قالب وردپرس درنا توس
Home / Tips and Tricks / Understanding Using IPv4 to Navigate a Network «Null Byte :: WonderHowTo

Understanding Using IPv4 to Navigate a Network «Null Byte :: WonderHowTo

You may not know, but your computer's IPv4 address contains a lot of useful information about your Wi-Fi network. If you know what your IPv4 address and subnet mask tell you, you can easily search the entire network area, find the router, and discover other devices on the same network.

IP addresses like may be known To you, the IP address that your computer assigned from the router actually says a lot about the network itself. If we did not know what network we were on We may find it difficult to run a scan tool that asks us to provide a set of IP addresses for scanning. We could panic and scan each IPv4 address by scanning only, but with 42.94.967.294 possible IP addresses, this would take a long time. Instead, we can be smart as we scan a network by learning a bit about how IPv4 works.

You do not have to be a network engineer to be smart and quickly calculate network coverage. If you learn to quickly find the router on a network, you do not necessarily need to scan your presence with a scan.

What is an IP address?

For a device to connect to a Wi-Fi or Ethernet network, two pieces of information are required to successfully send and receive information. The first is a MAC address, which is like the electronic serial number of a device and does not change when connected to different networks. The MAC address is used to physically identify the device on the network and uses a format as follows:

  40: 70: 09: 7a: 64: 97 - ARRIS Group, Inc. 

MAC addresses are useful because the first Half of them is assigned to a manufacturer to program the devices they sell. This means that we can use the MAC address of a device to see who made it. This is often enough to determine what it is. For example, identifying a "Nestcam" device almost certainly means a "Nest" brand surveillance camera (19459022).

The other information required to connect to a network is an IP address. Unlike the MAC address of a device that does not change, your IP address is like a parking space in the network, which can change depending on which network you are connected to and how many other places are occupied by other devices , When a network establishes a connection between the physical MAC address of a device and the IP address assigned by the router to a device connected to the network, the combination allows a successful connection to the network.

You can find your IP address by running ifconfig or ip a in a terminal window.

  ifconfig | grep inet 
  inet netmask radio 

In practice, for example, your smartphone would connect to the Wi-Fi network in a café. Your device has the same MAC address at home as it does in the coffee shop, but the café router may assign you a different IP address each time you join.

When you connect to the network, the routers and nearby devices will store the relationship between your device's MAC address and the assigned IP address in a table that makes it easy to provide information. You can see this table by typing arp -a in a terminal window.

  arp -a 
? ( at 3c: dc: bc: 05: 77: d4 [ether] on wlan0
_gateway ( at 40: 70: 09: 7a: 64: 97 [ether] in wlan0 

In this example, my computer has the IP and MAC address of the router (gateway) and another computer on the Gateway Saved This allows sending packets to both.

IPv4 is the most widely used and easy to understand IP addressing system, but is gradually being replaced by the more complicated but more scalable IPv6 system. Even so, most networks still give you an IPv4 address, so you can easily navigate the network. The most important thing you should know about IP addresses is that it is a long, unique number assigned to a device on a network. That's all.

What you need

To understand how IP addresses work, you need to connect to a router that assigns you an IPv4 address. Many of the network reach calculations can be done on paper in your head, but in many cases I find it helpful to use a calculator.

You can use tools like ipcalc to help you quickly calculate IP ranges But it does not help you much if you do not know what it tells you. In this guide, we use ipcalc a few times. So you can install it by typing apt install ipcalc in a terminal window or installing it from its GitHub page.

Step 1: Count in Binary

The format of an IPv4 address can be intimidating, but the average IPv4 address does not provide an overwhelming amount of information. To get started, you should know that an IP address is a binary number, the language, the computers that we write as numbers, so that people do not confuse them by mistake.

To understand an IP address, we need to do some very simple math. As humans, we have ten fingers, so we count in base 10. That is, after we reach 9, we add another digit. Binary uses base 2 instead of base 10. To count to 2, we write "10".

The functionality is as follows:

  1 = 1
2 = 10
3 = 11
4 = 100
5 = 101
6 = 110
7 = 111
8 = 1000
9 = 1001
10 = 1010 

When dealing with an IP address, each number divided by a dot represents an 8-digit binary number. For the IP address, you can convert the IP address to an 8-digit binary number as follows:

  IP Address:

First number: 192

128 64 32 16 8 4 2 1
0 0 0 0 0 0 0 0 0 

To convert our first number, we start on the left side of the binary number with the first value of 128. From left to right, first check that you are subtracting 128 from our number ( 192). We can, so the first number is 1.


