Scanning For Mac Address

admin 12/13/2021

Ok please rate and subscribe this video is really helpful on how to fix 0% Scanning MAC Address. Here is the link Cain and Abel http://www.oxid.it/cain.html. InSSIDer is the most popular free and open source Wi-Fi scanning tool available today.

How would you communicate with a device when you don’t have the IP?

You might be in a situation where you don’t have the IP address of a device in a local network, but all you have is records of the MAC or hardware address.

Or your computer is unable to display its IP due to various reasons, and you are getting a “No Valid IP Address” error.

Finding the IP from a known MAC address should be the task of a ReverseARP application, the counterpart of ARP.

But RARP is an obsolete protocol with many disadvantages, so it was quickly replaced by other protocols like BOOTP and DHCP, which deal directly with IP addresses.

In this article, we’ll show you how to find IPs and device vendors using MAC addresses with different methods for free.

Understanding ARP

ARP (Address Resolution Protocol) is the protocol in charge of finding MAC addresses with IPs in local network segments.

It operates with frames on the data link layer.

As you might already know, devices in the data link layer depend on MAC addresses for their communication.

Their frames encapsulate packets that contain IP address information.

A device must know the destination MAC address to communicate locally through media types like Ethernet or Wifi, in layer 2 of the OSI model.

Understanding how ARP works can help you find IPs and MAC addresses quickly.

The following message flow diagram can help you understand the concept:

  1. The local computer sends a ping (ICMP echo request) to a destination IP address (remote computer) within the same segment. Unfortunately, the local computer does not know the MAC address… it only knows the IP address.
  2. The destination hardware address is unknown, so the ICMP echo request is put on hold. The local computer only knows its source/destination IP and its source MAC addresses. ARP uses two types of messages, ARP Request and Reply.

The local computer sends an ARP REQUEST message to find the owner of the IP address in question.

This message is sent to all devices within the same segment or LAN through a broadcast MAC (FF:FF:FF:FF:FF:FF) as the destination.

  1. Because the remote computer is part of the same network segment, it receives the broadcast message sent by the local computer. All other computers in the LAN also receive the broadcast but they know that the destination IP is not theirs, so they discard the packet. Only the remote computer with destination IP, responds to the ARP REQUEST with an ARP REPLY, which contains the target MAC address.
  2. The local computer receives the ARP REPLY with the MAC address. It then resumes the ICMP echo request, and finally, the remote computer responds with an ICMP echo reply.

Finding IPs with ARP

You can use ARP to obtain an IP from a known MAC address.

But first, it is important to update your local ARP table in order to get information from all devices in the network.

Send a ping (ICMP echo reply) to the entire LAN, to get all the MAC entries on the table.

To ping the entire LAN, you can send a broadcast to your network.

Open the Command Prompt in Windows or terminal in macOS and type.

ping 192.168.0.255

My subnet is 192.168.0.0/24 (mask of 255.255.255.0), so the broadcast address is 192.168.0.255 which can be calculated or found with a “Print Route” command in Windows or a “netstat -nr” in macOS. Or can also be obtained with a subnet calculator.

For Windows:

Step 1.

  • Open the CMD (Command Prompt)
  • Go to the “Start” menu and select “Run” or press (Windows key + R) to open the Run application
  • In the “Open” textbox type “cmd” and press “Ok”.

This will open the command-line interface in Windows.

Step 2.

  • Enter the “arp” command.
  • The arp command without any additional arguments will give you a list of options that you can use.

Step 3.

  • Use the arp with additional arguments to find the IP within the same network segment.
  • With the command “arp -a” you can see the ARP table and its entries recently populated by your computer with the broadcast ping.

Step 4.

  • Reading the output.
  • The information displayed in the arp-a is basically the ARP table on your computer.
  • It shows a list with IP addresses, their corresponding physical address (or MAC), and the type of allocation (dynamic or static).

Let’s say you have the MAC address 60-30-d4-76-b8-c8 (which is a macOS device) and you want to know the IP.

From the results shown above, you can map the MAC address to the IP address in the same line.

The IP Address is 192.168.0.102 (which is in the same network segment) belongs to 60-30-d4-76-b8-c8.

You can forget about those 224.0.0.x and 239.0.0.x addresses, as they are multicast IPs.

