David Hamann

Hi, I'm David

I'm a software developer, penetration tester and IT consultant.

Currently I'm working on allgood.systems - a tool for monitoring your websites and cron jobs.

Basic understanding of IPv4 addresses

16 minute read

In a recent project I needed to anonymize IP addresses in tracking data. While masking a few bits from an IP address is not so interesting, it’s a good excuse to review some of the basics of how (IPv4) IP addresses work.

What’s an IP address and how does it look like?

To be able to route traffic through a network (e.g. your local network or the internet), we need a way to uniquely identify devices on that network, i.e. we need addresses.

IPv4 (or Internet Protocol version 4) uses 32-bit numbers as addresses which are usualy represented in decimals in a dot-separated format so that we humans can easier grasp them.

Let’s make up the IP address 192.168.123.123 and then take it apart.

The parts

To identify hosts on different (sub-)networks, an IP address consists of two parts: one part to identify the network, and one part to identify the host (a device, like your computer).

To help separate the parts, let’s first see how IP addresses really look like as 32-bit numbers:

192.168.123.123 represented as 32-bit number is 11000000.10101000.01111011.01111011 because

  • 192 => 11000000
  • 168 => 10101000
  • 123 => 01111011
  • 123 => 01111011

The parts separted by the dot are usually referred to as octets, which means a grouping of 8 bits, i.e. 1 byte. So we could call 11000000 the first octet of the address.

When a router gets a data packet it needs to know which network (!) to send it to. Only after having arrived at the desired network, the packet can then be delivered to the target host (e.g. your computer). To make all this possible, there needs to be a way to figure out what part of an address tells us what.

For our sample address, we could say 192.168.123.0 is the network part and 0.0.0.123 (.123 being the last octet) is the host part.

But network and host parts do not always have the same length, so how do we know where the network part ends and the host part begins? By looking at another 32-bit number, called the subnet mask.

Let’s see how.

The subnet

Just as we did for the IP address, let’s look at the subnet mask 255.255.255.0 in binary.

255.255.255.0 represented as 32-bit number is 11111111.11111111.11111111.00000000 because

  • 255 => 11111111
  • 255 => 11111111
  • 255 => 11111111
  • 0 => 00000000

When we now look at our IP address 192.168.123.123 or 11000000.10101000.01111011.01111011 again, we see that for each of the 24 first bits we have a 1 at the same position in the subnet mask, and a 0 for the part that we previously called the host part.

Putting this together: 192.168.123.123 with the subnet mask 255.255.255.0 gives you 192.168.123.0 as the network address and 000.000.000.123 as the host address.

The first 1s in the subnet mask (also called the routing prefix) don’t need to be 24. They could also be 25 or 26, or just 16.

Depending on how your subnet mask looks like you have more or less host addresses available: for example 254 for 24 with 255.255.255.0, or 65534 for 16, with a subnet mask 255.255.0.0).

Note: Another way you might see IP addresses and subnets written is in the form of 192.168.123.123/24 where /24 refers to the subnet (255.255.255.0, 24 bit network size).

Take a look at this subnet cheatsheet to quickly look up masks and addresses: https://www.aelius.com/njh/subnet_sheet.html.

Missing something?

You may ask yourself why 254 and not 256 hosts for a mask like 255.255.255.0. This is because addresses ending in 0 or 255 (e.g. 192.168.123.0) are a special case.

While in theory it is possible to have an address ending in 0, it is generally not the case as these IPs are used to specify the network part or to act as broadcast addresses (i.e. to send information to all hosts within the network/subnet).

A word on address space

When looking at IP addresses in binary, it’s easy to see where the limit is. Using 32-bit addresses limits us to \(2^{32}\) addresses, including reserved blocks of addresses for private networks (this is why your local IP addresses generally begin with 192., 10. or 172.).

While more than 4 billion addresses seem like a lot, it is not enough to cover the future number of devices that want to connect to the internet and request an IP (think of all the IoT devices). This is one of the reasons why we are moving towards IPv6 with an address space of 128 bits (Google has a graph of the adoption).

This is not all

There’s much, much more to IPv4 and a lot more layers are involved to fully understand what’s going on. I hope this post answers the basic questions you may have when hooking up your computer to a network. If you want to easily learn more, Wikipedia is a good start.

Like to comment? Feel free to send me an email or reach out on Twitter.

Did this or another article help you? If you like and can afford it, you can buy me a coffee (3 EUR) ☕️ to support me in writing more posts. In case you would like to contribute more or I helped you directly via email or coding/troubleshooting session, you can opt to give a higher amount through the following links or adjust the quantity: 50 EUR, 100 EUR, 500 EUR. All links redirect to Stripe.

You May Also Enjoy

Building a 6502 Computer

71 minute read

My notes of building a computer based on the 6502 microprocessor following Ben Eater’s design.