I want help on the topic mentioned above, I am not getting the easier or understandable way of Subnetting an IP with any given subnet mask or getting subnet id of different IP classes.
Subnet mask is the bit pattern used to separate the network address from the host address in an IP address. Networks perform bit-wise AND operation on IP and Subnet Mask to distinguish these components. This is useful to divide large networks in to small sub nets. Please note than I'm talking about IPv4 particularly here.
Lets say your IP address is 192.168.1.1 and your subnet mask is 255.255.255.0. Following is the bit patterns for these:
IP |1100 0000|1010 1000|0000 0001|0000 0001|
Mask |1111 1111|1111 1111|1111 1111|0000 0000|
Now when you perform the AND operation on these, you will get the first 3 octets of the IP which is considered the Network address. The rest is treated as the host address. You can see for this particular Subnet you can have 255 different hosts.
This is the simplest overview I can give about sub netting. But there are plenty of nice references available in the Internet. Please google for it.
Related
I was quite surprised when I found out that there was a really big range of IP addresses allocated for loopback (127.x.y.z).
I didn't find much information about why it's like this, except that it could be used for testing networks and protocols locally, which got me thinking if it could be a good idea to use these addresses for IPC.
At the moment, as far as I know, IPC based on networking is usually done with TCP/UDP by opening sockets on ports which are most likely not used by any other service.
So my question is, to be even more sure that there won't be a port collision, could other loopback addresses be used instead?
For a more concrete example, could two processes communicate through sockets on address 127.31.41.59 and ports 27 and 18 (or even different loopback addresses)?
after checking out https://learn.microsoft.com/en-us/azure/aks/configure-kubenet, and following the advice there, it appears that for the services, pods and docker cidr's shouldn't overlap with any other addresses used (presumably within the same vnet), eg.
The --service-cidr is used to assign internal services in the AKS cluster an IP address. This IP address range should be an address space that isn't in use elsewhere in your network environment.
I'm just not sure why this should be. Are these ip's actually accessible on the vnet? I was under the impression that these cidrs were only within aks, and only a cni cluster would allow direct access. Can anyone elucidate on this matter?
And I suppose the next question would be, what happens if they do overlap?
Maybe you are not clear how does the network of AKS work. So that you are confused here.
In kubenet type network, all traffics go to the nodes first, then the kubenet server will route the traffics to the specific services and then to the pods. In this time, if your services have the same IP in the Vnet, where does the traffic go? The services or the other nodes with the same IP in the Vnet? Even if the other resources in the Vnet? In order to route the traffics to the services directly, you'd better not overlap the service cidr Ip address range with the Vnet.
How do we retrieve the Local Ip address set of the NIC in NDIS 6. I will be doing some IP header modifications on the received Ethernet Frames, so will be looking for local ip of NIC card that my Filter Attached to.
It's generally a layering violation for an NDIS LWF driver (which operates at layer 2 of the OSI stack) to get involved with IP addresses (which are at layer 3 of the OSI stack).
If you have a very good reason do to this, you can query GetUnicastIpAddressTable. Keep in mind that a NIC may not have any IP address (e.g., it's used for non-IP protocols). Or it may carry IP traffic, but the OS doesn't know about any IP address (e.g., a guest VM is sending IP traffic through the host's NIC, but only the guest really knows the IP address).
In other words, NICs don't really have IP addresses. At best, you can say that the NIC may be associated with an IP interface which has some number of IP addresses.
I would like to do a scan in a LAN network to find devices linked.
I'm developping an app in IOS for IPAD
How do I do???
Because those are mobile devices I will assume you want to find devices on a wireless network. Theoretically, since wifi uses shared medium for communication, you can passively listen for traffic flowing through the network and collect data about client without sending any packets. This is something that is commonly referred to as a promiscuous mode. In practice there is 99% chance that the network adapter driver will allow you only to get traffic destined for your MAC address. In that case you will need to resort to actively scanning the network subnet which is not 100% accurate and depending on how the network is implemented can be considered as a possible attack.
The simple way of scanning is sending ICMP requests (ping) to every IP address in the subnet and collecting data from those who send back the echo reply. This is not reliable because some hosts won't respond to ICMP echo request even if they are active. First thing you need is to find out your own IP address and the subnet mask, and calculate the range of possible addresses in your subnet. The range is obtained by using logical AND operator where operands are binary values of your IP address and subnet mask. This is an example from the program that calculates this for typical 192.168.1.1 subnet with 255.255.255.0 subnet mask (192.168.1.1/24 in CIDR notation):
Address: 192.168.1.1 11000000.10101000.00000001 .00000001
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111
Network: 192.168.1.0/24 11000000.10101000.00000001 .00000000
Broadcast: 192.168.1.255 11000000.10101000.00000001 .11111111
HostMin: 192.168.1.1 11000000.10101000.00000001 .00000001
HostMax: 192.168.1.254 11000000.10101000.00000001 .11111110
Then you would iterate through the range and ping every address. Another thing you can consider is listening for broadcast traffic such as ARP and collecting some of the information that way. I don't know what are you trying to make but you can't get many useful information this way, except for vendor of a host's network adapter.
Check my LAN Scan on Github. It does exactly what you want.
I recently used MMLANScan that was pretty good. It discovers IP, Hostname and MAC Address.
Bonjour have been around since 2002, have a look at it!
I mean, just look at their current tagline:
Bonjour, also known as zero-configuration networking, enables automatic discovery of devices and services on a local network using industry standard IP protocols. Bonjour makes it easy to discover, publish, and resolve network services with a sophisticated, yet easy-to-use, programming interface that is accessible from Cocoa, Ruby, Python, and other languages.
Here is a wireshark capture of an ARP request PNG image, I contains the sender MAC inside the ARP packet. The receiving station can derive the MAC from the Ethernet frame. It seems to be redundant. Is there any particular use of separately including the sender MAC address in ARP Request too ?.
The "redundancy" was by design (RFC 826), and can be useful in targeting different layers. In RFC 3927 there's what is known as Gratuitous Address Resolution Protocol (GARP), and in certain circumstances the redundancy, or lack of, plays an important role, especially in troubleshooting and monitoring networking stacks.
Actually it's not rendunancy at all, the MAC (physical, layer 2) and IP (logical, layer 3) addresses are not the same thing. They serve different purposes on different network layers.
On large scale networks it's quite common to observe changes in the MAC/ARP/Source/Dest information, and at times can seem almost incorrect. For example, you might see a host send an ARP request with its own address as the target address. Depending on the exact situation, it might be telling us it's a link up/down event, maybe it's trying update other devices ARP tables, or possibly detecting an ip conflict and moving the ip to another NIC.
I could get into clustering, failovers — the list goes on, although I would end up writing a book trying to explain it all. Hopefully this gives you a bit of insight about the "redundancy" you were questioning. ;-)
More Info:
RFC 826 /
RFC 3927
/ Wireshark Gratuitous ARP
Although often used in conjunction with Ethernet, ARP by itself is an independent protocol. Imagine other link layer protocols that do not expose MAC addresses. ARP would not work in such circumstances if the sender field was not provided.
There is no rule that the ARP protocol field sender mac address to be same as ethernet source mac address. Eg: Its possible in few applications where multiple interfaces of same host are on network, but one only interface sends arp responses for all interfaces.