I was reading about IP and how it actually saves 2 datas: Network and Host.
But there are few things which aren't that clear to me.
What is an example of network? Is each home with its own router considered one network? Or one of those large companies like ATT, Orange etc...
What is an example of Host? How is Host different when compared to network? Is every device under same router considered a Host?
Does the split (of host and network) hold true too for local devices under same router.
If 2 octals are for network then we can only have 2^16 networks in the world which doesn't make sense.
Please Help me understand by answering them all by order.
I think perhaps your source of information is not reliable, or you may have misinterpreted some of it. An IP address (in version IPv4, which is still dominant even today) is 32 bits, or 4 "octets" in length. Those 32 bits uniquely identify a single network interface on a single computer. Some number of the upper bits are used to identify what network the computer is on, and the rest to identify the specific machine on that network. How many bits are used to identify the network will vary. Note that, since 32 bits have not been really sufficient for the past 25(?) years, several schemes have been devised to re-use certain address ranges. My personal computer, for instance, is in the range 192.168.x.x, behind a normal consumer-grade router. Other tricks exist.
The best book on IP networking I have found is "TCP/IP Illustrated" by W. Richard Stevens, Addison-Wesley Publishing, ISBN 0-201-63346-9. Quite easy to read; just volume 1 will answer almost any question. Volume 2 is about implementation, while volume 3 is a bit "fluffy", and can be ignored.
Related
I've been told that it is bad practice to have two interfaces on the same device on the same subnet. i.e. two Ethernet ports on a switch should be on different subnets. Could somebody explain why this is the case? (preferably simply as possible as I'm new to networking)
Because routing in your OS normally sets one of Ethernet card as out gate to specified subnet and all traffic to this subnet will have only 1 output. Second route to same subnet will have bigger Metrik value and will use to send some data if first interface is down. Even if somebody will send request to second interface answer can have first Ip as sender.
If you try to increase throughput to subnet you must use aggregation of Ethernet link. you`ll have 2 physically link and 1 IP.
subnet is the logical division of the IP network based on the subnet-mask/netmask. So unless you plan to have two different separate networks, you need not to have two different subnets. This link explains most of the possible cases to explain what it means by subnetworks on a switch.
Whether two interfaces on the same subnet is good or bad depends entirely of what you're trying to accomplish.
If you need link redundancy or a simple way of load sharing (L2 or L3) it may the right way to go.
If you need network/uplink redundancy or a more complex way of load sharing (L3 only) you connect to two different networks (multi-homing). This is also the setup for a router connecting the two networks.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I want to establish an UDP communication between two peers, say Alice and Bob. Alice is behind a port restricted cone NAT (so that the same internal port gets mapped to the same external port even if the destination is changed), while Bob is behind a symmetric NAT (which means that the external port will change every time a new destination is chosen regardless of the internal port, thus making the external port unpredictable). I have a server in between and I want to make an UDP hole punch.
I implemented the following strategy:
Bob opens a large number of ports and from all of them sends a packet to Alice's external port (he gets to know if through the server).
Alice sends packets to Bob's NAT at random ports until the connection is established.
Having two NATs of those types at hand, I did some experiments. Bob opens 32 ports, and Alice sends 64 packets every 0.1 seconds. The connection is usually established within 1 or 2 seconds, which is more than suitable for my needs.
However, I was wondering if I could get in trouble with some strict NAT routers or firewalls. On example, could it happen that a router won't allow an internal peer to open 32 ports? Or (and this sounds somehow more likely) could it happen that a router that sees a lot of packets incoming on random ports that get dropped will blacklist the ip and drop all its packets for some time? I read that sometimes this could happen in case of a DoS attack but my packet rate is something like 4 to 6 orders of magnitude lighter than a DoS attack.
I am asking about reasonable network configuration: I am pretty sure that in principle it is possible to setup a firewall to behave in that way. I will be targeting mainly users that lie behind standard home connections, so my main target is common internet providers that use NATs.
It's an interesting question.
First of all, I'm not sure anyone has the exact answer you're looking for. Different networks use different equipment and different configuration. Two ISPs can use ten different vendors for their routers, firewalls, NATs, intrusion detection equipment, DPI equipment etc; not to mention the number of possible configurations all of this equipment has.
And while commercial and corporate networks are bad enough, home networks are even worse. Here there are even more vendors selling modems, NAT boxes, and various software that affects network connectivity (such as firewalls and anti-viruses). All of which is in the hands of users who aren't technically savvy that leave it with the default settings, or worse.
Moreover, in both home and commercial networks there might be several layers of NAT. I know of a company that has a NAT for each lab (to isolate it from other labs and the R&D network). Each lab is then connected to the R&D NAT (to isolate it from other departments), which in turn is connected to the company-wide NAT, which, by the way, is also heavily firewalled. Add to that a possible ISP-level (carrier grade) NAT, and you're looking at up to 4 layers of NAT. Hopefully this is an extreme example, but two layers of NAT are quite common nowadays with home NAT and carrier grade NAT.