For macOS:

Step 1:

Scanning For Mac Address
  • Open the Terminal App. go to Applications > Utilities > Terminal or Launchpad > Other > Terminal.

Step 2:

  • Enter the “arp” command with an “-a” flag.
  • Once you enter the command “arp -a” you’ll receive a list with all ARP entries to the ARP Table in your computer.
  • The output will show a line with the IP address followed by the MAC address, the interface, and the allocation type (dynamic/static).

Finding IPs with the DHCP Server

The Dynamic Host Configuration Protocol (DHCP) is the network protocol used by TCP/IP to dynamically allocate IP addresses and other characteristics to devices in a network.

The DHCP works with a client/server mode.

The DHCP server is the device in charge of assigning IP addresses in a network, and the client is usually your computer.

For home networks or LANs, the DHCP Server is typically a router or gateway.

If you have access to the DHCP Server, you can view all relationships with IPs, MACs, interfaces, name of the device, and lease time in your LAN.

Step 1.

  • Log into the DHCP Server. In this example, the DHCP server is the home gateway.
  • If you don’t know the IP address of your DHCP Server/ Gateway, you can run an ipconfig (in Windows) or ifconfig (in macOS/Linux).
  • This particular DHCP Server/Gateway has a web interface.

Step 2.

  • Enter the IP address on the search bar of the web browser, and input the right credentials.

Step 3.

  • Find the DHCP Clients List.
  • In this TP-Link router, the DHCP Server functionality comes as an additional feature.
  • Go to DHCP > DHCP Clients List. From this list, you can see the mapping between MAC addresses and their assigned IPs.

Using Sniffers

If you couldn’t find the IP in the ARP list or unfortunately don’t have access to the DHCP Server, as a last resort, you can use a sniffer.

Packet sniffers or network analyzers like Nmap (or Zenmap which is the GUI version) are designed for network security.

They can help identify attacks and vulnerabilities in the network.

With Nmap, you can actively scan your entire network and find IPs, ports, protocols, MACs, etc.

If you are trying to find the IP from a known MAC with a sniffer like Nmap, look for the MAC address within the scan results.

How to find the Device and IP with a Sniffer?

Step 1.

  • Keep records of your network IP address information.
  • In this case, my network IP is 192.168.0.0/24. If you don’t know it, a quick “ipconfig” in Windows cmd or an “ifconfig” in macOS or Linux terminal can show you the local IP and mask.
  • If you can’t subnet, go online to a subnet calculator and find your network IP.

Step 2.

  • Download and open Nmap.
  • Download Nmap from this official link https://nmap.org/download.html and follow its straightforward installation process.

Step 3.

  • Open Nmap (or Zenmap) and use the command “sudo nmap -sn (network IP)” to scan the entire network (without port scan).
  • The command will list machines that respond to the Ping and will include their MAC address along with the vendor.
  • Don’t forget the “sudo” command.
  • Without it, you will not see MAC addresses.

Finding out the device vendor from a MAC address

Ok, so now you were able to find out the IP address using “arp -a” command or through the DHCP Server.

But what if you want to know more details about that particular device?

What vendor is it?

Your network segment or LAN might be full of different devices, from computers, firewalls, routers, mobiles, printers, TVs, etc.

And MAC addresses contain key information for knowing more details about each network device.

First, it is essential to understand the format of the MAC address.

Traditional MAC addresses are 48 bits represented in 12-digit hexadecimal numbers (or six octets).

The first half of the six octets represent the Organizational Unique Identifier (OUI) and the other half is the Network Interface Controller (NIC) which is unique for every device in the world.

There is not much we can do about the NIC, other than communicating with it.

But the OUI can give us useful information about the vendor if you didn’t use Nmap, which can also give you the hardware vendor.

A free online OUI lookup tool like Wireshark OUI Lookup can help you with this.

Just enter the MAC address on the OUI search, and the tool will look at the first three octets and correlate with its manufacturing database.

Final Words

Although the RARP (the counterpart of ARP) was specifically designed to find IPs from MAC addresses, it was quickly discontinued because it had many drawbacks.

RARP was quickly replaced by DHCP and BOOTP.

But ARP is still one of the core functions of the IP layer in the TCP/IP protocol stack.

It finds MAC addresses from known IPs, which is most common in today’s communications.

