1 00:00:00,000 --> 00:00:00,610 2 00:00:00,610 --> 00:00:03,490 We have touched on and worked with IP addresses 3 00:00:03,490 --> 00:00:06,724 in many, many Nuggets throughout these modules and courses. 4 00:00:06,724 --> 00:00:08,890 And so in this Nugget, I want to go over some basics 5 00:00:08,890 --> 00:00:11,860 with you regarding IPv4. 6 00:00:11,860 --> 00:00:17,020 Number one, an IPv4 address is 32 bits in length. 7 00:00:17,020 --> 00:00:20,200 And instead of writing it out in a bunch of ones and zeros, 8 00:00:20,200 --> 00:00:23,320 et cetera, et cetera, et cetera, what we do as humans, 9 00:00:23,320 --> 00:00:25,870 we represent them as four decimal numbers. 10 00:00:25,870 --> 00:00:30,550 Like 192, 168, 1, 102. 11 00:00:30,550 --> 00:00:32,920 And then we put periods between those numbers just 12 00:00:32,920 --> 00:00:35,120 to separate where the numbers start and stop. 13 00:00:35,120 --> 00:00:37,390 So we represent it as decimal, and behind the scenes 14 00:00:37,390 --> 00:00:38,350 it's binary. 15 00:00:38,350 --> 00:00:40,750 Now a part of this IP address that server two has, 16 00:00:40,750 --> 00:00:43,697 right here, represents the actual network ID. 17 00:00:43,697 --> 00:00:46,030 And a part of that IP address represents the actual host 18 00:00:46,030 --> 00:00:46,780 portion. 19 00:00:46,780 --> 00:00:49,426 And the way we determine that is using the mask. 20 00:00:49,426 --> 00:00:50,800 And what the mask does is simple. 21 00:00:50,800 --> 00:00:53,620 It simply identifies where the network portion stops, 22 00:00:53,620 --> 00:00:55,120 and where the host portion starts. 23 00:00:55,120 --> 00:00:58,252 For example, in our case right here, it's right here. 24 00:00:58,252 --> 00:01:00,460 And the way it does that, it represents how many bits 25 00:01:00,460 --> 00:01:01,709 are being used by the network. 26 00:01:01,709 --> 00:01:05,740 So slash 24 means that the first 24 bits are the network, 27 00:01:05,740 --> 00:01:08,410 then the remaining 8 bits over here on the right 28 00:01:08,410 --> 00:01:11,080 represent the host addressing on that network. 29 00:01:11,080 --> 00:01:13,180 Now for the purposes of unicast routing, 30 00:01:13,180 --> 00:01:14,980 we have three classes of addresses. 31 00:01:14,980 --> 00:01:18,670 Class A, B, and C. And it's really easy to identify a class 32 00:01:18,670 --> 00:01:21,220 A from a class B from a class C. All we do 33 00:01:21,220 --> 00:01:24,170 is simply look at the very first number, the first octet 34 00:01:24,170 --> 00:01:25,590 before that first period. 35 00:01:25,590 --> 00:01:27,570 And for a class A, that very first octet 36 00:01:27,570 --> 00:01:30,640 is going to be between 1 and 126. 37 00:01:30,640 --> 00:01:33,520 There's also 127, which is also a Class A address, 38 00:01:33,520 --> 00:01:35,800 but it's reserved for loopback purposes. 39 00:01:35,800 --> 00:01:37,900 So as far as routable class A addresses, 40 00:01:37,900 --> 00:01:40,450 the first octet would be between 1 and 126. 41 00:01:40,450 --> 00:01:44,890 For a class B address, it's between 128 and 191. 42 00:01:44,890 --> 00:01:48,952 And for a class C, it's 192 through to 223. 