Weird IP appears on local network - networking

I've logged in to my router's console to check a small internet problem.
And accidently noticed a strange ip connected to the wireless network which is 169.254.70.177 (the rest were all on the 192.168.1.0/24),
I looked that ip up on whois and got nothing, result was that 'this ip is unroutable'.
What does that mean ? and why possibly would be seeing this strange ip on my local network ?
This ip was appearing as connected to the router via wireless network, a few seconds later it appeared as connected via ethernet.
Can someone please explain what could this possibly happen ?

The 169.254.0.0/16 address range is the "zeroconf" range that many devices fall back to when no local address is configured and DHCP fails.
It's a link-local address, meaning that devices can only communicate within the local layer 2 segment. These addresses are not routed.
The device in question is probably set up for DHCP but failing that (filtered, exhausted pool, ...) has fallen back to zeroconf. Another possibility is a stray packet that the device has sent out on the wrong interface.
Using packet capturing, you should be able to find out the device's MAC address and be able to locate it.

The 192.168.X.X Ip's are the ones being assigned by your router, they are private network reserved addresses. The other address you see is probably your router's connection to the WAN

Related

How does a computer know other computer's IP address on a local network?

I'm currently learning about ARP and L2/L3 networking - would someone be able to help out? If I use an ethernet cable to connect my laptop (A) to another laptop (B), it could use ARP to find out B's MAC address based on B's IP address. Then, any ethernet frames could be sent and accepted by B.
But how does A know B's IP address in the first place? What if there is a switch (L2 device) in between A and B? Does this change the answer? What if there was a router in between (an L3 device)?
Usually, a switch/Router will assign an IP.
The question is unclear -
find out B's MAC address based on B's IP address.
B's MAC address is not based on B's IP.
A MAC is associated to the hardware (but somewhat assignable/cloneable) where as an IP is assigned. Either by DHCP or statically by an admin.
Effectively, you need a switch/router to make what you're defining work.
EDIT:
you can connect two computers direct, but you still need to give each a static IP address so they can find each other - this would likely not be ona network so the IP sub-network doesn't matter.
It still has very little to do with MAC.
If two PC's hand-shake, they'll see each others MAC.
It sends out a broadcast packet to the broadcast MAC address asking "who has the IP address x.x.x.x" which goes to all computers on that broadcast domain. If a computer sees that packet that owns the IP address "x.x.x.x" it will send a unicast reply back to the MAC address of the original requestor with its MAC address which will then be cached for further communication.
It doesn't know the IP unless you tell it. You say "the default gateway is 192.168.1.1" and it will start trying to talk to 192.168.1.1 etc.
If there is a router in between, all traffic to the remote device would go to the MAC of the router and your computer wouldn't be doing any ARP lookups other than that router.
Switches wouldn't matter for this, all they do is make the broadcast domain bigger. With a cable the broadcast domain is just you and the remote device. With a switch, it expands that to all devices connected to the same switch (or VLAN in the switch)
But how does A know B's IP address in the first place?
It doesn't know. At least there's no general method to find out.
The IP address of any resource needs to be supplied by "something else". You need to either provide the address yourself, resolve it from a (also provided) DNS name, read it from a file, ... Alternatively, you need to provide some kind of auto discovery between the nodes (broadcast, multicast, LLDP, ...) or provide a commonly known discovery service, registration server or similar.
What if there is a switch (L2 device) in between A and B?
That changes nothing but excludes link-level discovery (unless it's a "dumb" switch that simply forwards those frames).
What if there was a router in between (an L3 device)?
That eliminates broadcast and multicast from the picture. (Multicast could be routed but that is unlikely for discovery and I won't dive into that.)

