Private and Public IP Addresses: What’s the Difference?


IP Address

Internet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place.

In this post I will try to explain the difference between a public and a private IP address in layman’s terms so that it becomes simple and easy to understand.

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. In this case, there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.

A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting web pages or services on the Internet. On the other hand, a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet.

Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.

You can check your public IP address by visiting www.whatismyip.com

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 - 10.255.255.255 (Total Addresses: 16,777,216)
172.16.0.0 - 172.31.255.255 (Total Addresses: 1,048,576)
192.168.0.0 - 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other.

Say for example, if a network X consists of 10 computers, each of them can be given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).

Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation.

If the private network is connected to the Internet (through an Internet connection via ISP), then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP.

You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature.

Common Myth about Private IP Address:

Most people assume that a private IP is the one used for stealth Internet activities and hence cannot be detected. But this is NOT TRUE!.

Unlike what most people think, a private IP address (unlike the private telephone number) is just like any other IP address that belongs to a private network. In reality, there is no public IP address that is impossible to trace as the protocol itself is designed for transparency.

Online Networking tools

Visual Subnet Calculator

Subnet Mask Cheat Sheet


Addresses Hosts Netmask Amount of a Class C
/30 4 2 255.255.255.252 1/64
/29 8 6 255.255.255.248 1/32
/28 16 14 255.255.255.240 1/16
/27 32 30 255.255.255.224 1/8
/26 64 62 255.255.255.192 1/4
/25 128 126 255.255.255.128 1/2
/24 256 254 255.255.255.0 1
/23 512 510 255.255.254.0 2
/22 1024 1022 255.255.252.0 4
/21 2048 2046 255.255.248.0 8
/20 4096 4094 255.255.240.0 16
/19 8192 8190 255.255.224.0 32
/18 16384 16382 255.255.192.0 64
/17 32768 32766 255.255.128.0 128
/16 65536 65534 255.255.0.0 256

 

Guide to sub-class C blocks

/25 — 2 Subnets — 126 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.126 .127
.128 .129-.254 .255

/30 — 64 Subnets — 2 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.2 .3
.4 .5-.6 .7
.8 .9-.10 .11
.12 .13-.14 .15
.16 .17-.18 .19
.20 .21-.22 .23
.24 .25-.26 .27
.28 .29-.30 .31
.32 .33-.34 .35
.36 .37-.38 .39
.40 .41-.42 .43
.44 .45-.46 .47
.48 .49-.50 .51
.52 .53-.54 .55
.56 .57-.58 .59
.60 .61-.62 .63
.64 .65-.66 .67
.68 .69-.70 .71
.72 .73-.74 .75
.76 .77-.78 .79
.80 .81-.82 .83
.84 .85-.86 .87
.88 .89-.90 .91
.92 .93-.94 .95
.96 .97-.98 .99
.100 .101-.102 .103
.104 .105-.106 .107
.108 .109-.110 .111
.112 .113-.114 .115
.116 .117-.118 .119
.120 .121-.122 .123
.124 .125-.126 .127
.128 .129-.130 .131
.132 .133-.134 .135
.136 .137-.138 .139
.140 .141-.142 .143
.144 .145-.146 .147
.148 .149-.150 .151
.152 .153-.154 .155
.156 .157-.158 .159
.160 .161-.162 .163
.164 .165-.166 .167
.168 .169-.170 .171
.172 .173-.174 .175
.176 .177-.178 .179
.180 .181-.182 .183
.184 .185-.186 .187
.188 .189-.190 .191
.192 .193-.194 .195
.196 .197-.198 .199
.200 .201-.202 .203
.204 .205-.206 .207
.208 .209-.210 .211
.212 .213-.214 .215
.216 .217-.218 .219
.220 .221-.222 .223
.224 .225-.226 .227
.228 .229-.230 .231
.232 .233-.234 .235
.236 .237-.238 .239
.240 .241-.242 .243
.244 .245-.246 .247
.248 .249-.250 .251
.252 .253-.254 .255

/26 — 4 Subnets — 62 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.62 .63
.64 .65-.126 .127
.128 .129-.190 .191
.192 .193-.254 .255

/27 — 8 Subnets — 30 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.30 .31
.32 .33-.62 .63
.64 .65-.94 .95
.96 .97-.126 .127
.128 .129-.158 .159
.160 .161-.190 .191
.192 .193-.222 .223
.224 .225-.254 .255

/28 — 16 Subnets — 14 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.14 .15
.16 .17-.30 .31
.32 .33-.46 .47
.48 .49-.62 .63
.64 .65-.78 .79
.80 .81-.94 .95
.96 .97-.110 .111
.112 .113-.126 .127
.128 .129-.142 .143
.144 .145-.158 .159
.160 .161-.174 .175
.176 .177-.190 .191
.192 .193-.206 .207
.208 .209-.222 .223
.224 .225-.238 .239
.240 .241-.254 .255

