What is an IP Address?

WE FOUND YOU, 😈

📍 What is an IP Address?

💡An IP address (Internet Protocol address) is a unique number assigned to every device on a network so it can: Identify itself, and communicate with other devices.

Think of it like a phone number — it tells other devices where to reach you.

🧩 IP Address Format

There are two versions of IP addresses:

1️⃣ IPv4

• It has 4 numbers (called octets), each ranging from 0 to 255, separated by dots. xxx.xxx.xxx.xxx

• For example: 192.168.1.1 .

• Total possible addresses: ~4.3 billion.

• Most commonly used.

2️⃣ IPv6

• It has 8 octets, but more accurately, they are made up of 8 groups of 16-bit blocks, so they are often referred to as hextets instead of octets.

• It is a 128-bit format (long hexadecimal), split into 8 blocks (hextets) of 16 bits each. Each block is represented as 4 hexadecimal digits.

• For example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

• Total possible addresses: 340 undecillion.

• Designed to solve IPv4 address exhaustion.

🏠 Private vs Public IP Addresses

There are 2 types of IP Addresses: Private IP and Public IP.

Type	Where it's used	Can be accessed from the Internet?	Example
Private	Inside your home or business LAN	❌ No	192.168.1.1, 10.0.0.5
Public	On the internet (e.g., websites)	✅ Yes	8.8.8.8, 172.217.160.78

Private IP Ranges

Range	Devices Supported
192.168.0.0 – 192.168.255.255	65,536
172.16.0.0 – 172.31.255.255	1,048,576
10.0.0.0 – 10.255.255.255	16,777,216

🧭 How do Devices Talk to Each Other?

🛠️ MAC Address

💡A MAC address is a unique identifier assigned to a network interface card (NIC) — hardware in your device that connects to a network (Ethernet or Wi-Fi).

• It's like the fingerprint of your device on a local network, used to identify and communicate between devices in the same network.

A MAC address is:

• 48 bits long

• Usually written in 6 pairs of hexadecimal digits (8 bits each)

• Example: 44:F2:1B:83:11:7A or 44-F2-1B-83-11-7A

  • 44:F2:1B: It is an OUI (Organizationally Unique Identifier), which identifies the manufacturer

  • 83:11:7A: It is the NIC Specific Part, which is unique to the device/network card

📶 Where MAC Addresses are Used

• Data Link Layer (Layer 2) of the OSI model

• Switches use MAC to forward traffic within LANs

• Wi-Fi routers use MAC filtering for security

• ARP (Address Resolution Protocol) maps IP ↔️ MAC

🔐 MAC Address Filtering

Wi-Fi routers can use MAC filtering to:

• Allow only specific devices to connect

• Block unwanted devices

However, MAC spoofing exists — attackers can fake MAC addresses, so it's not a strong security measure on its own.

✏️ Can You Change a MAC Address?

Yes, it's called MAC spoofing, and can be done via software:

• Useful for privacy/anonymity

• Often used in penetration testing

• Example: ifconfig eth0 hw ether 00:11:22:33:44:55 → It temporarily changes the MAC address of the eth0 interface to 00:11:22:33:44:55. This change is temporary — it will reset after reboot unless automated with scripts or set in system config.

🔍 ARP (Address Resolution Protocol)

When one device wants to talk to another:

1. It sends an ARP Request: “Hey, who has IP 192.168.1.22?”

2. That device replies: “That’s me! My MAC address is 44:F2:1B:83:11:7A.”

3. Now the sender knows exactly where to send the data.

🔒 The device saves this info in the ARP Cache, so it doesn’t have to ask every time.

How does ARP work?

🌐 What if the Other Device Is on the Internet?

1. Your device sends the request to the default gateway (your router).

2. The router:

   • Translates your private IP to its public IP using NAT (Network Address Translation).

   • Sends the request across the internet.

3. The remote device replies to your router’s public IP, and the router sends it back to your private IP.

How devices send request across the internet?

⚙️ How You Get an IP Address: DHCP

When your device joins a network (Wi-Fi or Ethernet), it gets:

• An IP address

• A Subnet Mask

• A Gateway Address (usually your router)

• A DNS Server (we’ll cover this in the next lesson)

This is handled automatically by DHCP (Dynamic Host Configuration Protocol), which is built into most routers.

📡 What is DHCP?

💡DHCP (Dynamic Host Configuration Protocol) is a network protocol that automatically assigns IP configuration settings to devices (clients) when they connect to a network.

