Internet Protocol (IP) Addressing

 In our previous article, we looked into The Domain Name System (DNS) . We found that "www.google.com" actually doesn’t exist !!! What exists is the IP address. For making it easier for humans to communicate with different web servers, we established a Domain name system. These DNS servers convert the web address that we enter in our browsers with it’s corresponding IP address. This means that whenever we type the address - "google.com", our browsers does’t directly send the request to google’s server. It first sends the request to the nearby DNS server and gets the IP address of "google.com" to which our browser sends the request. This is just a glimpse of DNS . For reading a whole article on DNS - click here.

One of my favorite TV Shows-Mr.Robot

To a hacker,you're just an IP Address. You get hit because you let yourself be an easy mark. It takes just an IP to know everything about you (Metasploit). It's always fun to pick on the nerd...until he has your IP.

So, this is what an IP address looks like...

“ 192.168.1.1 "

 >. An IP address is basically a combination of 4 numbers (These numbers can be represented in 4 Bytes). 

 >. Each number is of maximum 3 digits lying in the range from 0 - 255. Basically a binary number of 8 bits at most (from 00000000 to 11111111).

 >.Every number is separated by a decimal point “ . “ .

 >.Every IP address is comprised of 2 addresses - “The Network Address” and “The Host Address”. The Network address of a device implies the network it is connected to. The Host address defines signifies the device itself.

Classification of IP Address: 

We now know that the IP Address starts lies between : 0.0.0.0 and 255.255.255.255. On the Basis of the first number (first 4 Bytes) , the IP address is classified into 5 Classes. 

Class A: 

It’s first number lies between 0 and 127 (128 numbers). Therefore the following address can be considered as a Class “A” IP address:

“  10.0.0.1 “

As we discussed earlier, that the IP address is comprised of a Network and a Host ID. For Class A , the network ID is Basically alloted to the first number only (first 8 bits out of 32). Rest of the bits are for Hosts.

Therefore the Network ID of the IP address(mentioned above) is “ 10.0.0.0 “. 

To calculate the Network ID from a given IP address, just put all host bits ‘ 0 ‘ .

The Subnet mask of Class A IP address is 255.0.0.0 . What’s a subnet mask? We’ll look into it in a minute.

Class B:

An IP Address of Class B has it’s first number from the range 128 to 191. This is an example of Class B IP Address:-

" 178.168.4.6 "

The first 2 numbers are for the Hosts. Ergo, The Network ID is 178.168.0.0 (Host bits '0').  

The Subnet mask for this class address is 255.255.0.0 .

Class C:

First 3 numbers dedicated to the Network with the first number in the range of 192 to 233. The Subnet Mask is 255.255.255.0 .

Eg:-  " 192.168.1.1 ".

N/W ID:-192.168.1.0

Class D and E are a bit different from the previous classes. Class D is used for a one to many relation i.e. Multi-casting purposes. Class E is used for one to one connection i.e. Uni-casting. Both of these aren't for a particular Host. Therefore there is no need of segmentation of the IP into Network and Hosts.

Purpose of Subnet Mask :

If you take a closure look at the various class IPv4 addresses and their corresponding Network Addresses, you'll find a connection between them. All the Host bits are zero. Just by looking at the IPv4 ID can we compute the Network ID (This is only possible in Classful IP Addresses). This is how it's done:-

Taking an example of the following IP address : " 192.168.16.5 " We know , by looking at the first number that this address belongs to Class C. Therefore we know that it's subnet mask is : 255.255.255.0 .

                                         

By performing a bit wise logical AND operation, we get the following result- 192.168.16.0 This is nothing but the Network ID.

