Simplified IP Addressing
We need to discuss netmasking, but first, let's digress for a moment. A Boolean AND is just like an “and” in English. You tell Johnny you will buy him an ice cream cone if he puts out the trash “and” makes his bed. If he does neither or only one of them, he doesn't get an ice cream cone. If he does both, he gets the cone.
Bitwise ANDs work bit by bit. So, if you AND a 1 with a 1, you get a 1. If you AND two 0s, a 1 and a 0, or a 0 and a 1, however, you get a 0. Table 4 illustrates this operation.
Now let's take a whole byte and do a Logical AND with another byte. Suppose the first byte is 10110010 and the second byte is 01100111. Working from the right, note that the first byte has a decimal value of
0*1 + 1*2 + 0*4 + 0*8 + 1*16 + 1*32 + 0*64 + 1*128 = 178
while the second byte has a decimal value of
1*1 + 1*2 + 1*4 + 0*8 + 0*16 + 1*32 + 1*64 + 0*128 = 103.Now, AND the two bytes:
1 0 1 1 0 0 1 0 178 decimal, ANDed with 0 1 1 0 0 1 1 1 103 decimal --------------- gives 0 0 1 0 0 0 1 0 34 decimalAs a second example, let's AND 178 with 255.
1 0 1 1 0 0 1 0 178 decimal, ANDed with 1 1 1 1 1 1 1 1 255 decimal --------------- gives 1 0 1 1 0 0 1 0 178 decimalWe know, then, that when you bit-wise AND any byte (number) with 255, you get the number dropping through, i.e., the result is merely the number again.
The default netmasks for the various classes are shown in Table 5 with some sample host IP addresses. Simply put, a host is anything that has an IP address. This includes servers, workstations, routers, etc.
So, what does this mean and what do we do with it? Let's work through Table 5. If we take the sample Class A address, 10.0.1.23 and bit-wise AND it with its default netmask, we obtain 10.0.0.0. What is 10.0.0.0? It's the network address—look at the last column.
Notice that the first byte gives the network address when ANDing a Class A network with its default netmask, while the first two bytes give the network address when ANDing a Class B IP address with the default Class B netmask. Hence, we say that the first byte of a Class A IP address gives the network address, and the three remaining bytes give the host addresses, i.e., a Class A address has the form N.H.H.H where N stands for Network and H stands for Host. Likewise, the first two bytes of a Class B IP address pertain to the network, and the last two bytes pertain to the host address, i.e., N.N.H.H. Finally, the first three bytes of a Class C IP address pertain to the network, while the last byte pertains to the host, i.e., N.N.N.H.
Let's illustrate this with a Class B IP address such as 126.96.36.199. From Table 5, we know that the default netmask for a Class B network is 255.255.0.0. Hence, ANDing the default mask with the IP address yields the address of the network that particular host is on, i.e., 188.8.131.52. So, a host with an IP address of 184.108.40.206 finds itself on a network with an IP address of 220.127.116.11 if a default Class B net-mask is used.
If you are granted a full Class B suite of addresses with a network address of 18.104.22.168, what do you do with them? Remember, a Class B network has the form of N.N.H.H, i.e., the last two bytes can be used for assigning host IP addresses. This yields a network with 2<+>16<+> - 2 host addresses. The -2 comes from the fact that 22.214.171.124 is the network address, so it can't be assigned to a host; the last address on the network, 126.96.36.199, is used for broadcasts, so it also can't be assigned to a host.
This would be a very big network (65,534 host addresses), far too big to be practical. A very simple approach is to “borrow” one byte's worth of host addresses and assign them as network addresses. That would yield 2<+>8<+> = 256 networks with 254 hosts on each. Even here, these are large networks. This process of borrowing host addresses and using them for networks is called subnetting. We accomplish this by using a sub-netmask (SNM). In this case, we would use a sub-netmask of 255.255.255.0, which is the default Class C netmask. Hence, we have taken one Class B network and turned it into 256 Class C networks.
If we AND 188.8.131.52 with 255.255.255.0, we get a network address of 184.108.40.206 with the first available host address of 220.127.116.11 and the last of 18.104.22.168, since 22.214.171.124 is reserved for broadcasts. Another way of doing this is to start with the network address (126.96.36.199 in this case), turn all host bits into 1s, and obtain the broadcast address. Here, the last byte is used for host addresses, so turning them to ones gives 188.8.131.52. This type of broadcast is called a directed broadcast, meaning that it jumps routers while a local broadcast (which doesn't jump routers) has the form 255.255.255.255 no matter which class of network is involved.
If you're not too stunned at this point, you may wonder if you can subnet only on byte boundaries or if you can subnet a Class C network. The answers are “no” and “yes”, respectively; i.e., you can work in the middle of a byte.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide