Here are the first few decimal numbers converted into binary as an example.
Decimal Binary
00
11
210
311
4100
5101
6110
7111
81000
91001
101010
111011
121100
131101
141110
151111
When you have a 32−bit number, such as an IP address, you have a string of 32 ones and zeros. Rather than expressing that 32−bit number as a single number, however, IP addresses are broken up into four 8−bit numbers. (We'll see why in the next section.)
Note Many calculators have binary−to−decimal conversions. If you don't have such a calculator, the FreeBSD port math/calctool gives you one. Even the Windows calculator app does this when you use scientific mode. Take some IP addresses, punch in each of the four numbers, and convert them to binary to see how they look.
Ethernet
Many devices can share an Ethernet network, and the data your system receives is not necessarily meant for your system. Systems connected with Ethernet can speak directly with each other, which gives Ethernet one great advantage over other protocols, such as PPP. However, Ethernet has physical distance limitations that make it practical only for offices, colocation facilities, and other comparatively short−range networks.
Many different physical networks have been used to run Ethernet over the years. Once upon a time, most Ethernet cables were thick chunks of coaxial cable (coax); today most are comparatively thin Category 5 (cat5) cables with eight strands of very thin wire inside them. You may also encounter Ethernet over optical fiber or, if you're unlucky, Ethernet over "dark fiber." (Dark fiber is optical fiber without the light. It seemed like a good idea at the time.)
For the purposes of our discussion, we'll assume that you're working with cat5 cable, which is the most popular choice today. Either way, the theory is the same for all Ethernet physical layers.
102
Broadcasting
Ethernet is a broadcast medium,[2] which means it expects that each packet you send on the network is sent to every workstation on the network. (Today this isn't necessarily true, as we'll discuss later.) Your device driver sorts out the data intended for you from the data you don't care about.
One side effect of Ethernet's broadcast nature is that you can "sniff" other people's connections, capturing everything they send and receive. While this ability can be very useful in diagnosing problems, it's also a major security issue: Capturing passwords is trivial on an old−fashioned Ethernet.
While Ethernet started out supporting only a couple of megabits per second, it has grown beyond its original design to handle gigabit speeds. Most people use 10/100 megabit per second (Mbps) speeds, as gigabit Ethernet cards are still somewhat expensive. A sub−$100 gigabit Ethernet card came out as this was written.
Address Resolution
Every Ethernet network card has a unique identifier, its MAC address, which it uses to communicate with other hosts. A MAC address is a 48−bit number. When your system wants to transmit data to another host on the Ethernet, it sends out an Ethernet request that basically says, "Which MAC address is responsible for this IP address?" If a host responds, further data is marked for that MAC address. This process is known as the Address Resolution Protocol, or ARP.
You can view the current MAC and ARP situation with the arp command. The most common form is the arp −a command, which shows the MAC addresses and hostnames of all hosts on your network:
...............................................................................................
# arp −a
? (192.168.1.1) at 0:a0:cc:35:5b:7 [ethernet]
magpire.blackhelicopters.org (192.168.1.222) at 0:4:5a:41:a4:44 [ethernet]
#
...............................................................................................
Here we see that the host magpire.blackhelicopters.org has an IP address of 192.168.1.222, and a MAC address of 0:4:5a:41:a4:44. The MAC address is the Ethernet address. If a MAC address is "incomplete," the host cannot be contacted. In such a case, check your physical layer (the wire) and your system configuration.
Hubs and Switches
An Ethernet hub is a central piece of hardware with physical connections to many other Ethernet devices that simply forward Ethernet−layer information to every device hooked to them. Hubs broadcast all Ethernet traffic that they receive to every attached host.
A switch is a more modern way of connecting Ethernets. A switch improves the speed of Ethernet by tracking the MAC addresses of each attached device and, for the most part, only forwarding packets to the device they are meant for. Since each Ethernet host has a finite amount of bandwidth (for example, a 100 Mbps card can handle 100 megabits per second), switching reduces the load
103
on individual systems by limiting the amount of data transferred to each device. However, switches do cost more than hubs.
Netmasks
If your company is hooking up to the Internet, your ISP will issue you a block of IP addresses. You use these addresses for your local Ethernet. Frequently, this is a small block, say, 16 or 32 IP addresses. If your system is colocated on a server farm, you might only get a few IP addresses. It all depends on your needs. The size of your IP block determines your netmask.
If you've done networking for any length of time, you've probably seen the netmask 255.255.255.0. You might even know that the wrong netmask will keep your system from working. In today's world, that simple netmask is becoming less and less common. To understand why, we need to look at what a netmask really is and how blocks of IP addresses are issued.