Problem with IPv4 Classful protocol:-

This protocol was a great way to assign an identification to anyone who wanted a Network. This Authority of assigning IP's to various organizations was given to The "Internet Assigned Numbers Authority" (IANA). As soon as this protocol was accessible to the world, the Numbers filled drastically… There was scarcity of Address to assign. This was due to Excessive demands and also due to the wastage of non-utilized IP's . Let's understand the source of the wastage:

Consider a small organization, which requires 10 Computers for itself. It gives a request to IANA and gets an IP address : 192.168.5.10 . Since we know that this is a Class C address. It’s maximum number of Hosts would be 255 . But since this particular organization would not have more than 10 PC's , 245 locations would go unutilized. Wastage!

So, to overcome this problem, we could either increase the number of bytes (IPv6) or Manipulate the Subnet Mask(Subnetting) .

Anyways, there are some IP Addresses that cannot be assigned to any of the organizations. Here they are:-

• 127.0.0.1-This IP address represents the local host. The system itself. From Every computer's point of view, it is the address that points to itself.
• All Host Bits Zero- An address like 192.168.4.0 or 10.0.0.0 or 220.15.0.0 is invalid. As we saw above that this represents the Network ID.
• All Host Bits One- This is known as the Broadcast Address. If in an address, a same request/message is to be sent to all the connected Hosts, we use the Broadcast Address. Hence, an address like 192.168.255.255 cannot be used.

Therefore if A company/organization wants to setup 5 Hosts in it's Network, 2 extra addresses are going to be required for Network and Broadcast Purpose. That means 7 total Addresses.

There are also some private IP Addresses for each classes. These IP addresses didn't need any registrations to IANA. Thus, any organization can use it for free. These are the private IP addresses:-

This is why most of you must have seen the IP addresses starting from 192.168 very often.

Classless:

Till now we found that for each classes we had a fixed Subnet mask that could tell us the number of Networks and host that can be found in that Class. This was (as we saw above) a limitation. Therefore, We removed the concept of Classes. This was done by manipulating the Subnet Mask. In Short, no Classes, no fixed Subnet masks.

This was the idea: Taking the same example as before, if an organization asks for 2 PC's to Host. We would require to provide the Subnet mask which allots 4 places for the organization (2 for Hosts and 2 Reserved) .We provide an IP address: " 192.168.16.4 ". But now we alter the Subnet Mask from 255.255.255.0 to 255.255.255.252

Let us now check the Network ID and the requirements.

11000000 . 10101000 . 00010000 . 00000100    (Binary for 192.168.16.4)

      11111111 . 11111111 . 11111111 . 11111100   (Binary for 255.255.255.252)

---------------------------------------------------------------------------------------------------------

11000000 . 10101000 . 00010000 . 00000100   (Binary for 192.168.16.4)

N/W ID- " 192.168.16.4 "

This means the first computer in this very network would be 192.168.16.4 , 192.168.16.5 , 192.168.16.6 , 192.168.16.7 (All of these with same N/W ID- 192.168.16.4). As soon as we try and add another PC into this network and assign the IP address 192.168.16.8, The Network would be changed. Hence, not valid. Don't believe me? Let's try it out:-

11000000 . 10101000 . 00010000 . 00001000    (Binary for 192.168.16.7)

      11111111 . 11111111 . 11111111 . 11111100   (Binary for 255.255.255.252)

---------------------------------------------------------------------------------------------------------

11000000 . 10101000 . 00010000 . 00001000   (Binary for 192.168.16.8)

N/W ID- " 192.168.16.8 "(Different Network).

Also, We reduced the Vacancies. But this still does not mean that we are able to decrease the vacancies by 100%. Therefore a new IP protocol was established. Hence, IPv5 was made. But that didn't work and was rejected. Finally we gave birth to IPv6 Addressing. I'll be dedicating another article for IPv6. But just to give a brief idea… IPv6 had more than 4 bytes. Also each byte was separated by a colon ( " : "). The digits entered was Hexadecimal number of 16 bits. Anyways, This was all about IPv4. I hope you got some idea about what an IP is and how does it work…

If you want to check your own IP:-

1. Goto Run.
2. Type cmd and hit enter.
   
3. type " ipconfig ".