ARP works under the hood to keep a frequently used list of MACs and IPs.

But you can also use it to see the current mappings with the command arp -a.

Aside from ARP, you can also use DHCP to view IP information. DHCP Servers are usually in charge of IP assignments.

If you have access to the DHCP server, go into the DHCP Client list and identify the IP with the MAC address.

Finally, you can use a network sniffer like Nmap, scan your entire network, and find IPs, and MACs.

If you only want to know the vendor, an online OUI lookup like Wireshark can help you find it quickly.

Amid predictions that 75.44 billion devices will have internet connectivity by 2025, IP address management has become a fundamental housekeeping and security concern for any networking admin. As the Internet of Things (IoT) continues to endow more and more devices with smart capabilities, networking grows more complex, making IP-centered network security measures a business imperative. With more devices comes more risk of networking complications and potential breaches—especially given the BYOD (Bring Your Own Device) trend, which allows employees to connect to company Wi-Fi via their personal mobile phones and laptops.

To maintain good network health and prevent unauthorized users from spying or wasting valuable bandwidth, admins are expected to not only know how to scan their network for devices but also understand the importance behind IP address management.

With the number of networked devices skyrocketing, network administrators must know how to scan their network for devices, track IP addresses, and perform IP address management. This guide describes how IP address scanners help empower IT departments to better track the many devices within a network, identify when IP addresses have been mislabeled or misallocated, and detect possible breaches, in addition to diving deeper into the why and how of IP address management from answering basic to advanced IP address strategies.

  • Positioning Your Organization for Success

How to Find All IP Addresses on a Network

Knowing how to scan the network for devices is the first step, and one of the most fundamental, in managing IP addresses. When organizational members experience problems connecting their device to the network or the internet, having a full list of IP addresses on the network can guide administrators as they troubleshoot and restore order.

The most basic way to find all the IP addresses on a network is with a manual network scan. This method is best for those looking to perform a rapid, one-time device check or for those heading smaller organizations with a more manageable device list. To rapidly scan a network yourself using native operating system (OS) capabilities, follow these steps.

  1. Open the command prompt.
  2. Enter the command “ipconfig” for Mac or “ifconfig” on Linux. Your computer will then display its own IP address, subnet mask, gateway address, and more, making it possible for you to determine the network number you’ll be scanning. For example, in a Class C IPv4 network—which most small local networks are wont to be—you may find your computer’s IP address is, let’s say, 192.168.1.75. If the subnet mask is 255.255.255.0, then you know the first 3 bytes are the network ID (192.168.1) and your broadcast IP address is 192.168.1.255.
  3. Next, input the command “arp -a”. ARP stands for “Address Resolution Protocol,” and the “-a” appendage of the command prompts the device to list all the IP addresses found within the ARP cache for the associated network. In other words, the “arp -a” command displays all active IP addresses connected to the local network. This list is incredibly informative, containing the IP addresses, MAC addresses, and allocation type (whether static or dynamic) for all live hosts.
  4. Optional: Input the command “ping -t”. The “ping -t” command allows you to perform an extended ping on the list produced by the previous command, testing connectivity and latency within the network. This will enable you to further narrow down what devices could be experiencing or causing problems.

However, there are a few ways to scan local networks for IP addresses. Typically, the best way to find the IP addresses of all devices on a network is to invest in software. This is especially true for large organizations using dynamic IP addresses, in which case the large volume of networked devices and staggered address changes can quickly become overwhelming to track and organize. Using an IP address scanner, admins can see which addresses are active, which are free for reallocation, which might belong to unauthorized users, and which have perhaps been duplicated and caused collisions.

Best IP Scanners

While it’s possible to scan a network for active IP addresses using native commands, manually tracking the addresses of all networked devices can quickly become an outsized task for any one staff member. This is particularly true when you look at the data this method makes available to you. Yes, ipconfig displays the IP address of each active network device and its corresponding MAC address, but most IT members don’t happen to know the MAC address of every single computer within the network—that expectation would be unreasonable, if not impossible in larger networks. Suffice it to say, this information doesn’t exactly guide you to the root source of a problem or provide much network mapping. It merely enables you to identify IP addresses and spot possible duplicates or mismatches.