/29 — 32 Subnets — 6 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.6 .7
.8 .9-.14 .15
.16 .17-.22 .23
.24 .25-.30 .31
.32 .33-.38 .39
.40 .41-.46 .47
.48 .49-.54 .55
.56 .57-.62 .63
.64 .65-.70 .71
.72 .73-.78 .79
.80 .81-.86 .87
.88 .89-.94 .95
.96 .97-.102 .103
.104 .105-.110 .111
.112 .113-.118 .119
.120 .121-.126 .127
.128 .129-.134 .135
.136 .137-.142 .143
.144 .145-.150 .151
.152 .153-.158 .159
.160 .161-.166 .167
.168 .169-.174 .175
.176 .177-.182 .183
.184 .185-.190 .191
.192 .193-.198 .199
.200 .201-.206 .207
.208 .209-.214 .215
.216 .217-.222 .223
.224 .225-.230 .231
.232 .233-.238 .239
.240 .241-.246 .247
.248 .249-.254 .255

What switches can be used with PING?


PING does have a number of option parameters to accomplish different objectives.

ping \[-t\] \[-a\] \[-n count\] \[-l size\] \[-f\] \[-i TTL\] \[-v TOS\] \[-r count\] \[-s count\] \[-k host-list \[-w timeout\] destination-list

-t Ping the specifed host until interrupted.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don’t Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.

In Windows 2000 you can press Ctrl-Break when running the -t option for a list of statisitics. Press Ctrl-C to actually stop the ping.

1) Increase or Decrease the Time Interval Between Packets:

ping -i 5 127.12.3.6

Wait for 5 seconds before sending the next packet.

ping -i 0.1 127.12.3.6

Wait 0.1 seconds before sending the next packet.

2) Check whether the local network interface is up and running:

Ping localhost using zero (0)

ping 0
PING 0 (127.0.0.1) 56(84) bytes of data.

ping localhost <or> ping 127.0.0.1

3) Send N packets and stop:

In the following example, ping command sends 5 packets, and waits for response from the destination host. Ping will exit after receiving the response or error.

$ ping -c 5 google.com
PING google.com (74.125.45.100) 56(84) bytes of data.
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=1 ttl=44 time=731 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=2 ttl=44 time=777 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=3 ttl=44 time=838 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=4 ttl=44 time=976 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=5 ttl=44 time=1071 ms

--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4216ms

4) Show Version and Exit:
ping -V

5) Flood the network:

Super users can send hundred or more packets per second using -f option. It prints a ‘.’ when a packet is sent, and a backspace is printed when a packet is received.

As shown below, ping -f has sent more than 400,000 packets in few seconds.

# ping -f localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
.^C
--- localhost ping statistics ---

6) Audible ping: Give beep when the peer is reachable:
ping -a IP

7) Find out the IP address:
ping -c 1 google.com
PING google.com (74.125.67.100) 56(84) bytes of data.
64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=1 ttl=43 time=287 ms

--- google.com ping statistics ---

8) Print Only Ping Command Summary Statistics:

ping -c 5 -q 127.0.0.1 
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.

--- 127.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3998ms
9) Change Ping Packet Size:
ping -s 100 localhost
PING localhost (127.0.0.1) 100(128) bytes of data.
108 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.022 ms
108 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.021 ms
108 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.020 ms
^C
--- localhost ping statistics ---

10) Timeout:

Ping -w option specifies the deadline to terminate the ping output. This specifies the total number of seconds the ping command should send packets to the remote host.

The following example will ping for 5 seconds. i.e ping command will exit after 5 seconds irrespective of how many packets are sent or received.

$ ping -w 5 localhost

Note: When you specify both -w, and -c, whichever comes first will terminate the ping command.

11) Shorter statistics with SIGQUIT:

While ping is printing the individual packet status, when you want to view the shorter statistics you can use this technique.

Pressing CTRL+| (Control key followed by pipe symbol) for the shows the summary in between, and continues with it packet sending and receiving process.

