Subnetting by Shaft (of defunct netflood, hthreads partner)

Topics including TCP/IP, OSI, Netbios, exploiting share, proxies and much more

Subnetting by Shaft (of defunct netflood, hthreads partner)

Postby weazy » Fri May 30, 2003 7:19 pm

Breaking down an IP address 

IP addresses are 32 bit numbers representing network and host information. The 32 bits are dotted-decimal numbers in four different groupings (commonly referred to as octets). This essentially divides the 32-bit number by 4. Each octet contains 8 binary numbers which translate to decimal numbers, the decimal value of each bit in an octet is located below:

 

Decimal by octet

128



64



32



16



8



4



2



1





 

Decimal by 32-bit IP address

128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1





 

When all numbers in an octet are added together it equals a total decimal number of 255. Using the chart above, a dotted-decimal IP address of 255.255.255.255 would look like this in binary:

 

1



1



1



1



1



1



1



1



.



1



1



1



1



1



1



1



1



.



1



1



1



1



1



1



1



1



.



1



1



1



1



1



1



1



1





  

Each octet would consist of 128+64+32+16+8+4+2+1 =255

So the full dotted-decimal IP address would be 255.255.255.255

 

The binary IP address of 128.64.32.129 is:

 

10000000.01000000.00100000.10000001

1



0



0



0



0



0



0



0



.



0



1



0



0



0



0



0



0



.



0



0



1



0



0



0



0



0



.



1



0



0



0



0



0



0



1



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1





128+0 = 128                      64+0 = 64                                32+0 = 32                                128+1 = 129

 

The binary Address of 192.48.15.99 is:

 

11000000.00110000.00001111.01100011

1



1



0



0



0



0



0



0



.



0



0



1



1



0



0



0



0



.



0



0



0



0



1



1



1



1



.



0



1



1



0



0



0



1



1



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1



.



128



64



32



16



8



4



2



1





128+64 = 192                    32+16=48                                8+4+2+1 = 15                         64+32+2+1 = 99

 

 

An IP address will always be unique to a host (except in a cluster or NAT environment). For example, Microsoft’s web server IP address is 207.46.131.137, while Yahoo’s web server IP address is 204.71.200.68. No other machine will have the same IP address as Microsoft’s web server on the Internet, think of IP addresses as social security numbers for machines. No one has the same social security number as you because if they did, how would the SSA differentiate you from the other person (machines can have more then one IP address). IP addresses identify more than just a host; they also identify what network the host is on.

 

 

 

 Address Classes

IP addresses are divided into classes. A large network can benefit by having an address class that allows more hosts. A smaller network could get by with fewer host addresses so they wouldn’t need the same class as a larger network. IP addresses can cost big bucks nowadays and it’s important to get a class address that is appropriate for your network. The larger the number of available hosts in an IP address, the more you can expect to pay. Only classes A through C will be covered in this document.

 

Address classes (Network)

Class A



1.x.x.x – 126.x.x.x



00000001.x.x.x - 1111110.x.x.x



Class B



128.x.x.x – 191.x.x.x



10000000.x.x.x - 10111111.x.x.x



Class C



192.x.x.x – 223.x.x.x



11000000.x.x.x - 11011111.x.x.x





Red = network portion of IP address                      Blue = host portion of IP address

A router will typically use only the network portion of the IP address to route packets.

 

You may have noticed that the network IP addresses 127.x.x.x and 0.x.x.x are missing, here’s why:

 

127.x.x.x (local-host)

The 127.x.x.x network is used for loop back testing. A loop-back test usually consists of pinging the IP address 127.0.0.1 but you can ping anything in the 127.x.x.x network and it will consider it local-host and respond with the loop back echo. This ping will “send” or exit the transmit pair of the network interface and loop onto the receive pair of the same network interface. This test will tell you if TCP/IP has been properly bound to your network interface card. This is essentially like talking to your self in French. If you can speak it and understand it; then you know you can communicate with other people who speak the same language.

 

0.x.x.x & 255.x.x.x (Class A example)

A value of zero in an address means same network or “this wire”. A “0” network is what is defined in a routers routing table (e.g. a router knows that network 125.0.0.0 with subnet mask of 255.0.0.0 is located on its Ethernet interface 1). A router will also route packets to unknown networks if a classless default route (default route) is added to the routing table (0.0.0.0 in binary). For example, it would be impossible to enter every network into the routers routing table, so instead, a route of 0.0.0.0 with a subnet mask of 0.0.0.0 is entered into the routing table (with a default gateway IP address), this is telling the router “if you do not know where the destination is, send it to this default gateway”. This forces the routers upstream from your router to deduce where to send the packet, they in turn will probably send it to their default gateway, and so on until the packet reaches the router containing the desired network destination. A network or host address can never be 255 (all 1’s in binary.)  All ones specify a “broadcast” address; which would be everything on that network.

