Hacker Fundamentals: A Gentle Introduction to How IP Addresses Work
Imagine you're in Paris and you need to get to Versailles. Looking around for directions, you come to a cold realization—you do not speak a lick of French! How are you going to get to Versailles and what happens if there is a detour? It will be a difficult struggle, and you'd probably get lost and eventually fail. This is why it's important to know some of the country's language before taking that trip in the first place.
This is the same approach you should take with IT security. Only this time, you are not in Paris, you are in your bedroom looking for open and vulnerable machines on some host ranges. You look at the IP addresses in slight confusion—you know what an IP address is, but do you know what it does? Can you tell how large the network is from its IP? This is the language of the Internet.
In this article, I will provide a gentle technical introduction to IP addresses, explaining how they are more then just a bunch of numbers that point to a resource. These networking topics will slowly ramp up, and by the time all is said and done in this series, you will find yourself much more comfortable at the helm.
In a nutshell, an IP address is a unique identifier for a location and/or resource on the Internet or TCP/IP network. I am sure most of you reading this knew that, so let's break those numbers down a little bit.
The current version of Internet Protocol, or IP, is version 4. This version allows four octets of data to represent an IP address. Each octet is considered to be the same as a byte, and there are 8 bits in every octet for a total of 32 bits. A bit itself can be one of two values, usually represented as 1 or 0. Finally, each octet is separated by a period.
The newer IP version 6 (IPv6) standard features addresses 16 bytes (128 bits) in length, however this has not gained widespread support yet, and IPv4 remains the standard still today.
There are two notations to show an IPv4 address—decimal and binary. You are most likely familiar with the former example of 126.96.36.199. Probably less so with a binary address like 11000001 10000011 00011011 11111111.
Want to learn more about binary? Click here.
An address is also divided into three classes; A, B, and C. While there are two more classes, they lay beyond our scope right now, as they are only used for special roles like multicasting. These three classes have a fixed number of IP addresses, as shown below. In each address, there is a "class identifier," a "network identifier" and a "host identifier" encoded.
As you can see, an A-class network has a large amount of possible hosts, whereas a C-class network only has 254 available.
I know you're already burning to know why a C-class only has 254 host addresses available, and not the full 256. If you calculated the number of hosts for the B- and A-classes, too, you'll have realized that they are also smaller by two hosts from the theoretical maximum. The answer is that the lowest address, the one with all bits in the host part set to 0 is used to address the network itself, and the highest address, having all bits of the host part set to 1, is used as broadcast address, meaning all hosts in this net.
- A bit can be one of two values, usually represented as 1 or 0.
- A byte is 8 bits.
- As a binary sequence of eight 1's or 0's. Ex: 11001100
- As a decimal number. For example, the above binary number's decimal equivalent is 204.
- As there are 8 bits in a byte, each byte can represent 256 possible values.
So, the binary would be 11111111.11111111.11111111.11111111, making the address you see 255.255.255.255.
Likewise, a binary address of 00000000.00000000.00000000.00000000 would be 0.0.0.0.
This all might seem confusing now, but hang tight, because it will make much more sense in my next article about subnets and diving up a network. For right now, just file this little bit of information away. The key is to take away the idea of separate classes and how they determine network size.
Humans, being somewhat different from computers, have difficulty remembering lots of similar numbers. Working with names is much easier for us and less prone to errors. That's why you rarely see the bare numbers on the Internet. In fact, when you enter a URL into your browser to view a website, your request must first be translated from the readable written address, into an IP address that can be routed. This translation is done by the Domain Name System, in short: DNS.
If you send off a request to connect to a certain website, let's say www.yahoo.com, you actually first send a request to the DNS server to lookup and translate into the correct IP address of 188.8.131.52. With this IP address, you then make the actual connection to the website. This happens behind the scenes and usually quick enough you don't notice.
Also note, there is nothing stopping you from just typing an IP address into your web browser and connecting that way either.
Once you grasp these entry level networking concepts, they will be the foundation for your hacking. As you understand network architecture more, you will understand how some attacks work, and why others do not. I have always thought the proper hacker must have knowledge in programming, networking and operating systems.
In the next article, I will go into how to divide your networks up using subnetting. We will then go over DMZs and why you must know how to work through them in order to get to the real target and all of the juicy data.
- 127.0.0.1 — The loopback interface address. All 127.x.x.x addresses are used by the loopback interface which copies data from the transmit buffer to the receive buffer of the NIC when used.
- 0.0.0.0 — This is reserved for hosts that don't know their address and use BOOTP or DHCP to determine their addresses.
- 255 — The value of 255 is never used as an address for any part of the IP address. It is reserved for broadcast addressing.