For this reason, downloading software with a fuller suite of IP address management (IPAM) services is highly recommended. To help you fill out your IPAM toolset, I’ve rounded up the seven best network scanner and address management clients. While some are free, these are generally more supplementary tools. Cobbled together, a collection of standalone software can certainly yield powerful results.

In terms of expedient and comprehensive data consolidation, however, the best results tend to come from premium software. A completely integrated management tool—like the SolarWinds® IP Address Manager, the most robust IPAM software and my personal favorite—might have a higher price tag but ultimately pays for itself by automating rote tasks and performing insightful analysis, decreasing system downtime while increasing productivity and profit.

With that said, I’ll review free tools first before delving into full-service clients.

1. IP Address Tracker (Free)

By far the most powerful tool on the list of free clients, SolarWinds IP Address Tracker is a standalone solution, available for free download, that works on its own but is further enhanced by the SolarWinds IPAM suite when integrated. This makes it an excellent first step if you’re considering a premium option but looking for a fully functional address tracker in the meantime.

For a free tool, SolarWinds IP Address Tracker is extraordinary: not only does it allow users to manage up to 254 IP addresses, but it automatically pushes alerts when IP address conflicts occur. What’s more, it creates a repository of all IP addresses on a network, tracks subnets, and shows which addresses are available.

Finally, its graphical user interface displays information in an intuitive and digestible format, highlighting notable events while remaining comprehensive in nature. For example, it shows a list of custom reports, the last 25 IPAM events, current conflicts, and ranked subnets by the percentage of available addresses used.

2. Angry IP Scanner (Free)

Widely hailed as one of the first and most popular free IP address scanners, Angry IP Scanner is open-source software, deployable across operating systems. Windows, Linux, and Mac OS X users will find this tool handy for its nonexistent price tag.

Angry IP Scanner is easy to use and has an intuitive graphical user interface. Further, it provides slightly more detail than the manual command-line method covered above. Given an IP address range, the tool displays all active IP addresses, hostname when applicable, ping response time, MAC address, and port count. These results are made actionable with an export function that supports CSV, TXT, XML, and IP-Port list files.

Additionally, Angry IP Scanner can display Network Basic Input/Output System (NetBIOS) information useful for identifying an IP address, as knowing the computer name or current logged-in user can facilitate network problem solving.

The main downside of Angry IP Scanner is the basic nature of its capabilities, which is understandable given that it’s open-source. The functionalities it offers are fundamental and useful. Plus, anyone who writes Java is free to expand its abilities by creating their own plugins, though of course this would require a certain amount of buy-in.

3. IP Scanner (Free)

Created by developer 10base-t Interactive and optimized for Mac, this app is admittedly limited; the free version only supports 6 devices. Still, for small home networks, this number may be sufficient, and, as a taste of what could be possible with the expanded capacity of the Pro version, IP Scanner offers features many other free apps don’t have.

Perhaps most interesting is IP Scanner’s “cumulative mode” feature, which allows the user to track network changes over time. In this mode, network admins can see inactive devices that were once part of the network. This can help with troubleshooting in a variety of ways. Is this IP address now free for reallocation? Is this device supposed to be present, and something has gone wrong? IP Scanner takes some of the guesswork out of network fluctuations, making it possible to zero in on these questions and find answers.

Another intelligent feature is the tool’s whitelist capability, which allows users to filter out trusted devices. By culling the display in this way, users can stay aware of which devices are new and may be on the network without authorization, receiving automatic alerts to potential threats.

4. IP Address Manager

The preeminent full-service IP address management tool, SolarWinds IPAM goes far beyond the offerings of an IP address tracker. In addition to all the SolarWinds IP Address Tracker features covered above, IPAM is a complete management solution, empowering admins to drill down into address conflicts, easily allocate IP addresses to subnets, and catalogue IP address usage history.

These functions are crucial time-savers. When alerted to a conflict, users can begin troubleshooting by viewing the event’s details, including the specific endpoints involved. This allows admins to temporarily remove the malfunctioning devices by remotely shutting down a port, thus facilitating network reliability and high performance while reconfiguring IP settings behind the conflict.

As regards address allocation, IPAM users can employ the automated Subnet Discovery Wizard and Subnet Allocation Wizard to sort IP addresses and form optimally sized subnets, maximizing performance while minimizing conflicts and wasted space. Better yet, IPAM features drag-and-drop and user-defined grouping, making portioning IP address space more convenient than ever before.

