IP Addresses Torn Apart By Ankit Fadia ankitATbol.net.in
____________________________________________________________________
Every system connected to the Internet or connected to a particular
network has a unique Internet Protocol Address of an IP
Address. Just as in the real world every person has his or her own Home
Contact Address, similarly every system connected to the Internet has its own
unique IP Address. Your IP Address is the address to which data should be sent
to ensure that it reaches your system. The IP Address of a system acts as the
system’s unique identity on the net.
One of my earlier manuals described an IP Address in the
following words: ‘….Like in the real world everyone has got an individual Home
Address or telephone number so that, that particular individual can be
contacted on that number or address, similarly all computers connected to the
Internet are given a unique Internet Protocol or IP address which
can be used to contact that particular computer…..’
Now, that you know what exactly an IP Address is, let us
move on to the structure of IP Addresses.
An Internet Address (IP Address) is a 32-bit address
or number, which is normally written as four decimal numbers (of 8 bits each) ,
each separated from the other by a decimal.. This standard is known as the dotted-decimal
notation.
Example: A Typical IP Address would be as follows: 202.34.12.23
It can be further broken down as:
203
representing the first 8-bits.
34
representing the next 8-bits.
12
representing the third 8-bits.
23
representing the fourth 8-bits.
Thus when considered together 202.34.12.23 represents
32-bits. So basically we can conclude that each decimal in an IP Address
represents 1 byte or 8 bits. It is important to note than an IP Address can
contain numbers from 0-255.
There are a huge number of IP Addresses in use in the
present day wired age. All these IP Addresses have some sort of relation with
each other and each individual IP Address can reveal a lot of secrets about the
Network, of which it is a part. Before we move on to that, we need to
understand the fact that all IP Addresses being used are divided into a
number of ranges, which are as follows:
Class Range
A 0.0.0.0 to 127.255.255.255
B 128.0.0.0 to
191.255.255.255
C 192.0.0.0 to
223.255.255.255
D 224.0.0.0 to
239.255.255.255
E 240.0.0.0 to
247.255.255.255
So, we can easily conclude that one can find out the Class
to which an IP Address belongs to simply by comparing the numeral before the
first decimal of the IP Address with the above table.
For Example: In The IP Address 203.43.21.12,
the number before the first decimal is 203 and the above table tells us that
it belongs to Class C of the range of IP addresses.
The various IP Addresses are divided into the different
classes on the basis of the structure of their Network or in other words on the
basis of what the various numbers separated by decimals actually stand for. To
understand this, let us refer to the following:
Class Information
A It
has the first 8-Bits for Netid and the last 24-bits for Hostid
B It
has the first 16-Bits for Netid and the last 16-bits for Hostid
C It
has the first 24-Bits for Netid and the last 8-bits for Hostid
D It
represents a 32-bit multicast Group ID.
E Currently
not being used.
The above table will be clearer after reading the following
examples:
Examples:
An IP Address 203.45.12.34 belonging to Class A
means that the network ID is 203 and the host ID is 45.12.34
If the Same IP Address belonged to Class B, then the network
ID would become 203.45 and the host ID would become 12.34
And if it belonged to Class C then the network ID
would become 203.45.12 and the host ID would become 34.
Almost all ISP’s prefer to use a Class B Network. If
that is the case then each time you login to your ISP, then the first 2
octets of your IP Address would not change, while the last two are likely
to change. However, even if only the last octet changes, and the remaining
three remain constant, it is likely that the ISP uses Class B addressing.
(Subnetting comes in. Explained later in the manual)
*****************
HACKING TRUTH: How do you find out the IP Address of your own system?
In order to get your own IP Address all you have do is, follow the below
process:
Connect to the Internet.
Launch MSDOS.
Type: netstat –n at the prompt.
You will get an output similar to the below:
C:\WINDOWS>netstat -n
Active Connections
Proto Local Address Foreign Address
State
TCP 203.94.253.183:1025 64.4.13.56:1863 ESTABLISHED
TCP 203.94.253.183:1031 209.143.242.119:80 ESTABLISHED
The IP Address shown under the Local Address Field denotes
the IP address of your system.