After subtracting 128 from 192, we still have 64 left. The value of the next digit is 64. Can we subtract 64 from our remaining number (64)? Yes, so the next number is also 1.


This leaves us with zero, so we fill in all zeros and leave the resulting number 11000000 binary. For a computer, this is the same as number 192.

When the first number is converted, we do the same with the second.

  Second Number: 168

128 64 32 16 8 4 2 1
0 0 0 0 0 0 0 0 0 

First we try to subtract 128 from our number (168). We can, so the first number is 1.


Next we try to subtract 64 from our remaining number, which is 40. We can not, so the next number is 0.

10XXXXXX [19659002] Now we try to subtract 32 from our remaining number of 40. We can, so the next number is 1.


The next number to subtract is 16 from our remaining set of 8. We can & # 39; t, so let's add another 0 to the binary number.


It's pretty obvious that 8 can be deducted from our remaining 8, so we'll add another 1 and pad out the rest to get our number

10101000 [19659002] Next we convert the third number, which is only 0. We can represent this with all zeros as 00000000, leaving only the last number to convert.

Obviously, we can not subtract any of them from the numbers in front of 2 of our number 2 for the last number, so we add all zeros up to the 2-digit number and add another zero at the end. So, 00000010 remains as a binary number representing 2.

After converting to binary, the IP address becomes the following number. This is the large number of times your computer identifies to devices on your local network.


Step 2: Calculate Subnet Mask

IP addresses contain two pieces of information about a router. The first half tells the router what network the IP address belongs to, and the second half indicates which available parking space a specific device uses. Both are important for a router. When you try to connect to a device on another network, your IP address tells the router to forward your connection to another router that knows where that network is.

You can think of the network as part of a network IP address, such as the city to which you are sending a packet, and the host part, such as the address within the city to which you are sending the packet. This allows routers to quickly decide if they need to forward traffic to a device on a local network or if they need to send the traffic to another location.

In our previous example IP address is the part talking over the network, and which part is talking about the host?

To find out, we need to use a subnet mask. A subnet mask is like a 1-character highlighter that tells the router what part of the IP address is from a network. For our example we can display the network mask in three ways:

The first example shows how the subnet mask is frequently written and converted to numbers to facilitate writing. The last example shows what it really looks like and gives an indication of why we are adding the / 24 to point out this sub-mask: it has 24 1 in a row!

A / 8 subnet would have a sequence of eight 1 in a row? Yes, that would be or 11111111.0000000000000000.00000000 in binary format.

So what would be a 11111111.11110000.000000000000000000? Well, there are twelve consecutive ones, so it would be a / 12 network or

Subnet masks will always be a contiguous group of ones on the left. Any part of your IP address that has a 1 in the subnet mask talks about the network to which you belong. Everything with a zero speaks of a host address in the network.

In our example of, the first part 192.168.0 refers to the network in which we are located. This means that only the last part of the address is available for devices that "park" in the network. This is important to know, as it tells us that a total of 254 IP addresses are available on the network.

Step 3: Calculating Network Reach

Now that we know how subnet masks work, let's take a look at our current IP address. In this example, you can run ifconfig in a terminal window to get our current IP address.

  eth0: flags = 4099  mtu 1500
Ether 50: 7b: 9d: 7a: c8: 8a txqueuelen 1000 (Ethernet)
RX packets 0 Byte 0 (0,0 B)
RX error 0 fell 0 exceeded 0 frame 0
TX packets 0 byte 0 (0,0 B)
TX error 0 fell 0 exceeded 0 carrier 0 collisions 0

lo: flags = 73  mtu 65536
inet netmask
inet6 :: 1 prefixlen 128 scopeid 0x10 
loop txqueuelen 1000 (Local Loopback)
RX packets 65413 bytes 14922237 (14.2 MiB)
RX error 0 fell 0 exceeded 0 frame 0
TX packets 65413 bytes 14922237 (14.2 MiB)
TX error 0 fell 0 exceeded 0 carrier 0 collisions 0

wlan0: flags = 4163  mtu 1500
inet Netmask Broadcast
inet6 2606: 6000: 66d0: a000: 41b9: 777e: 5263: 3b59 prefixing 64 scopeid 0x0 
inet6 fe80 :: b567: 3ec1: 3f0b: 39bc prefixing 64 scopeid 0x20 
Ether 00: c0: ca: 95: 6e: 74 txqueuelen 1000 (Ethernet)
RX Packets 47663 Bytes 37596073 (35.8 MiB)
RX error 0 fell 0 exceeded 0 frame 0
TX Packets 227500 Bytes 22477997 (21.4 MiB)
TX Error 0 Dropped 0 Passed 0 Carrier 0 Collision 0 