I know this concept is a bit tricky. I had a hard time understanding it myself. But it's one of the most Fascinating topics I've ever come across. Need less to say, the inventors of IP Address (Robert Elliot "Bob" Kahn and Vint Cerf) were the "real genius". They made it possible for us to communicate through such long Distances. There is still more to IP. But just so I don't make this article too length, we'll look at it in our upcoming articles. 

I hope this helped. Thanks for reading !!! If you have any sorts of doubts, or want me to send a more detailed explanation of the Internet Protocol addressing to your email, please feel free to let me know .

Till then, Keep Exploring !!!

Domain Name System

" Love - It's when you memorize her IP Address to over come the DNS overhead  "

In it's earlier days, internet websites or rather servers were very limited and not used by a large audience. Hence it was ok to access these websites using their IP Addresses. But as Internet grew more popularity, the number of Web Servers and it's audience grew more. It was hard for people to reach out for these web servers just by their IP Addresses. Therefore, The GREAT Stanford Research Institute came up with a possible solution. They created and maintained a database file which would contain various IP Addresses along with their corresponding Web Addresses. This file was known as HOSTS.TXT .

Being a text file, we couldn't utilize the information efficiently. Also at times when there is a load of Client requests waiting to be responded, HOST.txt was not a fit choice. That is when Paul Mockapetris came up with a whole system to manage these Domain Names. He suggested to store the information into a Database. Thus making it more easier and efficient to use it. 

So next time if any client wanted to access any web server, he/she wouldn't need to type the lengthy and complicated IP Address. The Client would enter the web address in their browser. Their browser would automatically visit the corresponding IP Address by looking into the HOSTS.TXT database.

This was a great solution. Human mind can remember the web address easily than the IP Addresses. Gradually the number of Entries in HOSTS.TXT increased rapidly thus increasing the size of the database. Now various servers were established to store and maintain these database files. These servers were named Domain Name System Servers. Whenever a client made a request to a Server Web Page, the request was first sent to the DNS to fetch the corresponding IP. 

Let us now check out how this Domain name system actually works…

Domain Name database has a hierarchical structure i.e. it has various levels at which the domains are stored. Take the example of the web address : “holymotherpython.blogspot.com”, this web address can be broken into 3 domain names: “n8working” , “blogspot” and “com”. All these are the domain names . Whenever a request to visit this particular URL is received by the DNS server, a program runs that reads the URL backwards. As soon as the program finds a “ . ” , it moves one level down and continues accordingly. This means that first, the program reads “com” then "blogspot" and finally "n8working". Therefore .com is a Top Level Domain (TLD). 

The “com” can be considered as a directory or a folder which has other folders inside it. These folders have further folders inside it. To access a particular folder, you first need to open it's prior folder. 

For those of you who are acquainted with Linux (UNIX) OS, understanding DNS will be really easy. 

• In UNIX operating system, all the other directories and files are stored inside the “Root” i.e. “ / ” directory. Similarly, all the DNS domains are stored inside the “Root” i.e. “ . ” Domain.    

• In Unix file system, the absolute path for a particular directory is separated by “ / ” . Similarly in the DNS, to separate the two domains, we use a “ . ”. Now you know why  there is a Dot ( . ) in a URL.

• This also means that any URL originally has a Dot ( . ) at it’s ends. But we don’t actually write it… our intelligent Browsers automatically adds it.  

With the overgrowing demand of web pages, the demand for accessing the root servers also increased. Therefore having 1 root server to maintain the whole world’s HOSTS.txt database wasn’t such a good idea.Therefore there are 13 Root servers. These Root servers were identified as Capital Alphabets- Root server A,B,C,D…..,M (That’s 13). Many copies of these Root servers were established across the globe. 

Even after creating such parameters, there was trouble managing all the websites. 