*****************
An IP Address, which belongs to the Class-A addressing
system having a network ID equal to 127, is referred to as the special address.
It is actually known as the Loopback Interface. It allows clients and
servers on the same system to communicate with each other.
The loopback address, which is commonly used, is
127.0.0.1. Almost all systems have also given the loopback address the
special name ‘localhost’.
Till now we learnt that an IP Address is a decimal notation
of a computer’s address in the wired world. However, the address of a computer
does not have to necessarily be in the decimal notation form. We will learn
about the various forms of an IP Address in the following section.
An IP Address does not necessarily have to be
represented in the dotted decimal form. There is more than a single way in
which one can represent an IP Address. Some of there are as follows-:
All the examples portrayed above are some form or the other
of the same address of the same system. What I mean to say by this is that
typing any of the following in your browser will take you to the same site: www.yahoo.com , 3631443189, 33034666365 and
216.115.108.245. The Binary form of this address, which is
11011000011100110110110011110101 may also work with certain applications.
NOTE: Please note that not all of the above work in all
browsers. And if you or your ISP has a Proxy or a firewall installed then some
of the above may not work. The author does not hold any responsibility for
failure of working on any of the above.
Now, that you have seen the various forms in which an IP
Address can be represented let us move on to as to how one can convert the
domain name into the above different forms.
To understand how the conversion works, let us take www.yahoo.com as the example domain. The first
step in our quest to represent www.yahoo.com
in various forms of IP’s is to get its normal decimal-dotted IP Address. One can easily get the IP Address of a
domain by various methods like WHOIS, netstat, ping, traceroute etc.
In this manual, I have used ping to get the IP:
C:\WINDOWS>ping yahoo.com
Pinging yahoo.com [216.115.108.245] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
The above screenshot clearly shows that the IP Address of
our example target system is 216.115.108.245.
Now that we have the IP Address, let us move on to
converting it into other forms.
In order to convert a decimal dotted IP Address into its
DWORD equivalent, one has to consider each number separated from the other
number by a decimal separately. So, in effect, 216.115.108.245 is broken
down into:
216.115.108.245=
216
115
108
245
Now, first one has to convert the above decimals into their
hexadecimal equivalents. This can easily be done by referring to the below
Decimal into Hexadecimal chart (or vis-a-versa):
0 1 2 3 4 5 6 7 8 9 A B C D E F.0 000 001 002 003 004 005 006 007 008 009 010 011 012 013 014 0151 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 0312 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 0473 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 0634 064 065 066 067 068 069 070 071 072 073 074 075 076 077 078 0795 080 081 082 083 084 085 086 087 088 089 090 091 092 093 094 0956 096 097 098 099 100 101 102 103 104 105 106 107 108 109 110 1117 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 1278 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 1439 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159A 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175B 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191C 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207D 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223E 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239F 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
Thus we get:
216=D8
115=73
108=6C
245=F5
As a result, 216.115.108.245 = D8736CF5
It is important to note that D8736CF5 is the Hex equivalent
of our IP and would always be a eight character long representation, however,
as a DWORD value is represented in the base-10 system, we also need to convert
in into the Decimal form. In order to do so, we need to follow the below
process:
Thus you now have the DWORD value represented in the Base-10
system. Typing www.yahoo.com or 3631443189 or 216.115.108.245
in your browser would all take you to the same site.
For all those of you to whom the above process seems to be
extremely cumbersome, the following Perl Script too would do the same process
less the calculations:
_____________________________
#!/usr/bin/perl
# By Ben
H. Originally by neeko.
# Usage:
dword.pl [ -q | --quiet ] host/ip
#
use
Socket; # for
gethostbyname()
use Math::BigInt; # so it fits..
my $quiet,
$host, @ip; # get some vars
started.
