Learn Cyber Security, How to InfoSec, Tutorials, and more about CyberSecurity!

Wednesday, 28 October 2015

Internet Protocol (IP)






           In the good old days back when Ben Kenobi was still called Obi Wan Kenobi, there was a wonderful network routing system called The Internet Protocol Version 4, also called IPv4. It had addresses made up of four bytes (four octets), and was commonly written in "dots and numbers" form, like so: 192.0.2.111 (you've probably seen it around).
In fact, every site on the Internet uses IPv4.
Things were great, until a man by the name of Vint Cerf(also well-known for being The Father Of The Internet) warned everyone that we were about to run out of IPv4 addresses.

Question: Run out of addresses? (I mean, there are like billions of IP addresses in a 32-bit IPv4 address)
Answer: In the beggining, when there were only a few computers and everyone though a billion was an impossibly large number, some big organizations were generously allocated millions of IP addresses for their own use. Now we're living in an era where we're talking about every human having an IP address, every computer, every calculator, every phone, every parking meter, etc.

And so, IPv6 was born. Since Vint Cerf is probably immortal (he is probably already existing as some kind of hyper-intelligent ELIZA program out in depths of the Internet), no one wants to have to hear him say again "I told you so" if we don't have enough addresses in the next version of the Internet Protocol.
IPv6 form is in hexadecimal representation, with each two-byte chunk separated by a colon, like this:


2001 : 0db8 : c9d2 : aee5 : 73e3 : 934a : a5ae : 9551


That's not all! Lots of times, you'll have an IP address with lots of zeros in it, and you can compress them between two colons. And you can leave off leading zeros for each byte pair. For instance, each of these pairs of addresses are equivalent:


2001 : 0db8 : c9d2 : 0012 : 0000 : 0000 : 0000 : 0051
2001 : db8 : c9d2 : 12 : : 51

2001 : 0db8 : ab00 : 0000 : 0000 : 0000 : 0000 : 0000
2001 : db8 : ab00 : :

0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
: : 1


The address : : 1 is the loopback address. It always mean "this machine I'm running on now". In  IPv4, the loopback address is 127.0.0.1.
Finally, there's and IPv4-compatibility mode for IPv6 addresses that you might come across. If you want, for example, to represent the IPv4 address 192.0.2.33 as an IPv6 address, you use the following notation: ": : ffff : 192.0.2.33"
There are a lot of IPv6 addresses left for all men, women, childrens, etc.


SUBNETS
            For organizational reasons, it's sometimes convenient to declare that "this first part of this IP address up through this bit is the network portion of the IP address, and the remainder is the host portion."
For instance, with IPv4, you might have 192.0.2.12, and we could say that the first three bytes are the network and the last byte was the host. Or, put another way, we're talking about host 12 on network 192.0.2.0.
There were "classes" of subnets, where the first one, two, or three bytes of the address was the network part. If you were lucky enough to have one byte for the network and three for the host, you could have 24 bits-worth of hosts on your network (16 million or so). Tha was a "Class A" network. On the opposite end was a "Class C", with three bytes of network, and one byte of host (256 hosts, minus a couple that were reserved). So as you can see, there were just a few Class A, a huge pile of Class C, and some Class B in the middle.
              The network portion of the IP address is described by something called the netmask, which you bitwise-AND with the IP address to get the network number out of it. The netmask usually looks something like 255.255.255.0 (with that netmask, if your IP is 192.0.2.12, then your network is 192.0.2.12 AND 255.255.255.0 which gives 192.0.2.0)
Unfortunately, it turned out that this wasn't fine-grained enough for the eventual needs of the Internet; we were running out of Class C networks quite quickly, and we were most definitely out of Class A. To remedy this, The Powers That Be allowed for the netmask to be an arbitrary number of bits, not just 8, 16, or 24. So you might have a netmask of, say 255.255.255.252, which is 30 bits of network, and 2 bits of host allowing for four hosts on the network.
               But it's a bit unwieldy to use a big string of numbers like 255.192.0.0 as a netmask. First of all, people don't have an intuitive idea of how many bits that is, and secondly, it's really not compact. So the New Style came along, and it's much nicer. You just put a slash after the IP address, and then follow that by the number of network bits in decimal like this: 192.0.2.12/30 (or for IPv6 like this: 2001 : db8 : :/32 or 2001 : db8 : 5413 : 4028 : : 9db9/64)


PORT NUMBERS
                Turns out that besides an IP address (used by the IP layer), there is another address that is used by TCP (stream sockets) and, coincidentally, by UDP (datagram sockets). It is the port number. It's a 16-bit number that's like the local address for the connection (think of the IP address as the street address of a hotel, and the port number as the room number).

Question: Let's say you want to have a computer that handles incoming mail AND web services - how do you differentiate between the two on a computer with a single IP address?
Answer: Well, different services on the Internet have different well-known port numbers. You can see them all in the Big IANA Port List or, if you're on a Unix box, in your /etc/services file. HTTP/HTTPS (the web) is port 80/8080, telnet is port 23, SMTP is port 25, the game DOOM used port 666, etc. Ports under 1024 are often considered special, and usually require special OS privileges to use.

References:
1. Beej's Guide to Network Programming - Copyright © 2015 Brian “Beej Jorgensen” Hall  

0 comments:

Post a Comment

Popular Posts

Recent Posts

Powered by Blogger.