.00000000
  2. Perform the bitwise AND operation between them Network address: 11000000.10100101.00000001.00000000
  3. Convert all octets back to decimal format Network address: 192.165.1.0

IP Classes

In the olden days of the internet, all IP addresses belonged to one of the five IP address classes. The size and IP range of a particular network was determined by the IP address class to which the network address belonged:

![[ip_classes.png]]

However, over the years, it became apparent that the distribution of IP addresses using the IP address classes was wasting a lot of IP addresses. To solve this issue, the concept of CIDR (Classless Inter-Domain Routing) was introduced. The CIDR approach does not follow IP address classes; instead, we can create a network of any size using different subnet masks.

Public VS Private IPs

There are two types of IP addresses: public and private. Let’s start with private IP addresses. A private IP address falls under one of the reserved IP ranges. These IP ranges can only be used in private networks, which makes it possible for a private IP address to identify more than one host as long as they exist in separate private networks. Here are some examples of private IP ranges:

  • 0.0.0.0 - 0.255.255.255: represents “this” network of which your device is part of.
  • 127.0.0.1 - 127.255.255.255: Also known as loopback addresses. which all represent your own computer.
  • 192.168.0.0 - 192.168.255.255: This range is probably the most common in private home networks.

Public IP addresses are used to represent hosts in public networks, such as the internet. As you may know, a URL of a website points to one or more IP addresses. These IP addresses are public IP addresses allotted to the web servers hosting the website. It is important to note that a public IP address on the internet can only identify one host at a time.

Network Address Translation (NAT)

The internet is essentially a vast network comprised of millions of smaller private networks that are interconnected with each other. Each of these smaller networks contains thousands of devices. However, if each device on the internet is provided a public IP address, the IP addresses would quickly run out, even with IPv6 addresses.

To address this issue, Network Address Translation (NAT) is utilized. To understand NAT, consider a private network like your home network. Each device in this network possesses a unique private IP address. Let’s look at the scenario represented in the following diagram:

NAT Table

  1. Let’s say you are using Host C, which has the IP 192.168.1.102.
  2. You send a request to Google.com, which is hosted on a server on the Internet.
  3. Your request is broken down into several packets, and each packet has the source IP address set to your PC’s IP, 192.168.1.102, and the source port number set to 33543.
  4. Your PC sends each packet to your home router so that they can be sent to the Internet.
  5. The router uses NAT Translation Table to note down your PC’s IP address and port number, and assigns your PC the port number 4. It then replaces the source IP address in each packet with the public IP address of your home network, which in this case is 65.96.14.76. The router sets the source port number to the one assigned to your PC. The public IP address represents your home network, and it will be the same for every single packet leaving your home, regardless of the device.
  6. Google’s response packets will have the destination IP address set to your home network’s public IP, 65.96.14.76.
  7. When your home router receives the response packets from Google’s server, it looks at the destination port, which will be 4 in this case, and replaces the destination IP address with the IP address corresponding to that port number. In this case, the new destination IP address will be your PC’s IP, 192.168.1.102. The destination port number is also replaced with 33543, which is the port being used on the PC.

Until Next Time…

Thank you for reading this blog post, I hope you enjoyed and learned something new today. I’m planning to post more blog posts just like these, so keep an eye here. If you would like to connect with me or give me feedback, reach out to me on Twitter!