Basic networking questions

I am trying to understand how exactly routing works:
if 2 computers are on the same network
if they are on different networks.
More specifically I am trying to understand this: Routing
I am also trying to understand the difference between
IP Address,
Net Address,
Mac Address.
From what I understand:
1) IP Address: is used when computers communicate on the internet only.
2) Net Address: is a local version of the IP address and each device on the network has a unique net address. It's used when devices on the same network want to communicate with each other.
3) Mac Address: is a globally unique address and no other computer in the world has the same Mac address. In reality this is not true because it can be changed. It's used when ???
When a computer wants to communicate with another on the same network, they use net address, right? If the computers are on different networks what exactly happens?
Question: Can someone please fix my mistakes if any and explain what I am missing?
Thank you very much.
There are many network types, but since the most used ones are Ethernet and IP networks (and you seem to be asking about them), I will answer shortly based on them.
IP addresses are always used. They may not be used for deciding who gets the packets directly, but they are the basis even in local networks, since it is an IP network. There can also be other network types that have their own mechanisms, but they are not that common.
In local Ethernet the machines ask via ARP protocol "who has this IP address?" and get a reply with a MAC address. After that they send and receive packets based on that MAC address. The packets still have the IP address information, otherwise the receiving machine wouldn't know what is the destination. Do note that the receiving machine might be a firewall or other middleware device, not the actual computer that has the address. Also a single machine and network card may have several IP addresses set up for it.
In IP networks the IP address is used for routing. All routing devices have a routing table that will tell where the packets should go. If it's a simple device, it usually has a local network and everything else goes via a default gw, which will know better what to do with the packets.
A home router will just push them to the operator, there another router will know what addresses go to their networks, others are pushed forward via another connection, until a bigger place is reached where there are inter-operator connections and they choose again the correct route. And then it goes to smaller and smaller pipes the other way around.

How are MAC addresses used in routing packets?

I recently found that packets are encapsulated within ethernet frames. Packets use IP addresses, frames use MAC addresses.
Why aren't IP addresses used in ethernet frames for routing? I understand that when trying to access a basic website, the computer goes to a DNS to find the IP address relevant to the user-entered domain name. How do computers find the correct MAC address?
Really, how are MAC addresses used in routing internet traffic?
Thanks
IP packets aren't always encapsulated in Ethernet frames. There are other physical media such as ISDN, etc. When packets are routed, IP addresses are used to determine the next hop and the physical address is used to physically identify the interface serving as the next hop. Only the former (determining next-hop) is usually called routing.
To answer your second part, MAC addresses are discovered through ARP (Address Resolution Protocol) in IPv4 & ND6 (Neighbor Discovery) in IPv6.
Update:
The destination IP address in the IP header is the final destination. In the process of routing (at each hop), you get the next hop's IP address to (eventually) reach the final destination from the routing table (this could be a default gateway's IP address). To send the packet to the next hop, you need its MAC address. While hopping through intermediate links, the IP address in the IP header don't change - only the MAC addresses change.
Bit late but still here is my answer :) ...
To send data you need two address, the MAC address and the IP address.
Basically the sending host will ARP for a MAC address, this occurs when the local host doesn't know the MAC address of the host it has an IP address for or it will ARP for the default gateway MAC address (if it doesn't already know it) if the IP address in on a different subnet/ network. Once it obtains a MAC address the IP packet is encapsulated in a L2 frame and sent across the media. If the IP packet is meant for a host on a different subnet/ network, it will be sent to the default gateway, this router will de-encapsulate the L2 frame (remove and discard it) check the IP address and will forward it. For the router to do this it needs a MAC address to send it over the media, It will look up the next hop in it's routing table, encapsulate the IP packet with the same source and destination IP address that was sent from the original host into a new L2 frame. This time the MAC address for the source address will be that of the forwarding interface of the router, and the receiving interface of the next hop will be the destination MAC address. This will continue from hop to hop until it reaches the final host, each time the MAC addresses will change, but the original IP address will remain the same.
Here's the key point -- there can be more types of packets than INTERNET traffic. You could be using IPX, which is non-routable. How do clients identify each other? By the MAC address.
Routing != Addressing, which is really where the MAC comes into play.
In order to be routed, the OSI model adds a layer to allow for path discovery to the next gateway. This layer is responsible for routing, but knows nothing about the MAC address.
As a side note, at the hardware level, MAC addresses ARE used by switches, but not for routing. From How Stuff Works:
The switch gets the first packet of data from Node A. It reads the MAC
address and saves it to the lookup table for Segment A. The switch now
knows where to find Node A anytime a packet is addressed to it. This
process is called learning.
In this way, a switch can make sure that traffic is only outputted to the correct port. This isn't accomplishing routing so much as reducing network congestion. Only broadcasts and traffic destined specifically for that MAC address should be sent out the port.
Recently I have been thinking about the same and came upon this question. Here is my answer to this question. Actually MAC address is needed for correctly sending the packet to right destination. This is specially true when packet is needed to sent over a VLAN. There can be multiple switches/routes connected on that VLAN over multiple physical interfaces. However IP Routing is unaware of these physical interface. It only knows about the logical connectivity. For example, route 10.10.10.0/24 is reachable via VE/VIF0.10(logical VLAN interface) and/or nexthop neighbor is 20.20.20.1. There could be multiple interfaces under VLAN 10. Then to which interface packet is sent out? This is where ARP comes in the picture. ARP helps to discover the MAC address associated with the next-hop IP address. When switch/router learns the nexthop MAC. along with that it learns the physical interface also via which that MAC is reachable. Hence while routing packet, firstly MAC corresponding to the destination IP is searched and then the physical interface associated with that MAC is searched. Finally packet is sent out via that physical interface. The MAC corresponding to that destination IP is used as destination MAC. In absence of this, routed packets will always be flooded in the outgoing VLAN.
Hope this helps.
Thanks.
Answer: MAC addresses are not used in the process of routing of a packet.
segment -> transport layer (TCP ports)
packets -> network layer (IP addresses)
frame -> data link layer (MAC addresses)
bits -> physical layer (electric/optical signals)
Create your own packet/segment visit http://wirefloss.com/wireit/
There are 2 models (TCP/IP and ISO/OSI)
In detail:
Your app has some data. This is encapsulated by mentioned layers. Encapsulation means that a header with fields is added at each layer. If your data never leave the local network the MAC address will be the same. Once your data needs to be delivered outside your network the frame header is stripped by router and is replaced by router fields.
UPDATE 2021: Some people seems never heard of ISO OSI model and put this answer as incorrect.

Different IP address error?

I had connect my laptop and phone under a same router/modem.
But the IP addresses that shown on my laptop and phone are different, why???
I'm quite newbie for it, please help me
IP addresses are different inside your network. When you send data outside the network your router uses NAT (Network Address Translation) to assign your Internal(LAN) address your External(WAN) address for the duration of that communication. If they had the same Internal IP address then you would have an error like this http://compnetworking.about.com/od/workingwithipaddresses/f/ip_conflict.htm

Different values for my IP address?

Was just wondering why I seem to get different values for my IP address from different sources. If I go to one of the many different 'what's my ip' sites on the net I get a completely different value from when I use ipconfig (on win7)
And no, it's not the subnet mask I'm looking at, these are the actual ipv4 addresses, why would they be resolving to different addresses? Are these 'what's my IP' sites only able to hit an exchange and not determine the IPs of my actual box itself?
If your PC is on a network and not directly connected to your ISP via a modem, there will be at least one router between your machine and the internet. That router will almost certainly be doing NAT (Network Address Translation) and possibly DHCP (Dynamic Host Configuration Protocol) too.
The router will have been assigned an address by the ISP when it established the connection. This address might be static (unchanging) or, more commonly, dynamic (changes periodically as the ISP sees fit). So your 'public' address - the one the router has been assigned and which is visible to the internet - may change from time to time.
Your PC will be connected to the router, and will either have a fixed IP address assigned to it (typically in the 192.168.x.x range) through your OS networking config, or will be given one by the router each time it connects (when you switch on or reboot) via DHCP. In this case, the address will be in whatever range the DHCP service has been told to use (again, the default is likely to be in the 192.168.x.x range).
So your PC has its' own internal address, and your router has its' public address. When you exchange internet traffic, the machine at the other end of the connection will see your public address, not your internal address - the router takes care of forwarding data to the right internal address automatically.
Depending on what IP-checker service you're using, it might display your public address (from the router, which may change if the ISP assigns dynamic addresses) or your internal address (typically when a script runs inside the browser and asks the machine directly).
The answer won't clarify anything, but I'll tell you anyway.
They're both right.
No, your machine doesn't really have two IP addresses, but the IP it shows as depends on who's looking, and from where.
•
What you're seeing is the result of what's called a NAT router. NAT stands for "Network Address Translation". The router manages the IP addresses on a LAN, or Local Area Network, and then translates to the appropriate IP address it was assigned on the external network, usually the internet.
details

Resources