One last notable feature here is that it offers priceless server synchronization. This makes it possible not merely to set alerts for conflicts and put out fires as they arise, but to prevent potentially expensive address conflicts to begin with. IPAM integrates DNS server and DHCP server management in one console and supports multiple vendors. This means customers can find available addresses, assign them, and update the DNS simultaneously, eliminating the possibility of misdirected traffic or duplication.

5. Engineer’s Toolset

Next up is SolarWinds Engineer’s Toolset (ETS), a bundle of over 60 tools designed to discover, configure, monitor, and troubleshoot your network. This includes a slate of tools fulfilling the duties of an IP tracker or scanner, bolstered by myriad others in this holistic network management client.

Some of the toolset’s key strengths are its convenience and birds-eye-view perspective of complex enterprise networks. SolarWinds ETS performs automated network discovery, allowing it to undertake clear network visualization—a capability not found in most free tools. With the automated discovery, the toolset displays the network in its entirety, mapping out switch ports, relating MAC to IP addresses, and identifying equipment.

To this end, ETS generates powerfully informative graphics for all IPAM concerns. Not only does the Ping Sweep tool provide a quick rundown of which addresses are in use and which are available for assignment, but it also locates the DNS name corresponding to each IP address. It supplements this data with graphs charting device response time.

Beyond scanning and mapping networks, Engineer’s Toolset makes reconfiguring the network for optimal performance a breeze. The Subnet Calculator at once scans subnets; generates the proper masks, size, range, and broadcast address of both classful and classless subnets; and acts as an IP address tracker, continuously monitoring the addresses in use within each subnet.

The DHCP Scope Monitor, meanwhile, monitors DHCP servers to push alerts when certain scopes are low on addresses and quantifies the number of dynamic IP addresses within the network. This is an incredibly important function when re-architecting a network or trying to avoid downtime, as it gauges whether the network is due to run out of addresses before a verifiable shortage arrives.

Further, the DNS Audit tool maximizes IP address efficiency through its ability to run forward and reverse DNS lookups to find any misalignment with host addresses and DNS records. This helps ensure if a device is using an IP address, the network reaps the rewards of having allocated that address.

Coupled with the innumerable other amenities of SolarWinds ETS, its network scanning and IP address tracking features go even further in preventing network catastrophe, identifying problems early, ascertaining root causes, and executing quick resolutions.

6. Network Performance Monitor

SolarWinds Network Performance Monitor (NPM) is another fully loaded toolkit ready to scan networks for devices. Its network device scanner tool automatically discovers network devices; beyond that, NPM creates visual displays that delineate the connections between devices — automatically populating maps that clarify network topology. This is particularly helpful in the case of the dynamic IP address system, in which IP addresses (in addition to device count and relationship) are constantly in flux.

Network visualization in NPM goes far beyond the typical features of an IPAM tool. In fact, with SolarWinds NPM, users can customize dynamic network maps that display accurate topology and device performance metrics, juxtaposing device scanning and network performance management so that admins can more easily architect high-performing networks and intervene on specific devices when necessary.

7. User Device Tracker

SolarWinds User Device Tracker (UDT) performs an IP address management role from a unique vantage point, looking more at the individual user in addition to network architecture. UDT is invaluable when it comes to granular network topology and equipment details. It automatically discovers and monitors layer 2 and layer 3 switches, and it constantly watches ports and switches, gauging response time, packet loss, CPU load, and memory utilization. It sends alerts as switches approach their capacity.

UDT serves a pragmatic function in this way through network visualization and performance monitoring. In addition, it provides enhanced visibility into network users and strengthens network security—an increasingly crucial consideration as networks grow more complex and organizational members each bring a bevy of devices, presenting more opportunities for breaches.

With SolarWinds UDT, admins can not only customize their own reports—vital for compliance—but they can also drill into device connection history and user login history. Most importantly, they can cut through the noise to identify any unauthorized users siphoning resources from their network or, worse, carrying out cyberattacks. The UDT whitelisting feature empowers admins to designate safe, known devices so it can push alerts when new and potentially dangerous devices come online.