$ ping -w 100 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=10 ttl=64 time=0.021 ms
64 bytes from localhost (127.0.0.1): icmp_seq=11 ttl=64 time=0.022 ms
11/11 packets, 0% loss, min/avg/ewma/max = 0.020/0.022/0.022/0.024 ms
64 bytes from localhost (127.0.0.1): icmp_seq=12 ttl=64 time=0.021 ms
64 bytes from localhost (127.0.0.1): icmp_seq=13 ttl=64 time=0.022 ms
64 bytes from localhost (127.0.0.1): icmp_seq=14 ttl=64 time=0.021 ms
64 bytes from localhost (127.0.0.1): icmp_seq=15 ttl=64 time=0.021 ms
19/19 packets, 0% loss, min/avg/ewma/max = 0.020/0.022/0.022/0.024 ms
64 bytes from localhost (127.0.0.1): icmp_seq=31 ttl=64 time=0.022 ms
64 bytes from localhost (127.0.0.1): icmp_seq=32 ttl=64 time=0.022 ms
32/32 packets, 0% loss, min/avg/ewma/max = 0.020/0.022/0.022/0.027 ms
64 bytes from localhost (127.0.0.1): icmp_seq=33 ttl=64 time=0.023 ms

12) ecord and print route of how ECHO_REQUEST sent and ECHO_REPLY received:

It records, and prints the network route through which the packet is sent and received. This is useful for network engineers who wish to know how the packet is sent and received.

$ ping -R 192.168.1.63
PING 192.168.1.63 (192.168.1.63) 56(84) bytes of data.
64 bytes from 192.168.1.63: icmp_seq=1 ttl=61 time=2.05 ms
RR:   192.168.9.118
        192.168.3.25
        192.168.10.35
        192.168.1.26
        192.168.1.63
        192.168.1.63
        192.168.10.4
        192.168.3.10
        192.168.4.25
64 bytes from 192.168.1.63: icmp_seq=2 ttl=61 time=2.00 ms      (same route)

What is ARP/RARP?


What is ARP/RARP?

ARP: Stands for Address Resolution Protocol…whenever a request is sent by a node on one network to the node on another network the Physical address(MAC) is required and for this the IP address need to be flow over the network..whenver a router with that network (IP) gets the msg. the required MAC address is sent through the network this process of converting the IP address to MAC address is Called ARP..and the reverse thats the convertion of the Mac address to the IP address is called RARP ( Reverse Address Resolution Protocol)

Cisco IOS NAT on a Stick Configuration Example


NAT (Network Address Translation) is most commonly used to let users on our  LAN access the Internet using a single public IP address but it can be used for  some more interesting scenarios. Recently I encountered an interesting CCIE  R&S task that had the following requirement:

"Make sure that whenever R2 responds to a traceroute it replies with the IP address on the loopback 0 interface"

This sounds easy enough but there’s no such thing as a “traceroute source loopback 0″ command or anything alike. To make this work we have to configure the NAT on a stick feature. In this tutorial I’ll show you this is done. First of all, this is the topology that we will use:

Two Routers R2 Loopback Interface

There are only two routers that are directly connected to each other. R2 has  a loopback 0 interface with IP address 2.2.2.0 /24. Let’s configure these IP  addresses first:

R1(config)#interface fa0/0
R1(config-if)#no shutdown
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface fa0/0
R2(config-if)#no shutdown
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#interface loopback0
R2(config-if)#ip address 2.2.2.2 255.255.255.0

Before we dive into the NAT configuration let’s do a trace and look at the  output:

R1#traceroute 192.168.12.2

Type escape sequence to abort.
Tracing the route to 192.168.12.2

  1 192.168.12.2 0 msec 4 msec *

As expected R2 responds with the IP address on its FastEthernet interface.  The task requires this output to show the 2.2.2.2 address from the loopback  interface. To achieve this we’ll configure NAT on R2:

R2(config)#access-list 100 permit icmp any any time-exceeded
R2(config)#access-list 100 permit icmp any any port-unreachable

R2(config)#ip nat inside source list 100 interface loopback0 overload

R2(config)#interface fastethernet 0/0
R2(config-if)#ip nat inside

R2(config)#interface loopback 0
R2(config-if)#ip nat outside

The configuration above defines the FastEthernet interface as NAT inside and  the loopback interface as NAT outside. An access-list is used to permit the ICMP  time-exceeded and port-unreachable packets that are used as a response to a  traceroute. The NAT configuration itself is complete but we still have a problem  with this setup, take a look at the following picture:

Cisco Traceroute ReplyIf you look closely at the image above you can see  that whenever R1 does a trace, R2 will reply with its FastEthernet 0/0  interface. In order for NAT to work traffic has to flow from the inside  interface to the outside interface. To fix this we can configure policy  based routing on R2 to forward traffic to the loopback 0 interface:

R2(config)#route-map FORWARD_TO_L0
R2(config-route-map)#match ip address 100
R2(config-route-map)#set interface loopback0
R2(config)#ip local policy route-map FORWARD_TO_L0

This route-map matches on the interface that we created before and forwards  the traffic towards the loopback 0 interface. We also require the ip  local policy command to apply the route-map to self-generated  traffic. Let’s enable a debug on R2 and try that traceroute again from  R1:

R2#debug ip policy 
Policy routing debugging is on

R2#debug ip nat
IP NAT debugging is on

Time to trace!