The DNS servers faced the following challenges:

• Consistency

• Overload of Traffic
• Name similarity causing collisions

There were many similar websites. We can take the example of Google: we have google.com , plus.google.com , mail.google.com etc. So these firms were asked to maintain there own DNS servers whose root server is going to be google.com . This smaller DNS server had all the information of google’s websites. This DNS server was named as Name-server. The root of the Name-server was added into the original DNS database. Therefore a Name-server is a server which holds up all the information about a small part of DNS database. 

DNS Resolution:

Assume that a client is trying to access google.com . He/she types the web address into the browser. The browser first sends the request to the nearest DNS server. The server reads the web address (backwards) and looks into the Top level to match up with the TLD’s. If the program finds the following TLD (in our case “ com “), it checks the domains under that TLD. This process is continued until the whole web-address is read. Also every time a domain is available on the DNS directory, it sends a referral carrying the corresponding IP.

You can also view the whole process in your pc. Follow the following steps: 

• Go to the Command Prompt. (Win + R -> type " cmd " -> Enter)

• Type:-  " nslookup " + Enter.

• Type any website address whose IP you want to check and press Enter.

This however, doesn’t mean that the DNS servers and the Name-servers have all the web-addresses and the corresponding ip addresses of all website…

There is still the more deeper and more darker part of the internet. Amazingly, this part is the majority of the internet. “THE DEEP-WEB”!!!. DNS doesn’t carry information about the Deep-web websites. This is due to the fact that most of these websites are reached out by directly entering the IP Addresses.

We’ll look into the fascinating yet terrifying world of deep web soon in the upcoming articles.

Till then, Thanks for Reading !!! Let me know in the comments if you have any queries or if you liked it.

Some Fascinating People!!!

You probably came here from my earlier post.

If you haven't,go check it out first here. Well here it is...

Hyper Text Transfer Protocol (HTTP)

In our previous article, we saw that for data to pass from one host(Client/Server) to another host(Client/Server) it requires to go through a set of logical Layers of Network (OSI and TCP/IP model) . For those who haven't gone through it yet, please click here.                                    

We noticed that the Top Most Layer of the model is "The Application" layer. This layer deals with the applications through which we can connect to the internet(eg. Web Browsers). "HTTP" is the protocol of Application layer. It stands for Hyper Text Transfer Protocol. Hyper-Text is a term that define the words those are linked, thus Hyperlinks. HTTP is a request/response prototype. Means whenever we type a web address and hit enter, our web browser sends a request to that web server which gives us a Response. This is the basic analogy behind the whole protocol.

 All of us know about "www"(World Wide Web). Almost all the website addresses start with "www", for eg: "www.holymotherpython.blogspot.in" . Well what exactly is "www"?

In 1989, Tim Berners-Lee, a British scientist at CERN, along with Robert Cailliau invented the first Web Browser and named it…"WWW"! which was later named Nexus. Therefore by using the services of www , we could connect to the internet.

The "www" service needs an unique address to locate the server's Host. This address is called the Uniform Resource Indicator(URI).

In the figure above, we can find all the indications that the web browser needs to locate the Receiver's PC(usually Servers). It informs that the request is made through the HTTP Port i.e. port number 80. And various other details as well. A certain part of URI contains a Uniform Resource Locator(URL) as well. As the technology advanced, the web browsers became intelligent. As a result we now don't need to type the lengthy URI which are harder to remember, instead we just type the URL. But this does not decrease the importance of  URI's. It's still there. Our browser adds it automatically.

But http wasn't always this smart. The first version of Http i.e. HTTP v1.0 had some of the gaps which was later filled with HTTP v1.1 . Let's look at them one-by-one.

HTTP 1.0

This protocol was non-persistent and stateless. Persistency in a network means, sustaining the network connection until all the data has been transported. This wasn't the case with HTTP 1.0. To understand better, let's take the following example that resembles HTTP 1.0.

Let's say, you wish to call your friend(say his name is Dick Rules.)to inquire about something.

You call his phone.