The Importance of IP Addresses in Networking

Now that you have the best tool in place to scan, monitor, and manage IP addresses on your network, having a baseline understanding of how IP addresses work—including the differences between the addressing systems of IPv4 and IPv6—can also help protect the performance and integrity of networks. Let’s go into deeper detail about what exactly an IP address is, types of IP addresses, and how to assign IP addresses to devices.

What Is an IP?

The IP address exists to identify devices connecting via the internet, which is itself a network of other networks communicating via the standards delineated by the Transfer Control Protocol (TCP) and Internet Protocol (IP). The term “internet” in this sense is different than Local Area Networks (LANs) in that it’s decentralized—meaning no specific person or device has administrative privileges to impose controls on the web—and allows each internet-connected device to act independently online.

To achieve internet access, then, every device must have a way of identifying itself. Identification serves two primary purposes:

  1. It acts as a “return address” so all packets transmitted over TCP (all data transfers and communication exchanges, basically) can be verified.
  2. It allows other devices to find and communicate with the device in question.

Though accessing the internet quickly and easily is something most take for granted, it’s a process comprised of multiple steps. A user who wishes to reach a site on a computer or other device inputs the domain name (like www.dnsstuff.com) into their browser, which then contacts its designated domain name system (DNS) server to resolve the URL to an IP address. Once the device has the IP address, it can connect to the site and interact however it wants.

Because most networks, including LANs, virtual LANs, and Wide Area Networks (WANs), use the TCP/IP protocol suite to connect the devices in a given organization or location, the IP address system works similarly to ensure network devices can successfully send data to one another.

All IP addresses have both binary and dot-decimal notations for an address. The binary representation of an IP address is used to communicate with devices, while the translated dotted decimal format helps make it easier for users to understand and remember IP addresses.

What Version Is My IP Address? IPv4 vs. IPv6

Currently, there are two coexisting standards (also called versions) for formulating IP addresses:

  1. In IPv4 (Internet Protocol version 4), an IP address is made up of decimal digits and contains 32 bits or 4 bytes. Each byte constitutes an 8-bit field with decimals and a period, which is why some call IPv4 address nomenclature the “dot-decimal format.”
    While this has worked well enough for quite some time, the 32-bit constraint means IPv4 only allows for variations or approximately 4 billion addresses. At present, the global number of internet-connected devices already far exceeds that threshold, at 26.66 billion. To compensate, many networks use both private and public IP addresses, so several devices within a local network may share a public IP address but have separate private IP addresses. A system called the Dynamic Host Configuration Protocol (DHCP) assigns private IP addresses within a network.
    While this system has worked historically, it poses a couple of problems. First, it introduces an additional step in networking and increases administrative overhead. Second, if the DHCP and DNS server aren’t synchronized (or if multiple DHCPs are running at once, which admins should avoid), listed IP addresses can be incorrect or duplicated, causing transfer issues that can, in turn, hinder network performance. When two devices share a single IP address, they may not be able to connect to the internet or the local network at all.
  1. IPv6 was developed to circumvent these complications. Four times larger than an IPv4 address, an IPv6 address contains 128 bits in total, written in hexadecimal, and punctuated by colons rather than periods.

With more data allocated for each address, the IPv6 protocol creates many more IP address variations than IPv4, eliminating the need to assign public and private addresses, which can result in collisions. Since it allows for variations, the new protocol provides a good deal of room for IoT to grow.

Because IPv6 is an evolutionary upgrade, it can coexist with IPv4 and will do so until the earlier version is eventually phased out. For this reason, IPv6 is also referred to as IPng — meaning “Internet Protocol next generation.”

So far, IPv6 addresses still represent the minority of internet traffic, but they’ve started to capture a larger portion. As of June 2019, around 29% of Google users accessed the site over IPv6, and around 38% of internet users in the United States have already adopted IPv6 with minimal latency rates. By transitioning to IPv6 over time, the internet should be able to allocate more individual addresses to devices, increasing both the number of hosts and the volume of data traffic it can accommodate.

What Is IPv4?

Each IPv4 address contains two crucial components: a network identifier and a host identifier. In this way, it’s much like a geographic address—the street gives people an idea of the neighborhood where a building is located, and the number isolates the building in question.