Given that, how likely it is for a random network to consider this behavior suspicious and limit it? Frankly, I don't know for sure and I don't think anyone else does with a high degree of certainty.
Despite that, my educated guess is that sane default configurations of communication equipment (NATs, routers, etc) should not block such behavior. After all, many applications open several ports; not to mention the fact that the NAT has no way of knowing that the IP sending this traffic isn't itself a NAT device with dozens of computers behind it - each of them with several open ports.
I also guess that simple firewalls should be fine with it as long as UDP itself isn't blocked, and the usage of the various ports is allowed. Firewalls that attempt to block port-scanning, and anti-DDoS equipment, however, might pose a problem as this traffic might seem suspicious to it, so it might depend on the configuration/implementation details of such equipment and software. So unfortunately, the only way to tell how your strategy will behave in the real world it to try it out on a variety of different networks.
Second, I'd like to say a few words about your hole punching strategy. If both Alice and Bob have a shared server, and Alice is behind a cone NAT, I don't see the point in your strategy. A cone NAT is the simplest NAT to overcome. If you want Alice to be able to connect to Bob (which is tricky since he's behind a symmetric NAT), all you really have to do is to get Bob to connect to Alice upon Alice's request.
To do that, both Alice and Bob should always have a long-lasting TCP or UDP connection to the server. The connection shouldn't carry any data for the most part, and should be just kept alive once in a while.
When Alice wants to connect to Bob, it just opens a port (say port X), and connects from that port to the server. The server sees Alice's external port that corresponds to port X - say port Y. At this point, Alice informs the server that she would like Bob to connect to her. Since Bob is connected to the same server, the server informs Bob that it should connect to Alice at at port Y. This should establish a connection between them without the need for any guessing.
For a classification project I'm trying to generate a large list of dynamic IP addresses from a single wireless network. However, the only way I've been able to generate these addresses is by connecting a physically new machine to the network, as the wireless network remembers each machine (and so, whenever one machine rejoins the network the IP address remains the same).
For the sake of brevity, I've been looking for a way of automating the process; technically, all I need to do is find a way to simulate being a "new" machine. This way, it would be far easier to generate a list of IP addresses assigned by a single wireless network.
I've had a great deal of trouble finding out how to do this, and it is very possible I may misunderstand how a wireless network assigns IP addresses, etc.
Thanks!
(continuing from the comments above...)
As it turns out, there's no fancy machine learning necessary at all. You can get all the information you need by connecting just once. When you connect to an IP network and are assigned an address, you get both an address and a subnet mask (look it up if you're not familiar with the terms). Given these, a straightforward snippet of bitwise arithmetic will show you whether another address is part of the same network or not:
if ((my_address & subnet_mask) == (unknown_address & subnet_mask)) { ...
where unknown_address is the address you're testing. (This expression can be simplified a bit by applying boolean simplification rules, but this is a form where it's obvious what is happening.)
For example, if you are assigned:
address: 192.168.11.22
subnet: 255.255.255.0
then any other address is part of the same network if it starts with 192.168.11.. Again, the person who set up the network has very deliberately made these choices.
This very much reminds me of the so-called Barometer question, where one of the possible answers is "trading the barometer to the building's superintendent in return for the information wanted".
Why do we need an IP address when the MAC address is unique? Cant we communicate only with the MAC address?
You COULD communicate using only the MAC address, but only on your local network. IP addresses are routeable, without every system on the network needing to know about every other. You just need to know a range of addresses that are on your local network, and throw everything else up to your router. The same thing happens at the ISP level. "All 216.x.x.x traffic goes that way, all 105.x.x.x goes that way..."(Obviously a gross oversimplification, but that's the basic process).
If we tried to route everything by MAC address, every machine on the network would have to maintain a list of every other participant, and it just wouldn't scale.
No. MAC addresses are specific to Ethernet, IP is independent of the underlying hardware. You can connect machines that don't use Ethernet to the Internet, if you have the required bridges.
MAC addresses are not unique. MAC addresses are reused between media. This is why wireless (802.11) and wired (802.3) may not both be present on one collision domain (see 802.1D).
MAC addresses are not clustered -- meaning that devices which are nearby in network space do not have nearby MAC addresses. IP addresses do have this property of locality. Do you intend to route packets by having a universal list of MAC addresses copied to every computer on the Internet, or do you intend to route packets to their destinations through a hierarchy of localities?
On a single collision domain, MAC addresses can be the primary addressing mode (q.v. arp and rarp). However, extension to multiple collision domains is ineffective for the above reasons.
A great professor of mine named George Varghese, now at UCSD, made the following apt analogy: You want to send someone a letter. The analogy of sending to a device anywhere in the USA based on its MAC address is like sending someone a letter knowing only their Social Security Number. It does uniquely identify someone (OK, yes, SSN isn't guaranteed unique, but suppose it was for the sake of example), but it would be very hard to find them without some giant table of where everyone lived that you could look up indexed by their SSN.