if (
$#ARGV < 0 ) {
print "$0";
print "Usage: $0 [-q | --quiet] host
\n";
exit;
}
if (
$ARGV[0] =~ /-q|--quiet/ ) {
$quiet=1;
$name = $ARGV[1];
}
else {
$name = $ARGV[0];
}
@host =
gethostbyname( $name ); # get the ip,
if a hostname is used
$foo =
$host[4];
# This
parses the result of the gethostbyname into numbers
for $n
(1..4) {
$ip[$n] = ord( substr( $foo , ($n-1) , 1 )
);
}
if ($quiet
!= 1) {
print "$name =
$ip[1].$ip[2].$ip[3].$ip[4] = ";
}
for $n
(1..4) {
$ip[$n] = ( $ip[$n] * ( 2 ** ( ( 3 -
($n-1)) * 8 ) ) );
}
print
($ip[1] + $ip[2] + $ip[3] + $ip[4]);
print
"\n";
exit;
____________________________
*******************
HACKING TRUTH: One can arrive at the DWORD in
the base-10 value by the following mathematical formula too:
IP Address= 216.115.108.245 (Found out Above)
Value of DWORD in Base-10 system: 3631443189 (Calculated)
216 * (256)3 = 216 * 16777216 = 3623878656
115 * (256)2 = 115 * 65536 = 7536640
108 * (256)1 = 108 * 256 =
27648
245 * (256)0 = 245 * 1 =
245
Adding the last column we get: 3631443189, which is equal to
the DWORD value that we calculated earlier.
*****************
Without closing the Windows Calculator, one can get the
various other forms of the same IP Address (216.115.108.245) by simply
selecting the corresponding number system.
To get the Binary form of the IP Address, one needs to
follow the below process:
Please note that most browsers do not accept IP Addresses in
Binary. The only way to use them would be by converting them to their Decimal
form, which would actually be nothing but the DWORD form represented in the
base-10 system.
To get the Binary form of the IP Address (216.115.108.245),
one needs to follow the below process:
Thus 216.115.108.245, would become:
216= 330
115=163
108=154
245=365
Now, when you type the Octal equivalent of the IP Address in
your browser then you have preeceed each field with a ‘0’. Thus in our example:
http://216.115.108.245 becomes http://0330.0163.0154.0365
One could also have used the below chart for the conversion
process:
0 1 2 3 4 5 6 7 8 9 A B C D E F.0 000 001 002 003 004 005 006 007 010 011 012 013 014 015 016 0171 020 021 022 023 024 025 026 027 030 031 032 033 034 035 036 0372 040 041 042 043 044 045 046 047 050 051 052 053 054 055 056 0573 060 061 062 063 064 065 066 067 070 071 072 073 074 075 076 0774 100 101 102 103 104 105 106 107 110 111 112 113 114 115 116 1175 120 121 122 123 134 125 126 127 130 131 132 133 134 135 136 1376 140 141 142 143 144 145 146 147 150 151 152 153 154 155 156 1577 160 161 162 163 164 165 166 167 170 171 172 173 174 175 176 1778 200 201 202 203 204 205 206 207 210 211 212 213 214 215 216 2179 220 221 222 223 224 225 226 227 230 231 232 233 234 235 236 237A 240 241 242 243 244 245 246 247 250 251 252 253 254 255 256 257B 260 261 262 263 264 265 266 267 270 271 272 273 274 275 276 277C 300 301 302 303 304 305 306 307 310 311 312 313 314 315 316 317D 320 321 322 323 324 325 326 327 330 331 332 333 334 335 336 337E 340 341 342 343 344 345 346 347 350 351 352 353 354 355 356 357F 360 361 362 363 364 365 366 367 370 371 372 373 374 375 376 377
********************
HACKING TRUTH: In an Octal IP Address there
can be any number of zeros preceding the numbers, without resulting in a change
in the address of the remote system.
This means that http://0330.0163.0154.0365
can also be written as http://000330.000163.000154.000365
*******************
Typing www.yahoo.com or
3631443189 or 216.115.108.245 or http://0330.0163.0154.0365
in your browser would all take you to the same site.
One could also represent an IP address in its Hexadecimal
form. Remember the Hex value that we obtained while converting 216.115.108.245
into its DWORD equivalent? Well, in this case we make use of that same value.
We had calculated that:
216.115.108.245 = D8736CF5
Now, when we write an IP Address in Hexadecimal form, then
we do so by writing the following (Preceding each value with a ‘0x’ which denotes
that the following value is in Hexadecimal):
The above could also be written as: http://0xD8736CF5
Note: Most versions of Netscape do not Support Hexadecimal
IP Addresses.