In an IPv4 address, the network identifier contains the network number, which, per its name, identifies the specific network to which the device belongs. The host identifier, or node identifier, is the collection of bits unique to the device in use on the network, differentiating it from other machines on the network and on the internet.

IPv4 Classful Addressing Basics

The number of nodes a network will need to support determines the exact structure of the IPv4 address, which is further classified into different address classes.

  • Class A IPv4 addresses – If the first bit of an IPv4 binary address is 0, then the address is a Class A type. Class A is typically used in large organizations as it can generate millions of unique node variations. Class A has an IP address range of 0.0.0.0 – 127.255.255.255
  • Class B IPv4 addresses – If the first two bits are 10, the IPv4 address is Class B. Class B can produce tens of thousands of node address variants and is primarily used in medium-sized networks. Class B has an IP range of 128.0.0.0 – 191.255.255.255
  • Class C IPv4 addresses – All Class C addresses start with 110. Since Class C IPv4 address allocates one byte to the host identifier, this tier of IPv4 network can only support a maximum of 254 hosts. This is because a byte of data is equal to 8 bits, or 8 “binary digits.” With a bit limited to representing either 0 or 1, an 8-bit piece of data allows for a maximum of (256) variations. However, the host identifier “0” is reserved for the IP address designated to the network, and 255 belongs to the IP address designated to the broadcast address, leaving 254 network nodes for other devices. Class C has an IP range of 192.0.0.0 – 223.255.255.255

While Classes D and E also exist, Class D is used exclusively for multicasts and Class E not available to the general public.

Classful vs. Classless Addressing

Because of fears that the classful IPv4 addressing system was too quickly using up available address variations, the Internet Engineering Task Force developed the Classless Inter-Domain Routing (CIDR) system to allow for network prefixes sized between the 8-bit intervals instituted by classful networking. With CIDR, an IPv4 address doesn’t have a set composition defined by its class; it can, however, have a prefix (the portion specifying the network number or subnet ID) of arbitrary length. The size of this prefix determines the number of variations available to each network or subnetwork.

CIDR can work because of the variable-length subnet masking (VLSM) technique. Put simply, the subnet mask expresses in dot-decimal IP form how many bits in the IPv4 address belong to the prefix. For example, a CIDR with a prefix length of 4 (meaning the network number is only 4 bits, as opposed to a typical Class A length of 8) is, in binary, 11110000 00000000 00000000 00000000. The byte “11110000” numerically translates to 240, making this subnet mask address 240.0.0.0. Given this subnet mask, an admin knows the network can support devices—much more than a Class A IPv4 address.

According to CIDR notation, the length of the subnet mask (the number of bits used by the prefix) is expressed by a suffix composed of a slash and a number. So, given the IP address 192.168.1.0/24, a user would know the following:

  • The prefix is 24 bits, or 3 bytes, in length, making it a Class C IP address
  • Therefore, the network can support up to 254 devices
  • The network address is the first 3 blocks, or 192.168.1
  • The IP address is 11111111 11111111 11111111 00000000 in binary, translating to the subnet mask 255.255.255.0

What Is IPv6?

IPv6 addresses work in a similar fashion to IPv4 addresses, though they contain more data. Each hexadecimal number requires 4 bits, and each block consists of 4 hexadecimals. Each IPv6 address contains 8 blocks—128 bits total, which are, like IPv4, divided into network and node components. The difference between the two versions is IPv6 addresses don’t vary in composition; the network and node components are always of equal length, at 64 bits each.

The first 64 bits correspond to the network component, laying out the global unicast address (48 bits) followed by the subnet ID (16 bits). Essentially, this means that the first 3 bytes identify the network address used by internet routing to reach the proper network, and the fourth byte (configured by network administrators themselves) routes any communications to the correct internal subnet within the broader local network.

The last 64 bits make up the interface ID, which identifies the node within the network that internal network or external internet communications must reach. The interface ID is generated from the media access control (MAC) address, given by network interface card manufacturers and stored in the device hardware.

Although IPv6 addresses don’t have classes, the hexadecimals with which the address starts can inflect what type of network it is. Global addresses starting with “2001” are public, whereas link-local addresses starting with “fe80” and unique local addresses starting with “fc00::/8” or “fd00::/8” can channel communications internally, but not over the internet.

