____________________________________________________________________

____________________________________________________________________

 Every system connected to the Internet or connected to a particular network has a unique Internet Protocol Address of an IP Address. Just as in the real world every person has his or her own Home Contact Address, similarly every system connected to the Internet has its own unique IP Address. Your IP Address is the address to which data should be sent to ensure that it reaches your system. The IP Address of a system acts as the system’s unique identity on the net.

 One of my earlier manuals described an IP Address in the following words: ‘….Like in the real world everyone has got an individual Home Address or telephone number so that, that particular individual can be contacted on that number or address, similarly all computers connected to the Internet are given a unique Internet Protocol or IP address which can be used to contact that particular computer…..’

 Now, that you know what exactly an IP Address is, let us move on to the structure of IP Addresses.

 An Internet Address (IP Address) is a 32-bit address or number, which is normally written as four decimal numbers (of 8 bits each) , each separated from the other by a decimal.. This standard is known as the dotted-decimal notation.

 Example: A Typical IP Address would be as follows: 202.34.12.23

It can be further broken down as:

                                                                203 representing the first 8-bits.

                                                                34 representing the next 8-bits.

                                                                12 representing the third 8-bits.

                                                                23 representing the fourth 8-bits.

Thus when considered together 202.34.12.23 represents 32-bits. So basically we can conclude that each decimal in an IP Address represents 1 byte or 8 bits. It is important to note than an IP Address can contain numbers from 0-255.

 There are a huge number of IP Addresses in use in the present day wired age. All these IP Addresses have some sort of relation with each other and each individual IP Address can reveal a lot of secrets about the Network, of which it is a part. Before we move on to that, we need to understand the fact that all IP Addresses being used are divided into a number of ranges, which are as follows:

                                A                             0.0.0.0 to 127.255.255.255

                                B                             128.0.0.0 to 191.255.255.255

                                C                             192.0.0.0 to 223.255.255.255

                                D                             224.0.0.0 to 239.255.255.255

                                E                              240.0.0.0 to 247.255.255.255

 So, we can easily conclude that one can find out the Class to which an IP Address belongs to simply by comparing the numeral before the first decimal of the IP Address with the above table.

 For Example: In The IP Address 203.43.21.12, the number before the first decimal is 203 and the above table tells us that it belongs to Class C of the range of IP addresses.

 The various IP Addresses are divided into the different classes on the basis of the structure of their Network or in other words on the basis of what the various numbers separated by decimals actually stand for. To understand this, let us refer to the following:

                  A                                           It has the first 8-Bits for Netid and the last 24-bits for Hostid

                  B                                           It has the first 16-Bits for Netid and the last 16-bits for Hostid

                  C                                           It has the first 24-Bits for Netid and the last 8-bits for Hostid

                  D                                           It represents a 32-bit multicast Group ID.

                  E                                            Currently not being used.

The above table will be clearer after reading the following examples:

 Examples:

 An IP Address 203.45.12.34 belonging to Class A means that the network ID is 203 and the host ID is 45.12.34

 Almost all ISP’s prefer to use a Class B Network. If that is the case then each time you login to your ISP, then the first 2 octets of your IP Address would not change, while the last two are likely to change. However, even if only the last octet changes, and the remaining three remain constant, it is likely that the ISP uses Class B addressing. (Subnetting comes in. Explained later in the manual) 

*****************

HACKING TRUTH:  How do you find out the IP Address of your own system? In order to get your own IP Address all you have do is, follow the below process:

 Connect to the Internet.

Launch MSDOS.

Type: netstat –n at the prompt.

 You will get an output similar to the below:

 C:\WINDOWS>netstat -n

 Active Connections

The IP Address shown under the Local Address Field denotes the IP address of your system.

*****************

 The loopback address, which is commonly used, is 127.0.0.1. Almost all systems have also given the loopback address the special name ‘localhost’.

 Till now we learnt that an IP Address is a decimal notation of a computer’s address in the wired world. However, the address of a computer does not have to necessarily be in the decimal notation form. We will learn about the various forms of an IP Address in the following section.