43 00:01:48,952 --> 00:01:50,410 And the question may come up, well, 44 00:01:50,410 --> 00:01:53,350 Keith, why do we even care about class A, B, or C? 45 00:01:53,350 --> 00:01:56,980 And today, we pretty much don't, because we 46 00:01:56,980 --> 00:01:58,670 use whatever masks we need to. 47 00:01:58,670 --> 00:02:01,760 However, there are some default masks, and here they are. 48 00:02:01,760 --> 00:02:04,900 A default mask for a class A address is 8 bits, meaning 49 00:02:04,900 --> 00:02:07,750 the first 8 bits are the network, and the remaining 50 00:02:07,750 --> 00:02:10,479 three octets, or the remaining 24 bits, 51 00:02:10,479 --> 00:02:11,800 are used for host addressing. 52 00:02:11,800 --> 00:02:15,280 With a class B address, the default mask is 16. 53 00:02:15,280 --> 00:02:18,070 And with a class C address, the default mask is 24. 54 00:02:18,070 --> 00:02:20,860 And we don't have to use those conventions, 55 00:02:20,860 --> 00:02:22,226 but those are the defaults. 56 00:02:22,226 --> 00:02:24,100 Another thing that's important to be aware of 57 00:02:24,100 --> 00:02:26,790 is that there are some private address space, based on an RFC. 58 00:02:26,790 --> 00:02:31,120 It's RFC, that's a Request For Comments number 1918. 59 00:02:31,120 --> 00:02:34,120 And in RFC 1918 18, it allocates some address space 60 00:02:34,120 --> 00:02:37,107 from each of the classes that can be used inside companies. 61 00:02:37,107 --> 00:02:39,190 And when the companies use those addresses inside, 62 00:02:39,190 --> 00:02:40,930 they don't have to tell anybody about it. 63 00:02:40,930 --> 00:02:42,790 They don't have to register, or request addresses, 64 00:02:42,790 --> 00:02:44,290 they can just go ahead and use them. 65 00:02:44,290 --> 00:02:46,450 In the RFC 1918 addresses, any IP 66 00:02:46,450 --> 00:02:47,920 address that begins with 10-- 67 00:02:47,920 --> 00:02:50,304 and I'm going to say 10, anything. 68 00:02:50,304 --> 00:02:51,970 So we have an example of one right here. 69 00:02:51,970 --> 00:02:55,150 We're using a 10.0.0 network with this last 24-bit mask. 70 00:02:55,150 --> 00:02:58,150 And that's an example of an RFC private address 71 00:02:58,150 --> 00:02:59,650 in the class A range. 72 00:02:59,650 --> 00:03:02,530 And in RFC 1918 for a class B address, 73 00:03:02,530 --> 00:03:08,270 there's a 172.16 through 31, dot anything. 74 00:03:08,270 --> 00:03:14,090 And for class C, there's a 192 dot 168 dot anything. 75 00:03:14,090 --> 00:03:16,240 And that's the RFC 1918 private address 76 00:03:16,240 --> 00:03:17,500 space in the class C range. 77 00:03:17,500 --> 00:03:19,870 Now, one thing about these RFC 1918 addresses 78 00:03:19,870 --> 00:03:22,100 is that they're not routable over the internet. 79 00:03:22,100 --> 00:03:24,130 So service providers are going to knock those 80 00:03:24,130 --> 00:03:25,280 off right at the edges. 81 00:03:25,280 --> 00:03:27,613 So if we're using a private address, like this one right 82 00:03:27,613 --> 00:03:31,052 here, 192.168.1, which is an example of the RFC 1918 83 00:03:31,052 --> 00:03:33,010 private address space, what we would have to do 84 00:03:33,010 --> 00:03:34,750 is do network address translation 85 00:03:34,750 --> 00:03:37,430 before those packets are sent out to the public internet. 86 00:03:37,430 --> 00:03:39,670 Now, one of the challenges that comes up with IPv4 87 00:03:39,670 --> 00:03:41,540 is the concept of subnets. 88 00:03:41,540 --> 00:03:43,930 Now, the idea of subnets isn't too tricky. 89 00:03:43,930 --> 00:03:45,430 It's taking one network-- 90 00:03:45,430 --> 00:03:47,170 for example, the 10 network-- 91 00:03:47,170 --> 00:03:48,940 with the default mask of slash 8. 92 00:03:48,940 --> 00:03:51,730 That's, again, from the RFC 1918 private address space. 93 00:03:51,730 --> 00:03:54,910 And then carving it up into multiple sub networks. 