Ultimately, IPv6 incurs some inconveniences. Namely, infrastructure will have to transition between the protocol versions, and the addresses are significantly longer. But the protocol solves the most notable dilemma networking faces: a shortage of IP addresses.

With its expanded capacity to support network nodes, IPv6 doesn’t just offer “enough” addresses for now; indeed, it is equipped to generate more variations than we’ll (hopefully) ever need. The number is practically inconceivable in human terms. As one computer hobbyist puts it, that value (340,282,366,920,938,463,463,374,607,431,768,211,456) is equal to over 340 undecillion. Put another way, that amounts to 50 octillion IP addresses per human being, given a global population of 7.5 billion.

How to Assign IP Addresses

Finally, to round out our understanding, it’s worth clarifying how IP addresses are assigned to devices, and how this can affect network operation. There are two basic forms of IP address: static and dynamic.

In a static system, an administrator assigns the IP address and it doesn’t change with server updates, router reboots, or website changes. This understandably has its pros and cons. A static IP address can be relied upon to stay the same regardless of other infrastructure developments, meaning IT admins will never encounter a surprise when scanning for IP addresses. However, depending on the size of the network, the manual allocation of all host IP addresses can require a massive amount of time, tracking, and structuring. Especially given that static addresses can become incompatible with a system in various ways, choosing to exclusively use static addresses is largely inefficient and inflexible.

Nevertheless, there are several good reasons to opt for the static IP address system. The process of assigning a static IP address is lengthy and complicated, so it typically requires a professional. This constraint makes static IP addresses more suitable to a business environment, though they can add benefits to home networks as well. Static IP addresses are helpful when:

  • You want to ensure a shared resource (like a printer or server) is always accessible to everyone on the network, no matter their device, by giving it an unchanging address
  • You want to use devices incompatible with DHCP
  • You want to avoid IP address duplications, which a faulty DHCP server can generate
  • You want slightly improved network security and geolocation precision compared to a dynamic IP address system

Dynamic IP addresses, in contrast, are assigned by the DHCP server, eliminating the need for an admin to spend hours allocating addresses. As their name implies, dynamic IP addresses don’t stay the same over time—the DHCP doles out IP addresses to devices on a temporary lease. This automates many of the more irksome details of configuring an IP address system: without administrative oversight, the DHCP server can assign a unique IP address, a subnet mask, a gateway address, and other requisite reference information (like the address of the DNS server) to all devices.

The advantages of the DHCP system are obvious: it reduces administrative overhead and scales with the environment. It has its disadvantages, as well, notably regarding the temporary nature of the dynamic IP address. Although the network client can attempt to renew the same address repeatedly, its address is not guaranteed. Particularly when it comes to remote work, attempts to gain access to a distant device or network can fail without knowledge of its current IP address.

Additionally, within networks primarily reliant on DHCP but have defined a few static IP addresses for isolated devices, a DHCP server can generate a unique IP address that conflicts with an existing static one, or the DNS and DHCP servers can fall out of sync, causing some sites and devices to become unreachable. These potential hiccups have solutions—altering the DHCP scope to exclude static addresses in use; changing DNS scavenging settings to ensure the server purges old records and updates its data—but they require foresight and additional work.

Still, barring slight complications, a dynamic IP address system is the most reasonable solution for large-scale networks. While many enterprises may use a static IP address with their router for remote networking or internet security purposes, DHCP is an efficient, useful system for node address designation overall.

Scanning Network For Mac Addresses

Positioning Your Organization for Success

Overall, regardless of network size, downloading tools can offset an IT department’s workload. While free tools are adept at handling smaller tasks—like simply discovering active IP addresses and correlating them to MAC addresses—a diverse toolkit like those offered by SolarWinds IP Address Manager provides a comprehensive solution.

Mac Scanning Software

Whether you’re maintaining the security of a small network or looking to manage networks at the enterprise scale, the premium IP address management solutions from SolarWinds add the most value of any tool on the market. By performing data analysis, streamlining high volumes of data into insightful graphs, offering useful network visualization, and pushing security and IP address conflict alerts, SolarWinds software can help ensure networks remain in safe, peak-performance shape. Ultimately, through keeping tabs on the many rote and time-intensive tasks required by IP address systems, these robust tools free up administrators to apply themselves elsewhere.