 An IP Address does not necessarily have to be represented in the dotted decimal form. There is more than a single way in which one can represent an IP Address. Some of there are as follows-:

1. Decimal System:  If an IP Address is being represented in the Decimal system, then it means that it is being represented in the Base 10 system. The normal IP Addresses are represented in the Decimal System. Example: 216.115.108.245

2. Domain Name System: If an IP Address is being represented in the form of human recognizable characters and names then it is said to be in the form of DNS system. Example: www.yahoo.com

3. DWORD Format: DWORD is short for double word. It basically consists of two binary
   "words" (or lengths) of 16 bits. However, it is almost always represented in the decimal number system i.e. having a base 10. Example: D8736CF5, which when represented in the form of a decimal number system with a Base 10 becomes 3631443189

4. Octal System:  If an IP Address is represented in the octal system, then it means that it is being represented in the Base 8. Example: 33034666365

5. Hexadecimal System: If an IP Address is represented in the Hexadecimal System, then it is actually being represented in the Base 16 system.

6. A Cross Breed: If an IP Address is being represented in the mixture of any of the above two systems, then it is said to be a Cross Breed.

 NOTE: Please note that not all of the above work in all browsers. And if you or your ISP has a Proxy or a firewall installed then some of the above may not work. The author does not hold any responsibility for failure of working on any of the above.

 Now, that you have seen the various forms in which an IP Address can be represented let us move on to as to how one can convert the domain name into the above different forms.

 In this manual, I have used ping to get the IP:

 C:\WINDOWS>ping yahoo.com

 Pinging yahoo.com [216.115.108.245] with 32 bytes of data:

 Request timed out.

Request timed out.

Request timed out.

Request timed out.

 The above screenshot clearly shows that the IP Address of our example target system is 216.115.108.245.

Now that we have the IP Address, let us move on to converting it into other forms.

 In order to convert a decimal dotted IP Address into its DWORD equivalent, one has to consider each number separated from the other number by a decimal separately. So, in effect, 216.115.108.245 is broken down into:

 216.115.108.245=

 216

115

108

245

 Now, first one has to convert the above decimals into their hexadecimal equivalents. This can easily be done by referring to the below Decimal into Hexadecimal chart (or vis-a-versa):

Thus we get:

 216=D8

115=73

108=6C

245=F5

 As a result, 216.115.108.245 = D8736CF5

 It is important to note that D8736CF5 is the Hex equivalent of our IP and would always be a eight character long representation, however, as a DWORD value is represented in the base-10 system, we also need to convert in into the Decimal form. In order to do so, we need to follow the below process:

1. Click on Start > Programs > Accessories > Calculator.

2. Click on View > Scientific

3. Now, select ‘Hex’ from the right top corner and type in D8736CF5 in the field.

4. Then click on Dec (Decimal). You will find that the value that you typed in would have changed to: 3631443189.

 For all those of you to whom the above process seems to be extremely cumbersome, the following Perl Script too would do the same process less the calculations:

_____________________________

*******************

HACKING TRUTH: One can arrive at the DWORD in the base-10 value by the following mathematical formula too:

 IP Address= 216.115.108.245    (Found out Above)

Value of DWORD in Base-10 system: 3631443189 (Calculated)

 216          *              (256)³   = 216          *              16777216                = 3623878656

115          *              (256)²   = 115          *              65536                      = 7536640                     

108          *              (256)¹  = 108           *              256                          = 27648

245          *              (256)⁰  = 245           *              1                              = 245

Adding the last column we get: 3631443189, which is equal to the DWORD value that we calculated earlier.

*****************

 Without closing the Windows Calculator, one can get the various other forms of the same IP Address (216.115.108.245) by simply selecting the corresponding number system.

 To get the Binary form of the IP Address, one needs to follow the below process:

1. Click on Start > Programs > Accessories > Calculator.

2. Click on View > Scientific.

3. Now, select ‘Hex’ from the right top corner and type in D8736CF5 in the field.

4. Then click on Bin (Binary). You will find that the value that you typed in would have changed to: 11011000011100110110110011110101.

 Please note that most browsers do not accept IP Addresses in Binary. The only way to use them would be by converting them to their Decimal form, which would actually be nothing but the DWORD form represented in the base-10 system.