Thus, typing www.yahoo.com
or 3631443189 or 216.115.108.245 or http://0330.0163.0154.0365
or http://0xD8.0x73.0x6C.0xF5 or http://0xD8736CF5 in your browser would all take
you to the same site.
You can create a cross breed by combining any one or more of
the above formats. However, one has to keep in mind the browser compatibility
while doing so.
The most common method of getting the IP Address of other
systems, is through Instant Messaging Software like ICQ, MSN Messenger, Yahoo Messenger,
AIM etc. In this manual we briefly discuss them all.
I Seek You or ICQ is one of the most popular chatting
software around. With it not only comes easy pastime, but also security
concerns. ICQ has an inbuilt IP Address Hider, which when enabled is supposedly
able to hide your IP from the users you are chatting with. However, like most
IP Hiding software, this too is nowhere near good. You can find out the IP
Address of any ICQ user, even if IP Hiding has been enabled, by following the
below process.
1.)
1.)
Launch MSDOS and type Netstat –n to get a list of already open ports and
the IP’s of the machines with which a connection has been established. Note
down this list somewhere.
2.)
2.)
Now, launch ICQ and send a message to the victim.
3.)
3.)
While you are still chatting, go back to DOS and again give the Netstat
–n command. You will find that a new IP signifying a new connection. This would
be the IP Address of the victim.
This method of obtaining the IP Address of the person with
whom you are chatting to is quite common. However, it works only with ICQ and
other select Instant Messengers. It certainly does not work with MSN Messenger
and Yahoo Messenger etc. The main reason behind this is the difference in the
working of ICQ and MSN Messenger.
Let us assume that your IP Address is xx.xx.xx.xx and your
friend’s IP Address is yy.yy.yy.yy
Case I (ICQ):
Whenever you start a chat session with your friend in ICQ a direct
connection between you and your friend is opened by the ICQ software with the
help of the ICQ server. Thus all messages that you type are sent in the
following manner:
xx.xx.xx.xx
------------------à yy.yy.yy.yy
(you) (friend)
And all the messages that your friend types, reach you in
the following manner:
yy.yy.yy.yy-----------------à
xx.xx.xx.xx
(friend) (you)
Thus a direct connection has been established between your
system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) As a result when
you give the netstat –n command, you can obtain his IP Address.
Case II (MSN Messenger):
Whenever you start a chat session with your friend in MSN
Messenger an indirect connection between you and your friend is opened via the
MSN Server. Thus all messages that you type first go the MSN server which then
forwards them to your friend and vis-a-versa. Communication takes place in the
following manner:
xx.xx.xx.xx
------------------à MSN Server---------------àyy.yy.yy.yy
(you) (friend)
And all the messages that your friend types, reach you in
the following manner:
yy.yy.yy.yy-----------------àMSN
Server-----------------à xx.xx.xx.xx
(friend) (you)
Thus as an indirect connection has been established between
your system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) giving the
netstat –n command does not give you your friend’s IP, but instead displays the
IP address of the MSN server.
The same is the case for Yahoo Messenger and also some other
Messaging Software.
However, even such utilities are vulnerable to giving away
the IP Address of the target system on issuing the Netstat –n command. All one
has to do is (Please note that I am using MSN Messenger as an example) :
The same will work if you send a Request for a Call and the
victim accepts it.
Besides Instant Messengers, there are some others ways in
which one can get someone else’s IP Address. Say you have a site and want to
get the IP Addresses of all the people who visit your site then the following script
can be modified to create a file which records them all:
<HTML>
<BODY>
<SCRIPT>
var ip = new
java.net.InetAddress.getLocalHost();
var ipStr = new
java.lang.String(ip);
document.writeln(ipStr.substring(ipStr.indexOf("/")+1));
</SCRIPT>
</body>
</HTML>
With that we come to the end of the first edition of the IP
Addresses Torn Apart manual. In the next edition we will go deeper into the
secrets of IP Addresses and their structures and workings. Hope you liked this
manual and do send in your comments. Thanks and till next time, take care.
To receive tutorials written by Ankit Fadia on everything
you ever dreamt of in your Inbox, join his mailing list by sending a blank
email to: [email protected]