why my IP address is public but not private? - networking

In my work, I have a desktop that is connected to internet with ethernet.
It does not have a private IP address but a public one: 172.16.30.208.
My laptop which is connected wireless has IP address which is again NOT private: 128.208.138.125.
when I ping my laptop from the desktop (packets received)
ping 128.208.138.125,
PING 128.208.138.125 (128.208.138.125): 56 data bytes
64 bytes from 128.208.138.125: icmp_seq=0 ttl=59 time=83.788 ms
64 bytes from 128.208.138.125: icmp_seq=1 ttl=59 time=24.384 ms
64 bytes from 128.208.138.125: icmp_seq=2 ttl=59 time=120.292 ms
but when I ping my desktop from laptop (no response)
ping 172.16.30.208
PING 172.16.30.208 (172.16.30.208): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
The questions are:
why the IP address on both the computers are not private? (anything starting with 192.X.X.X and 10.X.X.X are private I suppose)
why I was able to ping from desktop to laptop but not other way?
I understand that both desktop and laptop are in different network.

Addresses in the range 172.16.0.0 to 172.31.255.255 are also reserved, like 192.168.x.x and 10.x.x.x, and are not routed externally. http://en.wikipedia.org/wiki/Reserved_IP_addresses. So the DHCP settings on the ethernet router in question don't match the more common 192.168.x.x or 10.x.x.x defaults, but the router isn't handing out public addresses.
Edit - because the comments are getting long:
The desktop can successfully ping the laptop because of NAT (http://en.wikipedia.org/wiki/Network_address_translation). This is how any machine with an internal IP is able to get data from outside the local network. Continuing with the example from this question: The desktop assembles a ping request packet with the laptop's public IP as the destination. When the local router sees that the destination is external but the source is internal, it swaps the source address for the router's own public address before sending. That means the laptop just replies directly to the router. However, when the router gets the response, it remembers which local device actually requested the ping and swaps the destination address on the response from the router public address to the correct internal address before passing it through to the internal network.
Edit - Elaborating on the laptop side
Quick disclaimer: The public/private question of the laptop IP is pretty specific to the UW network setup, which I haven't actually worked with, so much of the following is conjecture based on my links from the comments.
The short answer:
128.208.135.125 is a public IP address that is owned by UW. It will only be assigned to one device at a time (i.e. your laptop right now).
The long answer:
The UW network runs a different type of NAT that they call "Masquerading". Each NAT setup comes with its own lists of pros and cons; I will only be highlighting a few considerations. The key difference here lies in this step from my previous NAT overview, "[the router] remembers which local device actually requested[...]". Normally, the router "remembers" by keeping a table of local addresses and the recent requests made by the associated devices so it knows which replies go to whom. With this setup, the address translation must always be done to route data between internal and external devices. In the masquerading version, each device has both a public and private address and the table no longer has to track requests; it just maps between the public and private addresses. This means the address translation can be optional depending on the context, and hosts connected to the UW network in this fashion can communicate among themselves using either private or public addresses depending on how the host would like the packets to be treated by the router(s) and firewall(s). However, any device outside the masquerading section of the network needs to use the public address. This also allows an optimization, that UW has taken advantage of, where the table can be implied by convention. In this case, the address translation will always be changing the leading "128" in the address to "10" or vice-versa, so the table doesn't need to be stored anywhere. Your laptop's private address will be 10.208.135.125.

Related

network sniffer - detect subnet mask in non-DHCP network

I'm writting a simple network sniffer that should be able to reconstruct network structure.
When an interface has set up a DHCP, I can easily read interface settings such as client IP address, subnet mask, DNS server etc. by catching a DHCP packet and analysing it.
When an interface has a static IP, I'm catching ARP Announcement packet to get static IP address and then ARP request from the gateway, to get geteway IP address. I'm also saving MAC addresses.
My problem is: how to get subnet mask from one or more static IPs in the network and the gateway address. Or by caching some packets. I didn't see packets that could have such informations.
I also need DNS address, but it's less important.
The program should work in OpenWRT (C++).
My problem is: how to get subnet mask from one or more static IPs in the network and the gateway address.
Possibly, you can't.
If the sniffed network uses DHCP then you can monitor the DHCP requests (which should be broadcast) for their subnet mask and router fields which mirror the server's offer.
Without DHCP, all you can do is take an educated guess. If your passive sniffer registers broadcasts from addresses 192.168.1.1 through 192.168.1.29, you know that the prefix length is at most /27. It could also be anything shorter, down to /16, with potential addresses being (currently) absent or silent. The prefix could be even short than /16 if the network admin is ignoring RFC 1918. With public addresses you're mostly on your own.
If you can scan actively you could send ARP requests and see which ones get answered - you'd also see nodes that don't originate any traffic/broadcasts.
The gateway is also just a guess. In a network with mostly Internet-bound traffic, the default gateway is most likely the one being ARPed most often. If the network traffic is mostly server-centric, ARP requests for their addresses outnumber the ones for any gateway.
Your sniffer is severely limited when it is just attached to a switch and listening to broadcast packets only. If the sniffer manages to listen to all traffic on the network (via a monitoring/mirroring switch port) then you can easily identify the gateway by its MAC address that packets for arbitrary IP addresses is sent to and vice versa.
As above, if you can actively send probe packets you could test the gateway(s) with packets that they accept (and hopefully forward) and which ones they reject.