R1#traceroute 192.168.12.2

Type escape sequence to abort.
Tracing the route to 192.168.12.2

  1 2.2.2.2 0 msec 4 msec *

Excellent, we now see IP address 2.2.2.2 from R2 in our traceroute. Let’s  take a look at the debug on R2:

R2#
IP: s=192.168.12.2 (local), d=192.168.12.1, len 56, policy match
IP: route map FORWARD_TO_L0, item 10, permit
IP: s=192.168.12.2 (local), d=192.168.12.1 (Loopback0), len 56, policy routed
IP: local to Loopback0 192.168.12.1
NAT: s=192.168.12.2->2.2.2.2, d=192.168.12.1 [17]

The first line is the ICMP packet from R2 towards R1 that it wants to send as  a reply to the traceroute. It matches the route-map so it is being policy based  routed towards the loopback 0 interface. Since the loopback 0 interface is  configured for NAT outside, IP address 192.168.12.2 is translated to 2.2.2.2 and  then routed towards R1. Basically it looks like this:

Cisco NAT on a Stick Example

Great! it’s working as it should…what if we make this scenario a little bit  more interesting by changing the task as following:

"Make sure that whenever R2 responds to a traceroute it replies with the IP address on the loopback 0 interface, you are not allowed to configure NAT on the FastEthernet interface but you may configure an additional interface and IP address."

No problem! We can still make this work but we’ll have to use another  interface that is configured with the “IP NAT inside” command. Traffic still has  to flow from a NAT inside interface to a NAT outside interface in order to be  translated. To accomplish this we will create a new loopback interface that has  the “IP NAT inside” command. We will send traffic from the FastEthernet  interface to the new loopback and then forward it to the first loopback  interface. I know this sounds funky so let me help you visualize it:

Cisco NAT on a Stick Two Loopback Interfaces

Just follow the arrows starting at R1.  This is what we have to  configure:

  1. Configure policy based routing so that the ICMP replies are forwarded from  the FastEthernet interface to the new loopback 1 (NAT inside) interface.
  2. Configure policy based routing so that the ICMP replies are forwarded from  the loopback 1 interface to the loopback 0 (NAT outside) interface.

First we’ll remove the NAT configuration from the FastEthernet interface and  I’ll also get rid of the policy based routing configuration:

R2(config)#interface fa0/0
R2(config-if)#no ip nat inside
R2(config)#no ip local policy route-map FORWARD_TO_L0

Let’s create a new loopback interface. I just made up an IP address, it  really doesn’t matter what we configure here as long as there’s something. Don’t  forget to add IP NAT inside:

R2(config)#interface loopback 1
R2(config-if)#ip address 22.22.22.22 255.255.255.0
R2(config-if)#ip nat inside

We will create a new route-map that forwards ICMP traffic to the loopback 1  interface:

R2(config)#ip local policy route-map FORWARD_TO_L1
R2(config)#route-map FORWARD_TO_L1
R2(config-route-map)#match ip address 100
R2(config-route-map)#set interface loopback 1

The route-map that we created before can now be applied to the loopback 1  interface. This ensures that traffic is forwarded to the loopback 0  interface:

R2(config)#interface loopback1
R2(config-if)#ip policy route-map FORWARD_TO_L0

That should do it. Let’s try our trace again:

R1#traceroute 192.168.12.2

Type escape sequence to abort.
Tracing the route to 192.168.12.2

  1 2.2.2.2 4 msec 4 msec *

Excellent, it’s working! What does the debug look like now?

R2#
IP: s=192.168.12.2 (local), d=192.168.12.1, len 56, policy match
IP: route map FORWARD_TO_L1, item 10, permit
IP: s=192.168.12.2 (local), d=192.168.12.1 (Loopback1), len 56, policy routed
IP: local to Loopback1 192.168.12.1
IP: s=192.168.12.2 (Loopback1), d=192.168.12.1, len 56, policy match
IP: route map FORWARD_TO_L0, item 10, permit
IP: s=192.168.12.2 (Loopback1), d=192.168.12.1 (Loopback0), len 56, policy routed
IP: Loopback1 to Loopback0 192.168.12.1
NAT: s=192.168.12.2->2.2.2.2, d=192.168.12.1 [21]

Look closely at the debug and you can see that the ICMP traffic is forwarded  to the loopback 1 interface, then to the loopback 0 interface and because it  flowed from a NAT inside to a NAT outside interface it can now be  translated.

That’s all I have for you now, hopefully you enjoyed this tutorial! If you  have any questions feel free to leave a comment.

Read more: http://networklessons.com/network-services/cisco-ios-nat-stick-configuration-example/#ixzz2pnVLWiOm

%d bloggers like this: