Book Chapters 

Chapter 16: IP Addresses:
 

"We are all now connected by the internet, like neurons in a giant brain".
-    Stephen Hawking, English theoretical physicist and cosmologist

IP Addresses form the backbone of the internet which in turn is just a bunch of separate networks connected together. 

What are Internet Protocol Addresses?
We receive our postal letters because the address uniquely identifies our home, right? Similarly, every system on the internet has a unique logical address, to route the data properly. Even within the private networks, every system has a unique IP-address, for machines to communicate with each other. 

IP addresses are currently 32-bit binary strings, normally seen by us in dotted decimal format, for example, 223.58.1.10. The decimal numbers here have no meaning in isolation.  

They specify a particular connection in a network, which can be retrieved by RARP (Reverse Address Resolution Protocol). 

What does Internet Protocol mean?
Internet Protocol describes a set of standards and requirements for creating and transmitting data packets or datagrams across networks. In the OSI model, IP is considered a part of the network layer (we shall study the OSI model later). IP is traditionally used in conjunction with a higher-level protocol, most notably Transmission Control Protocol (TCP). 

Most of the networks and systems in the internet are currently configured for IPv4.

Who Allocates IP Addresses?
The IP Addresses are assigned by an organization called IANA (Internet Assigned Numbers Authority) which then delegates the address assignment to Regional Internet Registries (RIRs). Historically, majority of the IPv4 addresses were assigned to the sites in US and Europe.

How many IP Addresses are there?
The IPv4 addresses can be broken up into four 8-bit sequences. So the maximum number of IP addresses permissible are 232—or 4,294,967,296.

IP Address Format and Classes:
 

Originally the IPv4 version was defined in 1981 and addresses were divided into five classes as shown below. The initial bits determine the class, and they differ in network and host address.

Class A - Addresses 1.0.0.0 to 127.255.255.255

The first bit of the first octet is always set to zero. So, it can have 126 networks (27-2) and 16777214 hosts (224-2). The default subnet mask for class A IP address is 255.0.0.0. 
Format:0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH.

Class B- Addresses 128.0.0.0 to 191.255.255.255

The first octet of this class has its first 2 bits set to 10. Class B has 16384 (214) Network addresses and 65534 (216-2) Host addresses. The default subnet mask for Class B is 255.255.x.x.
Format: 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH

Class C - Addresses 192.0.0.0 to 223.255.255.255

The first octet of this class has its first 3 bits set to 110. Class C gives 2097152 (221) Network addresses and 254 (28-2) Host addresses. The default subnet mask for Class C is 255.255.255.x.
Format: 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH

Class D- Addresses 224.0.0.0 to 239.255.255.255

The first four bits of the first octet in class D IP addresses are set to 1110. Class D is reserved for multicasting. In multicasting the data is not intended for a particular host, rather multiple ones. That is why there is no need to extract the host address from the class D IP addresses. The Class D does not have any subnet mask.

Class E - Addresses 240.0.0.0 to 255.255.255.255

The class E IP addresses are reserved for experimental or study purposes. This class too does not have any subnet mask.

Network Part:
The Network part of an IP Address identifies the class of the network. Thus, all the five classes are identified by the first octet. Classes A, B and C are the most important classes.

Host Part:
Host uniquely identifies the machine on a network. For all the hosts on a network, the network part of the IP address remains the same while the host part changes.

 

Types of IP Addresses:
 

The IP addresses are classified into:

  1. Static IP addresses
  2. Dynamic IP addresses

Static IP Addresses:
As the name suggests, the static IP addresses usually never change. They are permanent internet addresses, providing a simpler and reliable way for communication. From the static IP address of a system, we can get the following details: 

  • Internet Service Provider 
  • The continent, country, region and city in which the computer is located 

We can find our IP addresses at http://whatismyip.org/


 

Dynamic IP Addresses:
Dynamic IP addresses are the temporary IP addresses. They are assigned to a computer each time it connects to the internet. They are actually borrowed from a pool of IP addresses shared between the computers. 

Static IP addresses are considered less secure than dynamic IP addresses because they are easier to track.

Exclusions:
Some IP address ranges are excluded from the above classes. For example, all the IP addresses of the form 127.xx.yy.zz are used for diagnostics. 
Similarly, Private IP addresses are excluded as explained below.

Private IP Addresses:
These IP Addresses are used only on networks not connected to the internet. As such, packets from these networks are not routed across the public internet. This allows private networks to use the internal IP addresses without interfering with other networks. These IP Addresses include: 
10.0.0.1 - 10.255.255.255, 172.16.0.0 - 172.32.255.255, 92.168.0.0 - 192.168.255.255
 
Special Addresses:
Certain IPv4 addresses are reserved for specific purposes:
127.0.0.0    Loop back address 
224.0.0.0    IP Multicast
255.255.255.255    Broadcast 

What is Sub-netting?
 

In sub-netting we take away some bits from the host portion of the IP address and use them to identify the subnet. This is only visible to hosts and routers on the local network. 
For this purpose, the network administrator defines a subnet mask, a string of 32 binary digits indicating the boundary between the subnet and the host sections of the “local” potion of an IP address.  

Example 1:
Consider a Class A IP address of 9.67.38.1. Here, 9 is the network address and 67.38.1 identifies a particular host on that network. Suppose the network administrator wants to use the bits 8 to 25 to identify the subnet, leaving the bits 26 to 31 for the host addresses. This is done with a mask which is all 1's from the bits 0 to 25 and the remainder set to 0's:
Mask: 11111111 11111111 11111111 11000000

The subnet is then identified by ANDing the complete IP address with the mask as shown below: 
00001001 01000011 00100110 00000001 = Class A address 9.67.38.1
00001001 01000011 00100110 00000000 = Subnet base address 9.67.38.0

Example 2: 
Suppose a class C network has the subnet mask:
Mask: 11111111 11111111 11111111 11100000

This means that the first three bits from the host ID are used to identify the subnet, and the remaining 5 bits indicate the host itself. Take a host with an IP address:
11010100 01110010 00010000 01110001 = 212.114.32.113

Applying the subnet mask gives us:
11010100 01110010 00010000 01100000 = 212.114.32.96
The host ID proper comes out as 00010001 = 17.

For compatibility, routers include masks for un-subnetted addresses:
A.    255.0.0.0
B.    255.255.0.0
C.    255.255.255.0
D.    N/A
E.    N/A

 

What is IPv4 Address Exhaustion Problem?
 

The original IPv4 was designed for DARPA, a test network that eventually became the internet. At that time, 232 or 4.3 billion IP addresses certainly seemed sufficient. However, the last top-level address blocks were allocated in 2011 and the world then ran out of IP addresses!  

A shortage of IP addresses created panic and desperation. Suddenly, companies were scrambling to buy unused IP addresses from other companies for millions of dollars.
Fortunately, researchers had anticipated this, based on the growth of internet use and the development of IP-connected devices. Thus, IPv6 has been in development for nearly two decades by Internet Engineering Task Force. And now this next-generation IP addressing protocol is ready to replace IPv4 to become the backbone of internet connectivity.

New comers to the internet especially in highly populated countries such as China, India or Indonesia have been planning and using IPv6 to overcome the IPv4 address limitation. 

Goodbye IPv4, Hello IPv6:
IPv6 addresses are made up of 128 bits and thus allows 2^128 i.e. 3.4×10^38 addresses. 

A theoretical maximum of 340,282,366,920,938,463,463, 374,607,431,768,211,456. That’s over 340 undecillion addresses, which is reportedly enough to assign one IP address to every single atom on the surface of the earth! In other words, we shall never run out of IP addresses again.

IPv6 Formats:
IPv6 IP address is typically written in hexadecimal format separated by colon. The following is an example of IPv6 address.
2002:4559:1FE2::4559:1FE2
In the above example :: indicates that there are multiple 0’s in that location. Typically the IPv6 format can be written down in three ways:

IPv6 Compressed: (0000 is not displayed) – 2002:4559:1FE2::4559:1FE2
IPv6 Uncompressed: (0000 is displayed as 0) – 2002:4559:1FE2:0:0:0:4559:1FE2
IPv6 Fully Uncompressed: (0000 is fully displayed) – 2002:4559:1FE2:0000:0000:0000:4559:1FE2

With IPv6 addresses being so long, there are conventions for their abbreviation. Firstly, the leading zeros can be truncated. For example “0000” can be written simply as empty or “:0033:” can be written as “:33:”.