You: "Hello…"

Dick: "Hey , What's up?"

And then he hangs up the phone.

You again call your friend Dick and reply.

You: "Hey I just wanted to check if you're still up for that movie?"

Dick: "Yeah Dude. Totally."

He again hangs up.

You still got to ask him if he could pick you up...

You: "Hey dude , i need a ride..."

Dick: " Yea,sure man. I'll be there till 9 pm. Is that good for you?"

And before you could answer him, he hangs up again!!! Well he's Dick after all! Agreed…but this is what exactly was wrong with HTTP 1.0 . It was non-persistent. As soon as the server got the request from the client's computer, it sends a response and immediately terminates the connection. This way the client can only send a single request .

Now, let's understand what stateless connection means.

Assume Dick calls you... 

You: Yeah man?

Dick: Hey could you tell me which movie were we going?

You: Twilight! I love it (Yeah! That's you...)

You hang up.(Cause non-persistent connection)

Dick calls again.

Dick: Hey, what was the name of the movie again?

You: Twilight.

You Hang up. He calls again and asks you the same thing and you reply again.

Now, after sometime you'll probably get pissed off at him...but this isn't the case with HTTP 1.0 . In Http 1.0 there was no memory to store your last request...So even if the client requests same thing again and again, the server responds and terminates the connection, again and again. Now let's see the case with HTTP 1.1

HTTP 1.1

HTTP 1.1 is statefull and persistent. This means that the connection is going to be alive until officially terminated by the client. This termination is known as an Overhead. Also if you request the server for something, it goes into server's memory.

Architecture of HTTP

Http has a header which carries the relevant data within it.

There is a slight difference between Client's header and Server's header for HTTP. The client has a Request Line and server has a Status(Response) line.

Request Lines are the lines which indicate the type of request the client makes. Status lines are the lines that inform about the response generated by the server.

Request Lines: These are the commands given by the Client's Browser.

GET : 

Whenever  a client wants to look a document in a webpage, this is the method by which our browser does so. You can check it yourself in your  Browser: " Open Browser(I use Edge)  -> press f12 ->Network".

POST: 

This is used when the client makes a small entry in a web page . eg. Usernames, passwords etc.

PUT: 

This method is used when client wants to enter a big data into a webpage. Say writing a post for your blog or some email message.

HEAD: 

Used whenever client wants the information about the document instead the document itself.

TRACE: 

Remember in our previous article we noticed that between a client and server there are many intermediate servers which pass on the upcoming data forward. If the client wants the information about these intermediate servers, he/she uses this method. This is a good method to check out the problem in between a particular network. Although, for privacy issues many of the servers don't respond to this method request.

There are more request lines but I think that till now, you probably got an idea behind using the Request lines. Moving on to Status Lines.

Status Lines: 

These are actually numbers that signify the status of response made by the server. There is a particular range of numbers used in this service.

100 (INFO): 

If a client makes a request asking about the information of some object from the web page, assuming that the server agrees to respond. The server along with the information sends a code that falls in this range.

200 (ALL OK): 

When a request made is responded successfully, this status line is used. Refer to the figure above.

300(Redirection) :

If for some reason the original website URL is changed to another, then to redirect all the client requests for the same URL, this code is used. If the redirection is Permanent, then code 301 is used. If the redirection is temporary, code 302 is used.

400(Client Error) :

 "Error 404"This code has annoyed me a lot. It tells that there is some problem at Client's end. Hence can be corrected.

 500(Server Error) :

This code signifies error from Server's end. Thus all that a client can do is wait for the site to resolve the error.

There is an even better version of Http now - "HTTP /2"

This was the introduction of HTTP but there's still more to it like DNS, Cookies, Web Page etc. In our next article we'll look at the DNS in details. 

I hope you found this article helpful. Please Comment and share your thoughts with me.

Till then...Keep Exploring!

Oh! and also if you find the name of your friend (mentioned in above example)in any ways offensive, here's my justification.