 

 

Determining number of available hosts on a network:

 

The number of hosts can be determined by using a simple mathematical formula of 2N– 2 (2 to the power of bits in the host portion minus 2). N = the number of bits in the host portion. For example in a class B address (195.1.0.0) with a default subnet mask (255.255.0.0), the host portion is the last 2 octets (or 16 bits); to determine the number of hosts simply use the formula 216-2, which equals 65,534 usable hosts. Remember that the binary address cannot consist of all 0’s or all 1’s that is why we subtract 2. If you actually did the math you would see that 216 = 65,536, however; two of the hosts are reserved, one host IP (195.1.0.0) is reserved for the network and one host IP (195.1.255.255) is reserved for the broadcast address.

 

Class A maximum number of hosts = 16,777,214

Class B maximum number of hosts = 65,534

Class C maximum number of hosts = 254

 

Subnet Masking

 

Subnet masks are used by networking devices to determine which portions of the IP address is the network and which portion is the host. External networking devices do not see a subnet mask. The subnet mask is merely an aid in further segmenting the network and hosts. When masking, subnet bits are taken from the host portion of the IP address. For example, if we wanted to subnet a class B address (180.170.0.0) given to us by our ISP, we would not subnet the 180.170. network portion.

 

Default Subnet Masks (Natural Masks)

Class A = 255.0.0.0 (this is also commonly written in bit count 255.0.0.0 = /8)

Class B = 255.255.0.0 (this is also commonly written in bit count 255.255.0.0 = /16)

Class C = 255.255.255.0 (this is also commonly written in bit count 255.255.255.0 = /24)

 

So our default class B mask would be written in bit count as 180.170.0.0/16 which specifies an IP address of 180.170.0.0 with a subnet mask of 255.255.0.0

 

How to Subnet

The first step in subnet masking is determining what address class our IP address resides in. In the example of 195.170.16.0 we know that 195 falls into the class C range. So we know we will not subnet the first three octets (network portion) of the address, we can only mask the remaining HOST portion.

 

195.170.16.0 =



11000011.10101010.00010000.00000000



255.255.255.0 =



11111111.11111111.11111111.00000000





Host portion in blue

 

Notice the portion in blue. This is what determines what bits we can use to further subnet our network. We can determine what our network portion is by realizing that the mask of 255.255.255.0 is 24 bits of the IP address given to us.

 

  Second, we must determine the number of hosts or networks needed. In our example we will need 5 networks (subnets) and a minimum of 20 hosts in each subnet. A question that always comes up is “how do I know which subnet mask to use?” The answer is really up to you. You may find that there are 10 different possible masks you could use but if you meet your required needs, that’s what’s really important, however; the more bits you use in the subnet mask, the less you can use in the host portion (meaning you get less hosts but more networks.) Think of your network and hosts growth pattern; do you have 50 sites with 5 people (50 networks of 5 hosts) and growing; or do you have only one site with 10,000 users (1 network with 10,000 hosts)? What will happen if your company with one site of 10,000 users buys two other companies with one site and 10,000 users? It always pays to plan for growth; running out of options is something no network administrator wants to deal with.

 

 

Remember how we figured out how many hosts we could have?

 

1. We converted our given IP address to binary.

195.170.16.0 =



11000011.10101010.00010000.00000000





.

2. We looked at the subnet mask given to us by our ISP.

255.255.255.0 =



11111111.11111111.11111111.00000000





 

3.      We realized that we could only subnet the last octet (or 8 bits) of the IP address. This is the portion in blue above. To determine what the mask the ISP gave us (to figure out where to we can mask), just convert it into binary and look at the ones…when the ones stop that’s where the subnet mask stops.

 

4.      We counted the number of 0 bits (all in blue), which equals 8. We then use the formula 2N-2 (where N is the number of zero bits). 28-2 = 256-2 = 254, we can have a maximum of 254 hosts with this IP address. This would mean we purchased a class C address from our ISP and it has the default subnet mask. Remember that “bits”, not octets, define subnets.

 

 

195.170.16.0 =



11000011.10101010.00010000.00000000





 

255.255.255.0 =



11111111.11111111.11111111.00000000





Host portion, which we can use to subnet, is in Blue.

 

 

Let’s say we wanted to mask the address given to us by our ISP and we wanted to know how many subnets we could have (we need 5). Just use the same calculation you used to figure out the number of hosts but with a new twist, instead of using N to represent the number host bits; use it instead for the number of masked bits. For example, this is what was given to us:

 

 

195.170.16.0 =



11000011.10101010.11111111.00000000



255.255.255.0 =



11111111.11111111.11111111.00000000





Host portion of IP address is in Blue.

 

We need 5 networks, so let’s start by masking only 2 bits.

 

195.170.16.0 =



11000011.10101010.00011111.11000000



255.255.255.192 =



11111111.11111111.11111111.11000000





Masked bits are displayed in Red.

 

We have 2 bits so we calculate the number of subnets to see if it will be sufficient (22 = 4). 2 in this case, is representative of the number of “borrowed” bits (in red). The highlighted number is the number of subnets we will have if we use this mask. We need 5 subnets, so this mask will not fit our needs.

 

What if we try 3 bits (224) as a subnet mask, hopefully we will get at least five networks and hopefully allow for some growth at the same time

 

180.170.16.0 =



10110100.10101010.00011111.11100000



255.255.255.224 =



11111111.11111111.11111111.11100000





Masked bits are displayed in Red.