Secondly, any consecutive sections of zeros can be represented by a double colon. This may be done only once in any address. The number of sections removed using this abbreviation can be determined as the number of sections required to bring the address back to eight sections. For example, 2DAB::DD72:2C4A would need five sections of zeroes in place of the double colon.
(2DAB:0000:0000:0000:0000:0000:DD72:2C4A)

Similarly, the loopback address
0000:0000:0000:0000:0000:0000:0000:0001
may be abbreviated as ::1.

IPv6 Private Addresses:
Like in IPv4 certain address blocks in IPV6 are reserved for private networks. These addresses are not routed over the public internet. In IPv6, these private addresses are called Unique Local Addresses (ULA). For example, addresses from the FC00:: /7 block.

 

Name Resolution - Domain Name System:
 

In both IPv4 and IPv6, remembering the IP address of every device is not possible, except on the smallest of the networks. Name resolution provides a way to lookup an IP address from its name. 

On the internet, name resolution is handled by the Domain Name System (DNS). With DNS, a name in the format host.domain can be used in place of the destination’s IP address. When the connection is initiated, the source host requests the IP address of the destination host from the DNS server. The DNS server then replies with the destination’s IP address. This IP address is then used for all the communications sent to that name.

Benefits of IPv6 over IPv4:
The main benefits of IPv6 over IPv4 are:

  • Better end-to-end connectivity.
  • Comparatively faster routing.
  • Ease of administration.
  • More security for applications and networks.
  • Better multicast and any-cast abilities.
  • Better mobility features.

IPv6 follows the key design principles of IPv4 so that the transition from IPv4 to IPv6 is smoother. However, IPv6 has not become as popular as IPv4.
 
While many networks are now configured for both IPv4 and IPv6, there are still a huge number of networks and systems in the internet that works only for IPv4. But eventually all these systems might shift to IPv6 paradigm. 

How IP Works?
IP is designed to work in a dynamic network, thus a datagram oriented connectionless protocol. So, each packet must contain the source IP address, destination IP address and other data in the header, in order to deliver successfully.

How ISPs Assign IP Address to Home Users?
Usually very big ISPs, such as Comcast in US, have enough pool of public IP addresses to assign them dynamically to its customers via Dynamic Host Configuration Protocol (DHCP). Every customer is given a “lease time” to use that static IP. 

When an ISP is running out of public IP addresses, it first tries to find if there are inactive customers (that have been assigned an IP address, but recently inactive/ down) or it might even block (or temporarily disable) access to customers who have not refreshed their IP for quite some-time.

Some other ISPs simply use Network Address Translation (NAT) and assign non-public IP addresses to customers via carrier-grade NAT, but this may break transparency of services for hosting/ port forwarding. 

Assignment of IP Address depends on the ISP. A strict ISP may track every single piece of equipment on the network, by maintaining a database about all the subscribers and the MAC addresses. Though, most ISPs are still using public IP addresses, this is not a requirement. It would be much easier for an ISP to put all of their subscribers behind a carrier-grade NAT system. 

Chapter 17: MAC Address:
 

"When wireless is perfectly applied the whole earth will be converted into a huge brain, which in fact it is, all things being particles of a real and rhythmic whole. We shall be able to communicate with one another instantly, irrespective of distance".
-    Nikola Tesla, Serbian-American scientist

Similar to IP addresses, MAC addresses too form the backbone of internet connectivity. Every device connected to the internet supposedly has a unique MAC address too. Some of us now might wonder why we need this unique identifier, when IP address is unique itself? 

In this chapter, we shall read in detail about MAC Addresses, their format, usage and much more. 

What are MAC Addresses?
MAC address is short for Media Access Control address of 12 characters, assigned to each piece of hardware that connects to the internet. The MAC Address is generally provided to the network adapters and similar hardware by the manufacturer, at the factory. The address is burned into the ROM of the Network Interface Card (NIC). 

Every device has a unique MAC address, and is also called the “physical” or “hardware” address.