• Built into most routers and network servers.

• Eliminates the need to configure IP addresses manually.

🧠 What Does DHCP Provide?

When a device (client) joins a network (e.g., via Wi-Fi or Ethernet), DHCP provides:

1. 🌐 IP Address – Unique identifier for the device on the network.

2. 🧩 Subnet Mask – Defines the network and host portion of the IP address.

3. 🚪 Default Gateway – Typically your router; it's the "exit" point to other networks, including the internet.

4. 🔎 DNS Server – Translates domain names (like google.com) to IP addresses (we'll cover DNS separately).

🔄 How DHCP Works (The 4-Step DORA Process)

DHCP uses a 4-step DORA process to assign an IP address

1. D – Discover: The client broadcasts a DHCPDISCOVER message to find available DHCP servers.

2. O – Offer: A DHCP server responds with a DHCPOFFER message, suggesting an IP address and other settings.

3. R – Request: The client replies with a DHCPREQUEST to accept the offered configuration.

4. A – Acknowledge: The server finalizes the process with a DHCPACK message, confirming the IP assignment.

⇒ 📝 Result: The device is now configured to communicate on the network!

🕓 IP Lease Time

💡DHCP doesn’t assign IPs permanently—it gives them out for a limited time.

• This period is called a lease (e.g., 24 hours).

• Before the lease expires, the client must renew it with the server to keep the address.

• If not renewed, the address returns to the pool and may be reassigned.

🧭 DHCP Server Location

We could find the DHCP server in 2 common locations:

• 🏠 Home networks: The router usually acts as the DHCP server.

• 🏢 Enterprise networks: A dedicated DHCP server (e.g., Windows Server or Linux service) handles IP assignments.

🧰 Static vs. Dynamic IP

🔁 Dynamic IP

• Assigned automatically by DHCP.

• Lease-based: can change over time.

• Efficient for managing many clients.

• Pro: Simplifies network management in large environments.

• Con: IP addresses may change, making it hard to track devices over time.

• Use cases:

  • Personal devices: laptops, smartphones, tablets.

  • Guest or temporary network access.

📌 Static IP

• Set manually and remains fixed. Does not expire or change unless reconfigured.

• Easier to locate on a network.

• No DHCP involvement after setup.

• Pros: Consistent address, which is ideal for devices that must always be reachable at a known IP.

• Con: Requires manual configuration and IP conflict management.

• Use cases:

  • Servers (web, database, DNS).

  • Networked printers, IP cameras.

  • Infrastructure devices (routers, switches).

Type	Description	Use Case
🔁 Dynamic IP	Automatically assigned by DHCP. Can change over time.	Laptops, phones, tablets, etc.
📌 Static IP	Manually set and never changes.	Servers, printers, network gear.

⚖️ When to Use What?

Situation	Best Choice
Personal/home devices	🔁 Dynamic IP
Web or file servers	📌 Static IP
Printers in an office	📌 Static IP
IoT devices with temporary use	🔁 Dynamic IP
Remote access to internal services	📌 Static IP

🛡️ DHCP Security Considerations

🚨 Problem: Rogue DHCP Servers

• Unauthorized devices (e.g., an attacker’s laptop) may run a fake DHCP server.

• This can assign malicious settings (wrong DNS, gateway, etc.).

• Leads to Man-in-the-Middle (MitM) attacks or network disruption.

🔐 Solutions

🔒 1. DHCP Snooping

• A network switch feature that is used to validate DHCP messages.

• Only trusted ports (e.g., the one connected to the real DHCP server) can send DHCP responses.

• It blocks rogue servers from assigning IPs.

🧾 2. Trusted Server Configuration

• Configure network devices to trust only certain DHCP servers.

• Some firewalls and routers allow DHCP server whitelisting.

• Ensures clients ignore unauthorized offers.

🧍‍♂️ 3. Client Hardening

• Manually set static IPs for critical devices.

• Disable DHCP where appropriate (e.g., on servers).

• Combine with a firewall and MAC filtering.

✅ Summary

• IP addresses identify devices on a network.

• IPv4 addresses look like 192.168.0.1.

• IPv6 addresses look like 2001:0db8:85a3:0000:0000:8a2e:0370:7334 .

• Private IPs stay in your local network, and public IPs can be accessed over the internet.

• MAC addresses are used to identify and communicate between devices in the same network.

• Devices use ARP to find each other’s MAC addresses.

• Routers use NAT to translate between private and public IPs.

• DHCP handles the automatic setup of these settings.