Many years ago, IP addresses were issued in blocks of three sizes: class A, class B, and class C. This terminology has been obsolete for quite some time, but we'll use it as a starting point.
Class A was very simple: The first of the four numbers in your IP address was fixed. The InterNIC might issue you a class A like 10.0.0.0. You could assign any of the last three numbers in any manner you liked. For example, you could assign 10.1.0.0 through 10.1.1.255 to your datacenter, 10.1.2.0 through 10.1.7.255 to your Boston office, and so on. Only very large companies, such as Ford and Xerox, received class A blocks, as well as influential academic computing institutions.
In a class B block, the first two of the four numbers in the IP address were fixed. Your class B block would look something like 64.29.0.0. Every IP address you used internally began with 64.29, but you could assign the last two numbers as you wanted. Many mid−sized companies got class B blocks.
Similarly, a class C block had the first three numbers fixed. This was the standard for small companies. The ISP would issue a number like 209.69.9, and let you assign the last number as needed.
This scheme wasted a lot of IP numbers. Many small companies don't need 256 IP addresses. Many medium−sized companies need more than 256, but fewer than the 65,000 in a class B block. And almost nobody needs the full 16 million addresses in a class A block. Still, those were the choices. Before the Internet boom, they were good enough.
Today, IP addresses are issued by prefix length, commonly called a slash. You will see IP blocks such as 192.168.1.128/25. While this looks confusing, it's merely a way of using classes with much greater granularity. You know that each number in an IP address is 8 bits long. By using a class, what you're saying is that a certain number of bits are "fixed"–you can't change them on your network. A class A address has 8 fixed bits, a class B has 16, and a class C has 24.
This isn't a class in binary math, so I won't make you draw it out and do the conversion. But think about an IP address as a string of binary numbers. On your network you can change the bits on the far right, but not the ones on the far left.
There's no reason that the boundary between the two must be on one of those convenient 8−bit lines. A prefix length is simply the number of fixed bits you are stuck with. A /25 means that you have 25 fixed bits, or one more fixed bit than a class C. You can play with 7 bits. In the following sample, your fixed bits are all ones, and the ones you can change are zeros:
104
...............................................................................................
11111111.11111111.11111111.10000000
...............................................................................................
It's childishly simple. If you think in binary, that is. You won't have to work with this every day, but if you don't understand the underlying binary concepts, the decimal conversion looks like absolute gibberish. With practice, you'll learn to recognize some bits of decimal gibberish as legitimate binary conversions.
What does this mean in practice?
First of all, blocks of IP addresses are issued in multiples of 2. If you have 4 bits to play with, you have 16 IP addresses (2*2*2*2=16). If you have 8 bits to play with, you have (2^8) 256 IP numbers. If someone says you have 13 IP addresses, you're either on a shared Ethernet or she's wrong.
A netmask is simply another way of specifying how many fixed bits are set. In the computing world, an 8−bit number runs from 0 to 255. If you have a /24, your netmask is 255.255.255.0. If you have a /25, you have all 8 bits set in the first three numbers and 1 bit set in the last number. In the previous example, the last number is 10000000 in binary. A bit of work with a binary−converting calculator[3] gives you 255.255.255.128.
It's not uncommon to see a host IP with its attached netmask, i.e.,192.168.3.4/26. When you see a /32, it does not represent a network, but a single host. You'll see /32 used when someone wants to make it absolutely clear that he's talking about a single host and not a network.
Netmask Tricks
You probably don't want to have to keep converting from decimal to binary and back. Here's a trick to calculate your netmask.
Learn how many actual IP addresses you have to play with. This will be a multiple of 2. You'll almost certainly be issued an amount smaller than a /24 (the traditional class C). Subtract the number of IP addresses you have from 256. This is the last number of your netmask.
For example, if you have 64 IP addresses, the last part of your netmask is (256 – 64 =) 192. Your netmask would be 255.255.255.192.
You still need to use a bit of logic to avoid binary conversions. Figuring out legitimate addresses on your network is a bit of a pain. If your IP address is 192.168.54.187/25, you'll need to know that a /25 is 25 fixed bits, so you're using a block of 128 IP addresses. Look at the last number of your IP, 187. It certainly isn't between 0 and 127, but it is in the range of 128 to 255. The other hosts on your IP block have IP addresses ranging from 192.168.54.128 to 192.168.54.255.
Hexadecimal Netmasks
Got all that? Good. Unfortunately, UNIX's standard method of showing netmasks is in hexadecimal (base 16), not decimal or binary. Some day soon you'll see a netmask of 0xffffff00.
A hexadecimal number is 4 bits long, so each 8−bit portion of a netmask can be expressed as two hexadecimal numbers. (IP addresses could also be expressed this way, but they're not.)
105