 
 

MAC Address Format:
 

A MAC address is a 12-digit hexadecimal number (48 bits in length) where each digit can be any number from “0 to 9” or letter between “A to F”. For readability sake, the string is divided into chunks. There are three common formats, the first being the most common and preferred:

  • 68:7F:74:12:34:56
  • 68-7F-74-12-34-56
  • 687.F74.123.456

The first six digits (called the “prefix”) represent the manufacturer of the adapter, while the last six digits represent the unique identification number for that specific adapter. 

Some manufacturers, such as Dell, place a unique identifier in the MAC address, which is called the Organisationally Unique Identifier (OUI) and identifies the manufacturer. The OUIs of some well - known firms are:

  • Dell: 00-14-22
  • Cisco: 00-40-96
  • Nortel: 00-04-DC

Some firms may have more than one MAC addresses.

Where are the MAC Addresses Used in the Internet?
MAC addresses are used as network addresses for most IEEE 802 network technologies, including Ethernet, Bluetooth and Wi-Fi. Logically, MAC addresses are used in the media access control protocol sub-layer of the OSI reference model.

One of the applications of the MAC address is in filtering process on wireless networks. In order to prevent strangers from accessing a network, the router is set to accept only specific MAC addresses. In this manner, even if the IP address changes, for example in the case of dynamic IP address, the MAC address can still identify the device perfectly.

Can Someone Misuse my MAC Address?
MAC addresses are used only "internally", between us and our immediate gateway. They can’t be used to locate us. However, revealing the MAC address poses some serious risks:

  • MAC address uniquely identifies our device, unless we change it.
  • The first digits of the MAC address identifies our device manufacturer. Theoretically, this information can be used to take advantage of the device’s vulnerabilities.
  • If a software relies only on the MAC address to give access to data, it can lead to data theft.
  • MITM attack: A hacker can spoof our router’s MAC address and pretend to be the router, to steal the credentials by doing 'Man in the Middle' attacks.

Example:
Suppose, we're staying at the same hotel. The hotel has a Wi-Fi hotspot, to which both of us have access. Additionally, I have bought an internet pass, which enables me to connect to the internet through the hotspot.

If you somehow sniff my MAC address, you could connect to the Wi-Fi network disguising as my network card, therefore gaining access to the internet. All the traffic that you shall generate will appear to come from my computer.

Having MAC Address Facilitates Analyzing the Log Files:
Network log files often contain an IP address and some information about the connection. For example, the following fictional log entry indicates that a device with an IP address 10.10.100.123 connected to a system with an IP address 216.58.210.46 (google.com) on port 443 (HTTPS).

TIMESTAMP        | SOURCE IP:PORT       | DEST IP:PORT
-----------------------------------------------------------
2016-08-05 12:11 | 10.10.100.123:123456 | 216.58.210.46:443

Further research in another log file (e.g. DHCP leases) could indicate that the internal IP address 10.10.100.123 was handed out to the MAC address 01:23:45:67:89:01.

IP ADDRESS    | MAC ADDRESS       | LEASE START      | LEASE END
-----------------------------------------------------------------------
10.10.100.123 | 01:23:45:67:89:01 | 2016-08-03 09:35 | 2016-08-10 09:35

This MAC address can then be matched to the network adapter of a particular individual.
 

How to Find the MAC Address?
 

Windows Computers:

  • Open a “cmd” Window. 
  • Type “ipconfig /all” and press enter. 

A set of values appears. The MAC address is listed under the description of “Physical Address”.

Checking Root Availability:
To check the root availability, download the “Root Checker” app from the Google Play Store. 

Root Checker:

  • Open the app. 
  • Tap on “Verify Root” to check the root status. 

Precautions while Changing the MAC Address:
One of the precautions while assigning a new MAC address is that we should not change the manufacturer’s name. This is represented by XX:XX:XX, i.e, the first 6 places or digits. If we change it, we may face Wi-Fi authentication problems. 

So if our original MAC address is a2:63:f4:h5:67:vt, then we can change it to something like a2:63:f4:XX:YY:ZZ, where XX:YY:ZZ may be any valid MAC address. We can try MAC address generator to find the new MAC addresses.

How to Change the MAC Address of Android Devices?
Here’s a step by step guide to spoof/ change the MAC address of Android devices. 

