Introduction
As you would learn in basic TCP/IP, when a host connects to another
host, it has to determine whether or the connection is local or remote
(on the same subnet or on a different subnet). When connections are
local, the two hosts usually directly connect to one another to
communicate. When they are not, however, they have to connect to a
router, which forwards the packets along a path that eventually reaches
the packets' final destination: the remote host.
Well, in order to do this (that is, determining whether or not the
connection is local or remote), the host will execute a simple
mathematical function called an AND function. Even though this all
takes place automatically, it's important to understand it to in turn
understand how IP-based systems know whether to send packets to a host
or a router.
The Operation Itself
The AND function (or operation) is pretty simple...two binary digits are
compared, and based on their combination, a result is produced. It's
not addition, multiplication, subtraction, division, etc... I mean,
there are only 3 outcomes possible when ANDing two binary digits.
CODE :
0 AND 0 = 0
0 AND 1 = 0
1 AND 1 = 1
0 AND 1 = 0
1 AND 1 = 1
Basically unless the two digits are both 1, the result is 0.
But...how is this used in determining whether or not a host is local or
remote, you ask? I'm getting to that.
Using the ANDing Process to Determine the Location of a Host
It's really not too complicated. Basically, the host takes its own IP
address and ANDs it with its own subnet mask. Next, it takes the
destination IP and ANDs it with its own subnet mask. Then, it compares
these two numbers. If both results of the ANDing are identical, then
the hosts reside on the same subnet, and it is a local connection. If
they aren't, the destination host is remote, and they don't reside on
the same subnet.
Pretty simple, huh? Well, just to be sure you got the hang of it, let's
go over an example.
Host 1's IP is 192.168.1.3 (a class C IP address, if you remember my
previous articles) , with a subnet mask of 255.255.255.0
Host 2's IP is 192.168.1.7, which is also class C, and has a subnet mask
of 255.255.255.0.
Well, to find out if the connection is local or remote, Host 1 starts
the ANDing process.
CODE :
Host 1's IP in binary (you should remember how to do this from my
previous
article):
11000000 10101000 00000001 00000011
Host 2's IP in binary:
11000000 10101000 00000001 00000111
Subnet mask in binary:
11111111 11111111 11111111 00000000
ANDing process for Host 1:
11000000 10101000 00000001 00000011 AND
11111111 11111111 11111111 00000000 =
11000000 10101000 00000001 00000000 (result)
ANDing process for Host 2:
11000000 10101000 00000001 00000111 AND
11111111 11111111 11111111 00000000 =
11000000 10101000 00000001 00000000 (result)
Comparing the results against one another:
Host 1: 11000000 10101000 00000001 00000000
Host 2: 11000000 10101000 00000001 00000000
previous
article):
11000000 10101000 00000001 00000011
Host 2's IP in binary:
11000000 10101000 00000001 00000111
Subnet mask in binary:
11111111 11111111 11111111 00000000
ANDing process for Host 1:
11000000 10101000 00000001 00000011 AND
11111111 11111111 11111111 00000000 =
11000000 10101000 00000001 00000000 (result)
ANDing process for Host 2:
11000000 10101000 00000001 00000111 AND
11111111 11111111 11111111 00000000 =
11000000 10101000 00000001 00000000 (result)
Comparing the results against one another:
Host 1: 11000000 10101000 00000001 00000000
Host 2: 11000000 10101000 00000001 00000000
As you can see, they're the same, meaning they're on the same subnet, and are
locally connected to one another.
Now, there are two different ways to write an IP address using subnet masks.
For one, you have a host's class A/B IP and subnet mask; for two, you have its
class C IP and subnet mask (but shown in bits). For example, 49.22.2.3
255.0.0.0 (class A IP and subnet mask), or 192.168.1.3/24 (class C IP and
subnet mask shown in bits (255 in binary is 11111111 or 8 bits...1111111*3=24
in base 10)).
More on Subnets
Often times it is fairly useful to divide a network into smaller networks.
Reasons for this are outlined in my previous article, but to recap: to prevent
the wasting of IPs, to make it difficult to map the internal structure of a
network, etc. Well, here's how it's done.
Let's say we want to divide a class B IP into 8 subnets. As you should know at
this point, the class B subnet mask is 255.255.0.0. Well, to do this, we need
to use something called the borrowing process (maybe covered in a later
article) to create the 8 subnets. Since we need 8, we need 8 different
combinations + 1 more (the broadcast (also maybe covered later)), so 9 in
total.
The binary equivalent of 9 is 1001, which is 4 bits long.
CODE :
Subnet mask:
11111111 11111111 00000000 00000000
Putting 4 bits into the third group (or the first octet of the host part of the
IP (read earlier articles!!!)):
11111111 11111111 11110000 00000000 (240 in base 10)
11111111 11111111 00000000 00000000
Putting 4 bits into the third group (or the first octet of the host part of the
IP (read earlier articles!!!)):
11111111 11111111 11110000 00000000 (240 in base 10)
So our new subnet mask would be...? You might have guessed it, 255.255.240.0.
A simple calculation to determine the number of subnets is 2^x-2 (as stated in
a previous article, once again! :P), where x is the bits number for the subnet
mask (or 4 in the above example).
The calculation for subnets addresses (finally, something new, eh?) is 256-s,
where s is the value of the subnet mask; above, this value was 240.
The calculation for the hosts number is 2^y-2, where y is the number of
remaining bits. In our example, this was 12, because:
CODE :
----------------------bits left (12)
11111111 11111111 11110000 00000000
----------------- bits
----------------inserted
------------------(4)
11111111 11111111 11110000 00000000
----------------- bits
----------------inserted
------------------(4)
The IP address numbers are between the IP of the first subnet and the IP of the
last subnet witht he exclusion of the broadcast and network IPs. Broadcast IPs
have all the bits of the host portion set to one (255s), and network IPs have
all the bits of the host portion set to 0 (0s).
Let's sum this up with one last example.
Let's divide a class C IP address into two subnets. We'll use 192.168.1.3
again. As you already know, you need 2 subnets +1 for broadcasting, so 3
total. In binary, 3 is 11, or two bits. The class C subnet mask (as you
should know by now) is 255.255.255.0. After the borrowing process, its last
group becomes 11000000, or 192 in base 10. So the new subnet mask is
255.255.255.192.
Number of hosts: 2^6-2=62 (y is 6 in this case)
Subnet addresses: 256-192=64 (s is 192)...so it starts with 192.168.1.67 then
goes to 192.168.1.131...it starts with 64 and keeps adding 64.
That's about all I can cover in the scope of this particular article. As
always, look out for articles from me in the future.
https://www.hackthissite.org/articles/read/902