An IP address (and the similar Open Systems Interconnect, or OSI, network addresses) are more like USA phone numbers with area codes and exchange numbers: (AAA) BBB-CCCC, where AAA is an area code, BBB is an exchange number, and CCCC identifies an individual line at that exchange. There is hierarchical information encoded in that number, so that when you are far away from the destination, you only need a small table indexed by area code to determine a good "next hop" to forward the call to, rather than a table of all phone numbers in the country.
Ethernet is a Medium Access Layer protocol. It was designed specifically to connect computers on the same network. If you want to connect computers remotely located, you certainly need to jump to destination by hopping through several routers. IP (Internet Protocol) was designed with this goal in mind, hence the need for it, while Ethernet protocol does not support routing. Only some forms of primitive bridging that would not scale for something huge like the Internet.
they are used for different protocol layer.
MAC address is your device specific address. It has no relation with the geographical location, etc. you are in currently.
Ex: You can buy a cellphone/laptop in US and use it in Japan,
Australia, etc. But MAC address would remain the same. But IP address
would change with respect to the network you are connected to.
So it is difficult to route packet in an internetwork of portable devices especially.
How would it be:
Consider you have a portable network-accessing device with you on which you are using the internet. If we use only the MAC address, how would any incoming packet find the location of your portable-device. Since MAC address gives you only a fixed 48-bit device address. (The worst case scenario is using a desktop computer and having a MAC address without the IP facility. Coupling it with the static table to find your predefined location based on the MAC address, but our life is incomplete without these portable devices right?)
Thus we need some addressing scheme that can help us with addressing in a big and portable environment like internet, and thus the role of IP comes into picture, where address is hierarchal to provide a more geographically exact location.
I know how to scan subnets in c++...I also know how to find geo location (altough it's not 100%)...But does anyone have an idea how can i find the closest ip addresses to mine ?
Ex one neighbor is 100 meters from me and another one is 50 and if they are both connected to the internet, i should get the ip of the second which is 50 meters away from me.
Is there any possible way to implement this via programming language ?
Forget it. The structure of how ISPs work and allocate their IP's will make this entirely impossible in 99.999999999% of all cases.
The kind of geolocation by IP address you mention - by checking against databases of IP addresses, and by analyzing the route points of the IP - will work on a city level if you're lucky.
The only reliable means of geo-location down to a city borough or even block is a new set of technologies that for example query Wi-Fi hotspots around the user's computer, and compare them with a list of known Wi-Fi hotspots and their locations. See for example yesterday's question about Geolocation in HTML 5.
There is no way to triangulate other users' positions from that, and thank god for that!
IP geolocation only locates the ISP. It cannot locate the actual host.
The answer is no, you cannot find out what your neighbour's IP address is! How would you know if your neighbour is connected to the same ISP as yours? Again, a dangerous assumption, sure, geolocation may work but not 100% reliable...
They may be connected to Mars Inc ISP for all I care, as there is something fishy about your question - why do you want to know? for D-o-S attacks, hacking...
Hope this helps,
Best regards,
Tom.
If you're on cable, the bandwidth is shared by everyone using the cable. If you could tap the cable on the other side of your modem, you could see traffic of other people on the same segment. This is changing as DOCSIS 2 and 3 are rolled out, which provide PKI-based AES encryption.
If you're on wireless (WiFi, WiMax, Cellular), you may be able to pull the signals of other people. Limiting factors include 1. encryption (some have been broken) 2. Signal strength (Some technologies use directional antennas)
Obviously neither of these work if your neighbour is not using the same ISP.
yes there is..
1) You should measure distance in hops on routers.. So for example person on your subnet is one hop away, and person on your isp is 2 hops away..
if you are on windows you can measure hops by lines produced by traceroute app (through cmd in win+R) on unix you can run tracert app
2) If your geoip can give you approx geo location, you can measure distance between two gps locations. This will however not be very reliable as they cannot know exact location. But it might help if the IPs are more than 3 hops away..
Hops in traceroute program are measurement of TTL property in IGMP protocol. If TTL (Time to live) exceeds some point, router sends back answer that the destination has not been reached. This way you try first with TTL = 1, than TTL = 2, than TTL = 3, and so on.. If you dont want to program tracert program again, just use the command line execution function in your favorite programming language :)
Note that this is not not reliable on measure of distance between IPs as if your neighbor has different ISP than is yours, the distance to neighbor after him will be smaller than to him.
3) To measure distance of the closest networks, you might detect strength of wifi networks. if you know which wifi network belongs to whom, you might know the distance.
Note that if you already know IPs of your neighbors, you probably know also how far they are :)
If you are doing just network scan on the college campus or something like that you might detect more useful information about computers using nmap, but use it on your risk as you might get expelled, or you might get some sanctions from your ISP.