Method 1: Change MAC Address without Root Access:
Know the MAC Address of your Phone: 

To know this, go-to Settings > Wi-Fi & Internet. On the next page, you shall see your device’s MAC address under the Network Details. You should note down the MAC address.

Now, download an app called “Android Terminal Emulator” from the Google Play Store: 
 
Terminal Emulator for Android:

  1. Open the app. Type “IP link show”.
  2. Find your interface name from the list. Suppose, your interface name is “wlan0”. Now, type this command in the terminal emulator to change the MAC address: “ip link set wlan0 XX:XX:XX:YY:YY:YY” where you need to replace “wlan0” with your own interface name and “XX:XX:XX:YY:YY:YY” with your new MAC address.
  3. Now verify if your MAC address has changed properly.

Limitations:
There are two limitations with this method. Firstly, it works only on devices with the “MediaTek processors”. Secondly, the change is temporary. Our MAC address reverts back to the original on restarting the phone.

Method 2: Change MAC Address with Root Access:
This method only works on rooted Android devices. For this method to work, you should install Busybox in the rooted Android phone.

Open the app and tap on “Install”.

What are the MAC Addresss Used for?

 

MAC address is a hardware address and is designed to work with switch or bridge which works at the data-link layer of the OSI model. Whenever we send a packet from 192.168.10.2 to 192.168.2.8 network, the router knows that the destination computer is in the 192.168.2.0 network. It sends the packet to the destination router which is connected to the 192.168.2.0 network and the destination router ensures that the packet reaches the correct network.

Thus, MAC addresses makes our Ethernet based networks work. Packets that are sent on the Ethernet are always coming from a MAC address and are sent to a MAC address. When a network adapter receives a packet, it compares the packet’s destination MAC address to the adapter’s own MAC address. If the addresses match, the packet is processed, else discarded.

There are special MAC addresses, for example ff:ff:ff:ff:ff:ff, which are broadcast addresses and address every network adapter in the network.

How IP Addresses and MAC Addresses Work Together?
IP is a protocol that works on a layer above Ethernet. When our computer wants to send a packet to some IP address x.x.x.x, then it first checks if the destination IP address is in the same IP network. If x.x.x.x is in the same network, then the destination IP address can be reached directly, otherwise the packet is sent to the configured router.

Now we have two IP addresses: One is the original IP packet’s target address and the other is the IP address of the device to which we should send the packet (the next hop, either the final destination or the router).

Since Ethernet uses MAC addresses, the sender needs to get the MAC address of the next hop. There is a special ARP (Address Resolution Protocol) for that. Once the sender has retrieved the MAC address of the next hop, it writes the target’s MAC address into the packet and sends the packet.

IP networks maintain a mapping (association) between the IP Address of a device and its MAC address. This mapping is known as the ARP Cache or the ARP Table. Address Resolution Protocol supports the logic for obtaining this mapping and keeps the cache up to date.

How does ARP Work?

ARP itself is a protocol above Ethernet, like IP or IPX. When a device wants to know the MAC address for a given IP address, it sends a packet to the broadcast MAC address asking “Who has this IP address y.y.y.y?” All the devices receive that packet, but only the one with the said IP address y.y.y.y responds with a packet “It’s me.” The asking device receives the answer and now knows that the source MAC address is the right MAC address to use. Also, the result is cached, so that the device does not need to resolve the MAC address every time.

What is Routing?
Low level Ethernet and MAC addresses can only reach the devices on the same network (cabled or wireless). If we have two networks with a router in between, a device in network A cannot send a packet to a device in network B. No device in network A has the MAC address of the devices in network B and vice versa, so a packet to this MAC address will be discarded by all the devices in the other network and also by the router.

Routing is done on the IP level. The router receives packets for its own MAC address but for a different IP address. It then checks if it can reach the target IP address directly. If so, it sends the packet to the target. Otherwise the router itself also has an upstream router configured and sends the packet to that router.

Our home router has only one upstream router configured, but in the internet, the big routers have multiple routing tables so that they know the best way for all the packets.

During network communication the Address Resolution Protocol (ARP) for IPv4 or the Neighbour Discovery Protocol (NDP) for IPv6 translates the IP Address into a NIC.