From this issue you can see the IPv4 address on our Wi-Fi interface. Wlan0 is, with a subnet mask of We have previously learned that we immediately know that the subnet mask looks like 11111111.11111111.11111111.00000000, which means that the fourth number in the IP address is the only one that is to individual host devices refers to a total of 256 possible IP addresses (from 0 to 255) in this network! When we do a scan, we know two things to make it:

  • The first three numbers are the same when scanning devices on this network.
  • The last number can only be a number between 0 and 255 Everything else can not exist in this network.

However, we can narrow that down further. There are already three addresses that are guaranteed to be used in this and every network. This is due to the way IPv4 is designed, meaning that in fact only 254 addresses are available to devices on the network.

What are these reserved IP addresses, and how do we find them? The first is the broadcast address, the second is the network address, and the last is the address where the router is located, also known as the default gateway.

Step 4: Identifying the Broadcast and Network Addresses

Finding The default gateway is simple. As mentioned earlier, you can type arp -a to see the current route to your gateway from which your computer sends network traffic.

  arp -a 
  _gateway ( at 40: 70: 09: 7a: 64: 97 [ether] on wlan0 

How do we find the broadcast and network addresses?

The broadcast network is always the last IP address available on a network. In our IP range, which starts at 0, this means that is the reserved broadcast address. Everything sent to this address will be sent to every device on the network.

The network address is the lowest possible IP address. In this case, that would be, which means we should not scan this address either. This would not give any useful results.

If these two possible IP addresses are off the table, the router usually gets the first usable IP address. After removing our reserved address, it matches the IP address in our ARP cache

Knowing this, we can avoid scanning the broadcast and network address and focus on the area starting with the router's IP address.

Step 5: Run a Network Scan in a Calculated Network Scope

Nmap is a perfect example of a tool that requires an IP address to use. Consider an example where a hacker is on an unknown network and how Nmap is running on the network.

In a penetration test, a hacker can access a badly secured Wi-Fi network to a credit card system so they can join a company's Wi-Fi network. After ifconfig was executed, the following output is displayed:

  wlan0: flags = 4163  mtu 1500
inet Netmask Broadcast 

Woah! That looks different. How can we understand what we see? First, we can convert the subnet mask to a binary to see how this network differs from the last one we looked at.

Okay, now we're going somewhere. We could also display this subnet mask by writing it like since it has twenty 1 in a row. That is, the first 20 binary digits of the address are reserved for the address, that is, we have more possible IP addresses than our last example.

How many IP addresses are there? Well, we have a big clue. We have the broadcast address that we know to be the highest possible IP address in the area. If we convert it to a binary file, we can see that it's just the entire host range of the address.

11000000.10101000.0000 1111.11111111 

This means that the network address we need to scan the entire network contains only zeroes in the same location. We add zeros where the ones are supposed to give the lowest address in the range and the one that can search the entire network.

11000000.10101000.0000 0000.00000000 

That means that this network has 4,094 possible IP addresses, and we can scan all addresses by using nmap Broadcast IP we can still calculate by converting the IP address to a binary file and then populating the host section with all zeroes. Based on what we learned earlier, the router's most likely IP address would then be the first available IP address on that network,

An IPv4 address a number we can learn a lot From

If you know how to calculate the network IP of an IPv4 network, you can discover other devices on the network without spending any time on it To search through missing non-existent IP addresses. With a look at your own IP address, you can even reliably access the router of a network on the first try without having to do a scan.

Even the simplest hacking tools often require entering an IP address or range of IP addresses to work. By calculating the network address and adding a subnet mask, it is easy to abbreviate an entire network with a number like "" to scan all possible hosts on the network like a pro.

If all else fails, I can always just put the IP address in ipcalc to calculate everything in a hurry. Even if you are unable to manually calculate IP addresses, you can still use all the information ipcalc has to offer, if you know what each value means and what to do with it.

I hope you liked this guide for calculating IPv4 network ranges! If you have questions about this IPv4 networking tutorial or have a comment, please contact Twitter @KodyKinzie .

Do not Miss: Prevent Your Network from ARP Spoofing with shARP

Cover Picture from Kody / Null Byte

Source link