|Class||1st octet range||prefix length||net mask||leading bits||#networks||#hosts per network||total #hosts||unregistered, private networks (# of them)||notes|
|A||1. - 126.||/8||255.0.0.0||0||126||16M||2G||10. (one)||huge nets always subnetted|
|B||128. - 191.||/16||255.255.0.0||10||16K||64K||1G||172.16. - 172.31. (16)||typically subnetted|
|C||192. - 223.||/24||255.255.255.0||110||2M||254||.5G||192.168.0. - 192.168.255. (256)||most common class|
|D||224. - 239.||1110||0||multicasting only.|
|E||240. - 255.||1111||reserved for experimental only.|
IP address: logical/heirarchical/routable (vs. MAC address: physical/flat/nonroutable)
IP address: 2 parts: network ID and host ID bits. (network bits on the left, host bits on the remaining rightside).
[cf. telephone number = (country code and) area code (and exchange) + subscriber]
The (sub)net (or default) mask indicates where the division is. A 1 bit in mask indicates corresponding bit of IP address is part of network ID, a 0 bit indicates part of host ID.
In classful IP addressing the boundary falls between octets. A 255 in mask indicates all 8 bits of that octet are 1's and so the corresponding octet of the IP address is part of the network ID.
Class A network the 1 left octet is the network part, the 3 right octets the host part.
Class B network the 2 left octets are the network part, the 2 right octets the host part.
Class C network the 3 left octets are the network part, the 1 right octet the host part.
First octet indicates which class and subnet mask.
Host part can not be all 0's (is network address) or all 1's (is broadcast address). These are the first and last, respectively, addresses of the network.
Example: 192.168.100.105 is a host address in a class C network (we are assuming classful addressing)
because first octet 192 is in the range of class C networks.
In class C networks, the first 3 octets (24 bits) are the network ID part,
the rightmost octet the host ID part.
So the network address is 192.168.100.0 (host bits all 0).
192.168.100.255 (host bits all 1) is the broadcast address of this network.
There are 254 available host addresses, ranging from 192.168.100.1 thru 192.168.100.254
Example: 172.16.3.105 assuming classful addressing is a host in the class B network 172.16.0.0 (network address). The first 2 octets are the network ID part, the rightmost 2 octets the host ID part. 172.16.255.255 is the broadcast address of this network. There are 65534 (216=64K-2) available host addresses, ranging from 172.16.0.1 thru 172.16.255.254
IP addresses starting with 10., 172.16. thru 172.31., and 192.168.,
are unregistered addresses
for private internal networks not directly accessible from the Internet.
These networks are "hidden" from the Internet by the router/default gateway which does a translation to and from the unregistered address to an Internet-accessible registered IP address (this process is called NAT: network address translation).
These addresses are considered unroutable in the Internet and would be dropped by any router receiving an IP packet containing such an address in the Source or Destination field.
Without these unregistered addresses the IP address space would have been exhausted by now because every host would have to have a registered IP address.
Typically, all the networks of your private internetwork could be unregistered with only the farside of your router that connects to your ISP having a registered address of the ISP's network. Using a Web service like grc.com's Shield's Up will tell you this Internet address.
Classful addressing is officially obsoleted by classless addressing
(CIDR: classless inter-domain routing).
In classless addressing, boundary can be anywhere using a variable-length subnet mask (VLSM), which allows networks to have any power of 2 (-2) hosts i.e. 2, 6, 14, 30, 62, 126, 510, 1022, etc. A network can be subnetted into smaller networks. Also, smaller networks can be aggregated into a larger network with supernetting.
But people and some software still think in terms of classes.
127.* is loopback network. 127.0.0.1 is address of loopback device, whose name is localhost, a synonym for itself.
169.254.* is link-local address. autoconfiguration/Zeroconf/APIPA
Typically if host isn't statically configured nor using DHCP (or, most likely, DHCP fails), then this is the fallback.
"first" and "last" network in each class are reserved (A: 0 and 127;
B: 128.0 and 191.255; C: 192.0.0 and 223.255.255 martian networks).
zero network: 0.0.0.0 means this local network. Its broadcast address is 255.255.255.255
RULEs: an (IP) network should have only IP addresses of that network for the hosts of that network (i.e. no interlopers from other IP networks) AND all IP host addresses of that IP network should be in this network (i.e. no host addresses of this IP network should be in other networks).
20 byte header.
Usually no Options.
Most important fields are Source and Destination IP addresses.
Data field is the payload the packet is carrying, usually a TCP segment or UDP datagram. or an ICMP message. specified by the protocol field: 1=ICMP, 6=TCP, 17=UDP.
IP packet is just another layer of encapsulation. IP's role is to get a packet from source host to final destination, travelling thru the networks of the internetwork, hopping from router to router.
16-bit Length field implies <=64KB Data field but usually the TCP/UDP payload has been segmented to fit in an Ethernet frame.
TTL field decremented at each hop across internetwork. Packet will be discarded if TTL reaches zero, ensuring endlessly circulating packets are dropped. Basis of traceroute.
This IP packet is carried in the data/payload field of the Ethernet frame.
The Destination IP address is used to guide the packet to the destination. Each router along its path decapsulates the IP packet from its data-link/Layer 2 frame (e.g. Ethernet), decrements the TTL, recalculates the checksum, determines where the packet should be sent next (i.e. the next hop) by using the router's routing table and re-encapsulates it in the data-link frame appropriate for the next link. The path is not determined at the source nor is the path inside the packet; each router makes the routing decision of where to send the packet to next. Large routers in the internet's backbone are connected to several other routers and so have a choice of where to send an incoming packet. Each router has a routing table that tells it where to send each packet. The routing tables are maintained by the routers passing information to each other using a routing protocol so that the routes in the routing table are the best routes.
ICMP (Internet Control Message Protocol)
carried in Data field of IP packet.
mostly for ping requests/replies and for error reporting from routers.
Type and Code together indicate kind of ICMP message. e.g. 0 0 is Echo Reply, 8 0 Echo Request, 11 0 TTL Expired, 3 x Destination Unreachable
Contents of "Data" field depends on Type-Code. e.g. Windows ping has 32B a-za-f; error messages contain header of IP packet that failed.
If some router along the path encounters a problem with an IP packet you sent
it's supposed to send back an ICMP error packet indicating the problem
which resulted in your packet being dropped. It knows you sent it
because your IP is the source address of the packet that was dropped.
The error packet includes the header of your dropped packet so you (or your system) can know more about
But does IP do anything about the problem: NO. Does IP inform TCP/UDP about the problem: NO.