 

We have 3 bits so we use the “magic” calculation to figure out how many subnets (networks) we can have. The highlighted number is the answer.

 

23= 8

We can have 8 different subnets (networks) with this mask.

 

 

Now comes the very scary part. We are going to figure out what ranges our networks will be in. Hopefully, you really have your thinking cap on for this challenge.

 

Take the number 2 powered by the number of borrowed bits to get a subnet total (this is how many networks we will have) and then divide the total number of subnets into 256 for a range total – 2 = the number of hosts per subnet.

 

23 = 8 subnets (networks)         256 divided by 8 = 32 –2 = 30 hosts per subnet

 

This means our networks will be 0, 32, 64, 96, 128, 160,192, and 224.

Blue = an address that cannot be used as a host (because it is used as a network or broadcast address)

 

Network (Subnet)



Hosts per subnet



Host Range



Broadcast



195.170.16.0



30



195.170.16.1    to   195.170.16.30



195.170.16.31



195.170.16.32



30



195.170.16.33   to   195.170.16.62



195.170.16.63



195.170.16.64



30



195.170.16.65   to   195.170.16.94



195.170.16.95



195.170.16.96



30



195.170.16.97   to   195.170.16.126



195.170.16.127



195.170.16.128



30



195.170.16.129   to   195.170.16.158



195.170.16.159



195.170.16.160



30



195.170.16.161   to   195.170.16.190



195.170.16.191



195.170.16.192



30



195.170.16.193   to   195.170.16.222



195.170.16.223



195.170.16.224



30



195.170.16.225   to   195.170.16.254



195.170.16.255





 

 

 

 

You now should have a fairly decent understanding of sub-netting, but let’s try to expand a little further.

 

 

Super-netting

 

     Super-netting is a lot like sub-netting. The only difference is, instead of borrowing bits from the host portion, you reverse-borrow bits from the network portion of the IP address. Remember when we discussed the default IP classes (“natural masks”)? We learned that a Class C address usually has a subnet mask of 255.255.255.0 and we could only borrow address from the Host portion. That was only half of the truth; the whole truth is that you can borrow bits from almost anywhere, including the network portion of any given IP address. The process is identical to sub-netting but just reverse-borrow from the network portion. Remember that the more bits you borrow from the network portion of the IP address, the less number of networks you will have. You might need to super-net if you are given a class C address but you require more then 254 hosts on your network.

 

CIDR (Classless Interdomain Routing)

 

     CIDR used by routers, was basically created to aid in the prevention of large routing tables. If you have a large number of networks coming into one interface on your router, lets use 254 networks as an example. The networks range from 195.50.1.0 – 195.50.254.0 with a subnet mask of 255.255.255.0, as a router administrator, you do not want to set up 254 routes to each network. Instead you will use CIDR to tell the router that anything on network 195.50.0.0 (mask 255.255.0.0) should go to this interface. You are basically just being less specific in your routing table and the router is designed to realize that 195.50.1.0 – 195.50.254.0 all match the route of 195.50.0.0/16. The router will then send the message out the appropriate interface. It is important to note that you must have a full range of addresses to use CIDR. If you apply a CIDR route in your table and a host on your network sends a message to an external destination that matches a CIDR route, it will be sent to the interface in its CIDR table…not to the proper interface (leading to the external network). For example, we had 254 networks, but now let’s say we only have 253 networks (195.50.1.0 – 195.50.253.0). If we use a CIDR route in our table it would look like this

 

195.50.0.0             MASK 255.255.0.0                             SEND TO Interface Ethernet 0 (INT e0)

195.49.25.0             MASK 255.255.255.0                           SEND TO Interface Ethernet 1  (INT e1)

0.0.0.0                    MASK 0.0.0.0                                      SEND TO Interface Serial 0 (INT s0)

 

0.0.0.0/0 is a default or classless route

 

In the example of a routing table above: the blue entry is the CIDR route it tells the router “if a packet matches 195.50.X.X then send it to INT e0. The 0.0.0.0/0 entry tells the router “if you do not know where this destination (IP address) is… send it to the default gateway (or interface)”. The 195.49.25.0 route tells the router “anything destined for the 195.49.25.0 network…send it here”. So a packet with a destination address of 224.32.25.1 would not be applied to the CIDR route or to the 195.49.25.0 route, but would be applied to the 0.0.0.0 route (INT s0). If a packet had a destination address of 195.49.25.2, the router would route the packet to INT e1.

 

Now if an internal host sent a packet to the router with a destination address of 195.50.254.1, which matches the first 16 bits of our CIDR route, the router would match it to the CIDR entry and send it to INT e0.

 This would cause the packet to never reach the destination network; the router should have sent it to INT e1 but the address matched the CIDR entry so that is where the router sent it. The key is to be extremely careful when setting up a CIDR route in your table.
--The Devil is in the Details--
User avatar
weazy
Ex-Admin
 
Posts: 1688
Joined: Sun Jul 07, 2002 10:02 am
Website: http://www.hackerthreads.org
Location: any given

Return to “%s” Networking Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest

cron