94 00:03:54,910 --> 00:03:57,430 And to understand what's really going on there, 95 00:03:57,430 --> 00:03:59,976 it takes a little bit of time with binary 96 00:03:59,976 --> 00:04:01,850 to look at what's going on behind the scenes. 97 00:04:01,850 --> 00:04:04,180 So regarding subnets, and how they're created, 98 00:04:04,180 --> 00:04:06,430 and how they work, I've got a few videos 99 00:04:06,430 --> 00:04:08,920 that will walk you through some of the basics of binary 100 00:04:08,920 --> 00:04:10,840 and how to do custom subnetting. 101 00:04:10,840 --> 00:04:14,050 Another challenge that comes up is routing, and reverse 102 00:04:14,050 --> 00:04:16,329 engineering with IPv4. 103 00:04:16,329 --> 00:04:19,660 Now, from routing perspective, when a Windows Server gets 104 00:04:19,660 --> 00:04:22,600 a packet, it's going to forward it based on its routing table. 105 00:04:22,600 --> 00:04:25,060 And if routing is enabled, it's also 106 00:04:25,060 --> 00:04:27,900 willing to forward other devices' traffic through it. 107 00:04:27,900 --> 00:04:30,400 But in either case, it's going to refer to its routing table 108 00:04:30,400 --> 00:04:32,094 when it's making a routing decision. 109 00:04:32,094 --> 00:04:33,760 And so as we look at this routing table, 110 00:04:33,760 --> 00:04:35,680 the rule is we're looking for the longest 111 00:04:35,680 --> 00:04:37,120 match in the routing table. 112 00:04:37,120 --> 00:04:38,650 That's the route we're going to use. 113 00:04:38,650 --> 00:04:40,024 So as I look at the entries here, 114 00:04:40,024 --> 00:04:42,370 I don't see anything that start with 23. 115 00:04:42,370 --> 00:04:44,720 And as a result, it's going to go to the default route. 116 00:04:44,720 --> 00:04:46,480 I call it the Obi-wan Kenobi route. 117 00:04:46,480 --> 00:04:48,430 Help us, Obi-wan, you're our only hope. 118 00:04:48,430 --> 00:04:52,540 And so in this example, you use the default gateway 192.168.1.1 119 00:04:52,540 --> 00:04:54,080 to forward that packet. 120 00:04:54,080 --> 00:04:56,380 Another challenge that comes up is the need 121 00:04:56,380 --> 00:04:58,210 to be able to do reverse engineering. 122 00:04:58,210 --> 00:04:59,960 For example, let's say we saw a computer, 123 00:04:59,960 --> 00:05:01,710 we looked at its IP address, and let's say 124 00:05:01,710 --> 00:05:11,940 the IP address was 23.17.204.98, and it had a mask of 19, 125 00:05:11,940 --> 00:05:14,840 meaning the first 19 bits of the IPv4 address 126 00:05:14,840 --> 00:05:16,500 are representing the network. 127 00:05:16,500 --> 00:05:18,480 And the rest is representing the host address. 128 00:05:18,480 --> 00:05:21,210 A good question is, what exactly is the network-- 129 00:05:21,210 --> 00:05:24,130 the subnet-- that this host is connected to? 130 00:05:24,130 --> 00:05:26,910 And the ability to take a host address like this one with 131 00:05:26,910 --> 00:05:31,140 a mask and reverse engineer the network ID-- the subnet ID-- 132 00:05:31,140 --> 00:05:33,480 also requires, my friend, a pretty good understanding 133 00:05:33,480 --> 00:05:35,430 of binary and subnetting. 134 00:05:35,430 --> 00:05:38,190 And have no fear, that's what the next several videos is 135 00:05:38,190 --> 00:05:40,020 going to walk us through together. 136 00:05:40,020 --> 00:05:42,840 So until then, I hope this has been informative for you. 137 00:05:42,840 --> 00:05:46,112 And I'd like to thank you for viewing. 138 00:05:46,112 --> 00:05:46,612