How to reach to a specific computer in a newtork?

Let's say that I have a home network of 5 computers. They all share the same external IP address.
Suppose a machine that is outside the network sends a request (as a client) to one of the 5 computers (this computer will be the server) in this home network. It sends its message to the external IP address. Then, how does the router know to what computer in the home network the message has to be routed to?
Typically when you talk about NAT, there are two main “flavours” - Source NAT & Destination NAT. There is another function called “PAT” (or Port Address Translation).
Source NAT is utilised when all your 5 computers are trying to reach out to the public (Internet) network. At this point your 5 computers get MASQUARADED with your public IPv4 address.
Destination NAT is what you’re asking for. In this case, you must configure your router/firewall (device that holds your public address & maintains your public connection) to “REDIRECT” or “DNAT” all incoming packets destined to a specific application (or port). For instance, if you have an HTTP server running on your private network server with address 10.0.0.3, you simply instruct your router to send all (or selective) TCP packets that have been sent to the public IP on ports 80/443 & send those to 10.0.0.3.
In DNAT scenario you must explicitly instruct your router/firewall about every type of expected, incoming connection. Another example can be that same public address is been used for SMTP server and thus sending all TCP packets received on port 25 to be sent to local server 10.0.0.4 this time. And so on and so forth
That’s in short how it works.
Network Address Translation (NAT) allows a single device, such as a router, to act as an agent between the Internet (or public network) and a local network (or private network), which means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
ADDRESS TRANSLATION (NAT) OVERLOAD allows your 5 computers to communicate with your router. Each computer has unique private IP address.
When computer1 tries to communicate with website, it sends packet to router.
Router replace the private IP address (example: 192.168.1.1) with single public IP address (example: 205.65.45.100) but uses same source port number (for example Port 5000) which is used by computer. It won’t change the source port number. And Router maintains entry in NAT table.
The reply from the (web server) internet arrives at your public interface of your router.
The router accepts packet and check the destination port entry. With the help of the NAT table, your router understands that it belongs to computer1. Router changes single public IP address (example: 205.65.45.100) with your internal private address (example: 192.168.1.1) and your computer receives it.
This process is applicable for all 5 computers.
Above scenario is only applicable if your computers act as a client. If your computer acts as a server then the solution is “Port forwarding”.
Port forwarding is needed when a machine on the Internet needs to initiate a connection to a machine that's behind a firewall or NAT router.
Refer video for detail information.
https://www.youtube.com/watch?v=-K6jMYBfuIY

Public IP address vs Private IP address

Good day to all,
I am trying to study networking basics. Watched a ton of videos, researched abit and understood better. However I can't find answers to what I am curious about. Forgive me, I am just a beginner in this IT thing.
A computer has a Public IP address (which is sensitive), and obtains a Private IP address after it is connected to a router.
A router has a Public IP address and also a Private IP address (192.168.1.1 for linksys). It will then assign all the devices connnected to it which its own Private IP address, for example 192.168.1.102.
So here is something I don't quite understand (even after researching online);
Mobile phones uses its own public ip address to connect to the internet via Mobile Data, is that right?
Desktop does not uses its public address at all since it is always connected to a router which assigns it a private ip address?
When a computer outside the network wants to connect to a computer inside a network, does the connection happen directly between computer to computer or does it have to connect through the router where the router will then pass the connection to the computer inside the network?
I can't seem to find any explanation how computer IP public address are utilised since it is always connected to a router where it has its own private IP address.
Forgive me, I am just a beginner. Thank you in advance.
1.) Yes(Mobile Phones are connected via radio masts which are provided by your provider.)
2.) Yes, Desktop Computers same as Mobile Phones which are connected to the router via wifi use the routers IP Adress.
3.) If a computer outside the networks needs data from a computer inside your network it sends a request to your router which forwards it to your computer (which request are forwarded determines the firewall of your router). Also if you request data from a computer outside your network you send a request to your router and the router sends a request to the network of the other computer.

How are MAC addresses used in routing packets?

I recently found that packets are encapsulated within ethernet frames. Packets use IP addresses, frames use MAC addresses.
Why aren't IP addresses used in ethernet frames for routing? I understand that when trying to access a basic website, the computer goes to a DNS to find the IP address relevant to the user-entered domain name. How do computers find the correct MAC address?
Really, how are MAC addresses used in routing internet traffic?
Thanks
IP packets aren't always encapsulated in Ethernet frames. There are other physical media such as ISDN, etc. When packets are routed, IP addresses are used to determine the next hop and the physical address is used to physically identify the interface serving as the next hop. Only the former (determining next-hop) is usually called routing.
To answer your second part, MAC addresses are discovered through ARP (Address Resolution Protocol) in IPv4 & ND6 (Neighbor Discovery) in IPv6.
Update:
The destination IP address in the IP header is the final destination. In the process of routing (at each hop), you get the next hop's IP address to (eventually) reach the final destination from the routing table (this could be a default gateway's IP address). To send the packet to the next hop, you need its MAC address. While hopping through intermediate links, the IP address in the IP header don't change - only the MAC addresses change.
Bit late but still here is my answer :) ...
To send data you need two address, the MAC address and the IP address.
Basically the sending host will ARP for a MAC address, this occurs when the local host doesn't know the MAC address of the host it has an IP address for or it will ARP for the default gateway MAC address (if it doesn't already know it) if the IP address in on a different subnet/ network. Once it obtains a MAC address the IP packet is encapsulated in a L2 frame and sent across the media. If the IP packet is meant for a host on a different subnet/ network, it will be sent to the default gateway, this router will de-encapsulate the L2 frame (remove and discard it) check the IP address and will forward it. For the router to do this it needs a MAC address to send it over the media, It will look up the next hop in it's routing table, encapsulate the IP packet with the same source and destination IP address that was sent from the original host into a new L2 frame. This time the MAC address for the source address will be that of the forwarding interface of the router, and the receiving interface of the next hop will be the destination MAC address. This will continue from hop to hop until it reaches the final host, each time the MAC addresses will change, but the original IP address will remain the same.
Here's the key point -- there can be more types of packets than INTERNET traffic. You could be using IPX, which is non-routable. How do clients identify each other? By the MAC address.
Routing != Addressing, which is really where the MAC comes into play.
In order to be routed, the OSI model adds a layer to allow for path discovery to the next gateway. This layer is responsible for routing, but knows nothing about the MAC address.
As a side note, at the hardware level, MAC addresses ARE used by switches, but not for routing. From How Stuff Works:
The switch gets the first packet of data from Node A. It reads the MAC
address and saves it to the lookup table for Segment A. The switch now
knows where to find Node A anytime a packet is addressed to it. This
process is called learning.
In this way, a switch can make sure that traffic is only outputted to the correct port. This isn't accomplishing routing so much as reducing network congestion. Only broadcasts and traffic destined specifically for that MAC address should be sent out the port.
Recently I have been thinking about the same and came upon this question. Here is my answer to this question. Actually MAC address is needed for correctly sending the packet to right destination. This is specially true when packet is needed to sent over a VLAN. There can be multiple switches/routes connected on that VLAN over multiple physical interfaces. However IP Routing is unaware of these physical interface. It only knows about the logical connectivity. For example, route 10.10.10.0/24 is reachable via VE/VIF0.10(logical VLAN interface) and/or nexthop neighbor is 20.20.20.1. There could be multiple interfaces under VLAN 10. Then to which interface packet is sent out? This is where ARP comes in the picture. ARP helps to discover the MAC address associated with the next-hop IP address. When switch/router learns the nexthop MAC. along with that it learns the physical interface also via which that MAC is reachable. Hence while routing packet, firstly MAC corresponding to the destination IP is searched and then the physical interface associated with that MAC is searched. Finally packet is sent out via that physical interface. The MAC corresponding to that destination IP is used as destination MAC. In absence of this, routed packets will always be flooded in the outgoing VLAN.
Hope this helps.
Thanks.
Answer: MAC addresses are not used in the process of routing of a packet.
segment -> transport layer (TCP ports)
packets -> network layer (IP addresses)
frame -> data link layer (MAC addresses)
bits -> physical layer (electric/optical signals)
Create your own packet/segment visit http://wirefloss.com/wireit/
There are 2 models (TCP/IP and ISO/OSI)
In detail:
Your app has some data. This is encapsulated by mentioned layers. Encapsulation means that a header with fields is added at each layer. If your data never leave the local network the MAC address will be the same. Once your data needs to be delivered outside your network the frame header is stripped by router and is replaced by router fields.
UPDATE 2021: Some people seems never heard of ISO OSI model and put this answer as incorrect.

server is getting wreird IP address from client

I have a static local IP Address: 10.8.4., and the public IP Address of my machine is: 72.43.135.. when the server(sitting on different network from my workstation) gets a request from my machine, it sees my IP address from
Context.Request.UserHostAddress
and got 10.20.102.*.
why it the server not getting the IP as: 72.43.135.*?
If you define public and local, you will get to know that these terms might refere to the same network under some conditions. This could be a demilitarized zone (DMZ) for example.
What IP the destination server sees, depends on the interface you send the packets through and the routers it crosses.
Is there masquerading (NAT) ? - Is the main question. You can be on totally different networks but the routers might still forward your local IP, now this also depends on the routing table. Can a packet find its way back to your host? Is there a reversed route from the host to your machine?
The destination host is propably having 2 interfaces, 1 with IP 72.43.. one with a 10.8.. maybe it recieves through the 72 but sends back through the 10.8 because it has a different route back. Networking can be real voodoo! Trace your packets, ask your sysadmins..
(not talking about proxies here, they deliver different custom headers with different IPs)

Resources