Security Basics mailing list archives

Re: CIDR Explanation

From: "Bob Radvanovsky" <rsradvan () unixworks net>
Date: Tue, 21 Sep 2004 07:08:33 -0500

Actually, it's pretty simple, if you understand binary math.  The concept of
an IP address octet is 000 thru 255 (or "FF"); each address consists of 4
octets total for IPv4 (much more for IPv6; in fact, the "IP address"
resembles something similar to that of a MAC address).  So...re-capping:
IPv4 IP address consists of 4 octets: 000.000.000.000 thru 255.255.255.255.
OK so far?

Now... CIDR takes the subnet mask, which is what is *allowed* through a
given/partitioned subnet and converts it to a meaningful representation; in
this case, the CIDR is a decimal translation of an added binary
representation of the subnet mask.  Confused?

OK, let's say that you have 16 IP addresses in your local subnet (through
your local ISP, or whathaveyou).  What kind of subnet do you think you have?
Realistically, you have 14 USABLE addresses, since IP #0 (1st address)
represents the subnetted "network", and IP #15 (16th address) represents the
broadcast for that subnet.  16 minus 255 comes to: 239 (which is the
broadcast for the previous subnet) PLUS 1, equalling 240.  So...your subnet
mask would be 255.255.255.240.

Now...convert that to binary.  255 is equal to 8 "1's": 11111111, with the
1st "1" representing 128, and the 8th "1" representing 1.  Remember: in
binary you work right to left, starting with 1, then 2, then 4, and so on
and so forth.  The largest binary number that you'll have for each octet is
128.  Add every number up (128+64+32+16+8+4+2+1) and that equals 255.

Now...if 255 is "8", then we would have (binary ON positions form converted
into a meaningful decimal context of 8.8.8.4.  In this case 240 = 128 + 64 +
32 + 16, so that's the 4th-leftmost "1's" that are ON, with the remaining
"1's" OFF.  Your octet would look like this: 11110000 (or "4").  Add 'em up,
and you have "28".  Your CIDR for subnet mask "255.255.255.240" is "/28".

Did you understand that?  Pretty simple, huh?  And to demonstrate how this
work (so you can compare it against a CIDR table), look here:
http://www.rjsmith.com/CIDR-Table.html.  Nicely done, and publicly
available.

Send me email if any questions.  Enjoy!

Bob Radvanovsky [/unixworks]
rsradvan(at)unixworks(dot)com
"knowledge squared is information shared."

----- Original Message ----- 
From: "ka55ad" <ka55ad () gmail com>
To: <security-basics () securityfocus com>
Sent: Monday, September 20, 2004 8:39 AM
Subject: CIDR Explanation

Hi List,

     I am hoping that somebody might be able to help me out or point
me in the right direction. For the life of me I can't seem to get a
good grasp on CIDR notation. I see a lot of CIDR addresses every day,
but I have trouble figuring out the IP addresses on the fly. I am not
a complete newbie - I am quite familiar with the OSI model, TCP
handshakes, etc but this one area stumps me.

     I am particularly interested in it because I am going to be
setting up a snort box soon as well as an IP chains firewall to
segregate parts of the network. I would much rather use CIDR since it
can be much quicker at times, but I don't want to use it right now due
to my lack of knowledge which can cause security issues. Can anybody
offer advice/help? Thanks.

--------------------------------------------------------------------------

Computer Forensics Training at the InfoSec Institute. All of our class

sizes

are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills

of

a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
--------------------------------------------------------------------------

--


---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

Current thread:

CIDR Explanation ka55ad (Sep 21)
- RE: CIDR Explanation David Gillett (Sep 21)
- Re: CIDR Explanation Bob Radvanovsky (Sep 21)
- Re: CIDR Explanation Alexandros Papadopoulos (Sep 23)
- <Possible follow-ups>
- RE: CIDR Explanation Bénoni MARTIN (Sep 21)
- RE: CIDR Explanation Andrew Shore (Sep 21)
- RE: CIDR Explanation Bowes, Ronald (EST) (Sep 21)
  - RE: CIDR Explanation David Gillett (Sep 21)
    - CIDR Explanation - A good web site to teach you. Chad Thomsen (Sep 23)
- Re: CIDR Explanation Ed Spencer (Sep 21)
- RE: CIDR Explanation Mike (Sep 21)
- Re: CIDR Explanation Travis Schack (Sep 21)
- RE: CIDR Explanation Bowes, Ronald (EST) (Sep 22)

(Thread continues...)