What is an IP address?
IP addresses are ‘Internet Protocol’ addresses and not to be confused with IP Ratings, which I discuss in a different post on here.
Each device on the internet must have a unique IP address. Allocation of addresses is managed by the Internet Assigned Numbers Authority which devolves this to Regional Internet Registries. But in this post, we are considering the technical workings of internet addressing, not the bureaucracy.
This is only intended as a brief over-view of Internet Protocols. I’m not trying to compete with the intricate detail available from an internet search.
The IP address is only one part of the internet system – the other major part is the formatting or ‘Transport Protocol’ of the messages. There are two core protocols, TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP/IP is used by the world-wide-web, email and file transfer. UDP has fewer features for controlling transmission errors, but may be preferred in time-critical situations such as streaming TV or Voice-over-internet.
IPv4 vs IPv6
The present system is called IPv4 which provides 4.3 billion addresses, and whilst it was thought that system would never run out of addresses, the internet has proliferated so much that technically the system ran out of new addresses in 2011. Various bodges have been devised so that we can continue to use IPv4, but eventually we will have to move to a new system called IPv6. This provides 340 trillion, trillion, trillion addresses, which theoretically will never be used up, but never is a long time, as the saying goes.
New modems and routers are capable of using IPv6, and in fact it has been in use since 1996, but the vast number of legacy devices means that IPv4 has to work in parallel possibly for decades to come. Of course, most people use the Internet happily oblivious to the way that they connect to their favourite web site or streaming service. They just type in the domain name of their favourite website, or more likely now, use an app which does it for them. Domain names are only a user-friendly way of getting the IP address of the web site, which the system finds by consulting a ‘Domain Name Server’ or DNS.
IPv4 uses a 32-bit number for the IP address, whilst IPv6 uses a 128-bit number.
An IPv4 address is typically written 18.104.22.168
Each group is a decimal number (8 bits long, called an octet)
An IPv6 address is typically written 1468:db9:0:4321:3:765:7:1
Thus each group is a hexadecimal number (16 bits long)
It should be noted that IPv4 and IPv6 are not interoperable, which complicates the move to IPv6.
As originally devised, the IPv4 network number was given by the first group (called an octet), giving only 256 different networks! This problem was reduced by defining certain network numbers as ‘private’ so that within each private network the same range of IP addresses can be used. For example, any IP number from 192.168.1.0 to 192.168.1.255 is private. Most devices within a domestic network will use IP addresses within this range. Certain other number ranges are also private or reserved for special purposes.
Network Address Translation
Devices within a private network can only communicate with the external internet by using a system called Network Address Translation (NAT). This changes the private IP address of a device to the external IP address of the router, which will have been assigned by your Internet Service Provider. This has the further advantage of shielding devices within the private network from intruders, as an intruder cannot send messages directly to your computer or printer, for example. (Sadly, intruders still find ways around this.)
The IP address identifies the actual device, for example a computer. But suppose you want to download a photograph from your cloud storage to your photo processing program. The IP address will route the message from your cloud storage to your device but then it needs to get to the photo processing app and not to your email app.
This is achieved by attaching a port, which is a 16-bit number, to the IP address. Specific ‘services’ (types of program) are identified by specific port numbers, but a range of port numbers is available for users to assign arbitrarily. An app identifies which port it is using via an ‘internet socket’, which is part of the computer’s networking software. This gives a one-to-one link between the internet and the app. The port number is attached to the internet address and is typically written 192.168.1.123:80
This basically says that the message is intended for the app running on the device connected to the private network at address 123 and listening to port 80 (used by the world wide web, so probably a web browser). The port number is a 16-bit number, i.e. ranging from 0 to 65535.
When using NAT, the router changes the port number on the outgoing message to identify both the device and the port on the private network. It reverses this when an incoming message is received.
You may also have come across the ‘Subnet Mask’, although you should rarely have to worry about this. On domestic networks the subnet mask is always 255.255.255.0. Remembering that each group of digits represent 8 bits, basically, this says that that all the bits in the first three groups are for identifying the network itself. The last 8 bits are not used to identify the network, so are available to define individual devices within the network. In essence, you can have up to 256 devices on such a network. [255 in decimal is 11111111 in binary. It is used as a ‘mask’ by applying a logical ‘and’, causing every digit in the address to pass through. By contrast, 0 in decimal is 00000000 in binary, so that a logical ‘and’ does not pass any part of that octet through.]
A similar system is used for IPv6, but in order to reduce the amount of writing, the length of the network identifier is described in terms of the number of digits, for example the block.
1468:db9::/48 says that the first 48 bits are used as network identifier, so it represents the block of addresses from
1468:db9:0:0:0:0:0:0 to 1468:db9:0:ffff:ffff:ffff:ffff:ffff
remembering that these are hexadecimal numbers [f represents the binary number 1111 or decimal 15].
I have mentioned Routers several times, and it is clear that they are complex devices fundamental to the operation of any network. I will need to write a separate blog to describe their operation in any detail.
Because many services (standard programs) use standardised port numbers, hackers often use automated software to ‘scan’ these ports on a computer to see if a standard app is listening on that port, and probing to see whether the app will respond to a malicious message that can give them unauthorised access. ‘Firewall’ security software attempts to monitor and ward off such attempts. If a particular IP address sends such a message, they will block it. Because firewalls are so effective, hackers resort to fooling users into installing ‘viruses’ of many different types. I have written about some scams in other blogs and users have become savvy at recognising them. Successful hacks use subtle tricks to get the user to install malicious software.
In particular, I would warn against installing ‘free’ versions of paid-for software. A criminal has already removed the legitimate protection from the software … and it is reasonable to assume that they wouldn’t be satisfied with just doing that. Some websites (particularly those offering tempting deals) can suggest that you install apparently legitimate ‘helper’ add-ons when you visit them, but these can flood your browsing sessions with infuriating advertising and be extremely difficult to remove.
I hope this brief over-view helps to explain some of the workings under the bonnet and to help when you have to confront some of the more arcane terminology of networking. I’m intending to add more as and when the opportunity arises.