 To get the Binary form of the IP Address (216.115.108.245), one needs to follow the below process:

1. Click on Start > Programs > Accessories > Calculator.

2. Click on View > Scientific.

3. Now, select ‘Dec’ and type in the first part of the IP Address i.e. 216.

4. Now, select ‘Oct’, this will give you the Octal equivalent (i.e. 324) of the first part of the IP Address.

5. Note this down somewhere and follow the process for all parts of the IP Address.

 Thus 216.115.108.245, would become:

 216= 330

115=163

108=154

245=365

 Now, when you type the Octal equivalent of the IP Address in your browser then you have preeceed each field with a ‘0’. Thus in our example:

********************

HACKING TRUTH: In an Octal IP Address there can be any number of zeros preceding the numbers, without resulting in a change in the address of the remote system.

*******************

One could also represent an IP address in its Hexadecimal form. Remember the Hex value that we obtained while converting 216.115.108.245 into its DWORD equivalent? Well, in this case we make use of that same value. We had calculated that:

 216.115.108.245 = D8736CF5

 Now, when we write an IP Address in Hexadecimal form, then we do so by writing the following (Preceding each value with a ‘0x’ which denotes that the following value is in Hexadecimal):

 You can create a cross breed by combining any one or more of the above formats. However, one has to keep in mind the browser compatibility while doing so.

 I Seek You or ICQ is one of the most popular chatting software around. With it not only comes easy pastime, but also security concerns. ICQ has an inbuilt IP Address Hider, which when enabled is supposedly able to hide your IP from the users you are chatting with. However, like most IP Hiding software, this too is nowhere near good. You can find out the IP Address of any ICQ user, even if IP Hiding has been enabled, by following the below process.

2.)      Now, launch ICQ and send a message to the victim.

3.)      While you are still chatting, go back to DOS and again give the Netstat –n command. You will find that a new IP signifying a new connection. This would be the IP Address of the victim.

 This method of obtaining the IP Address of the person with whom you are chatting to is quite common. However, it works only with ICQ and other select Instant Messengers. It certainly does not work with MSN Messenger and Yahoo Messenger etc. The main reason behind this is the difference in the working of ICQ and MSN Messenger.

 Let us assume that your IP Address is xx.xx.xx.xx and your friend’s IP Address is yy.yy.yy.yy

Case I (ICQ):

                   (you)                                                   (friend)

And all the messages that your friend types, reach you in the following manner:

                  (friend)                                       (you)

 Thus a direct connection has been established between your system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) As a result when you give the netstat –n command, you can obtain his IP Address.

 Case II (MSN Messenger):

                   (you)                                                                                             (friend)

 And all the messages that your friend types, reach you in the following manner:

                  (friend)                                                                                                 (you)

 Thus as an indirect connection has been established between your system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) giving the netstat –n command does not give you your friend’s IP, but instead displays the IP address of the MSN server.

 The same is the case for Yahoo Messenger and also some other Messaging Software.

 However, even such utilities are vulnerable to giving away the IP Address of the target system on issuing the Netstat –n command. All one has to do is (Please note that I am using MSN Messenger as an example) :

1. Get the victim to come online.

2. Then use the inbuilt File Transfer Facility to send a file to the victim.

3. When he accepts the file transfer and the transfer starts launch MSDOS and give the netstat –n command. This will reveal his IP because when files are being transferred, a direct connection exists between you and the victim. That is, there is no mediator MSN Server between you and the victim.

The same will work if you send a Request for a Call and the victim accepts it.

 Besides Instant Messengers, there are some others ways in which one can get someone else’s IP Address. Say you have a site and want to get the IP Addresses of all the people who visit your site then the following script can be modified to create a file which records them all:

<HTML>

<BODY>

<SCRIPT>

 var ip = new java.net.InetAddress.getLocalHost();

 var ipStr = new java.lang.String(ip);

 document.writeln(ipStr.substring(ipStr.indexOf("/")+1));

 </SCRIPT>

</body>

</HTML>

 With that we come to the end of the first edition of the IP Addresses Torn Apart manual. In the next edition we will go deeper into the secrets of IP Addresses and their structures and workings. Hope you liked this manual and do send in your comments. Thanks and till next time, take care.