How To: IP CIDR Cheat Sheet
2 min read
If you are involved with networks architecture, firewall configuration or do any kind of security scans then you rely heavily on working with IP addresses and ranges. There are a few ways you can accomplish working with them in bulk, some are more efficient than others. If you have a small number to deal with you may list them all out in a comma delimited list or load them into a text or feed file to use. If you need to enter them into a configuration file this may not be the best approach. If you are scanning, especially in a discover scan where you don’t know what is active, you need to cover an entire range. You will spend more time creating a list of sequential addresses than the actual scans will take. There is another way to do it that give you far better coverage control and that’s using CIDR. If you want a full background and the math behind CIDR you can read up here.
In my experience using CIDR you need to take a step back and think about what you are going to do carefully. I always go back and double check and I added a cheat sheet below to lay out the coverage of each CIDR configuration. If you are not careful you may inadvertently open up your firewalls to exponentially more IP addresses or scan far more than intended by changing one number. In the chart below you can see that if you want to put in a firewall rule to allow only 69.208.10.0 to 69.208.10.255 you would use the CIDR 69.208.10.0/24. However if you put in 69.208.10.0/16 you now just opened up to over 65,000 unintended IP addresses through a rule when you only wanted 256. Most tools that allow CIDR entries limit them to 24-32 because of the sheer size of anything more.
You can never have too many reference charts hanging on your wall or easily accessible. One simple number can turn your whole world upside down and in IT it’s the ‘whoopsies’ that bite the hardest.
| CIDR | Start Range | End Range | Total addresses | Bits selected in IP address |
|---|---|---|---|---|
| 69.208.0.0/0 | 0.0.0.0 | 255.255.255.255 | 4,294,967,296 | ********.********.********.******** |
| 69.208.0.0/1 | 0.0.0.0 | 127.255.255.255 | 2,147,483,648 | 0*******.********.********.******** |
| 69.208.0.0/4 | 64.0.0.0 | 79.255.255.255 | 268,435,456 | 0100****.********.********.******** |
| 69.208.0.0/8 | 69.0.0.0 | 69.255.255.255 | 16,777,216 | 01000101.********.********.******** |
| 69.208.0.0/11 | 69.192.0.0 | 69.223.255.255 | 2,097,152 | 01000101.110*****.********.******** |
| 69.208.0.0/12 | 69.208.0.0 | 69.223.255.255 | 1,048,576 | 01000101.1101****.********.******** |
| 69.208.0.0/13 | 69.208.0.0 | 69.215.255.255 | 524,288 | 01000101.11010***.********.******** |
| 69.208.0.0/14 | 69.208.0.0 | 69.211.255.255 | 262,144 | 01000101.110100**.********.******** |
| 69.208.0.0/15 | 69.208.0.0 | 69.209.255.255 | 131,072 | 01000101.1101000*.********.******** |
| 69.208.0.0/16 | 69.208.0.0 | 69.208.255.255 | 65,536 | 01000101.11010000.********.******** |
| 69.208.0.0/17 | 69.208.0.0 | 69.208.127.255 | 32,768 | 01000101.11010000.0*******.******** |
| 69.208.0.0/18 | 69.208.0.0 | 69.208.63.255 | 16,384 | 01000101.11010000.00******.******** |
| 69.208.0.0/19 | 69.208.0.0 | 69.208.31.255 | 8,192 | 01000101.11010000.000*****.******** |
| 69.208.0.0/20 | 69.208.0.0 | 69.208.15.255 | 4,096 | 01000101.11010000.0000****.******** |
| 69.208.0.0/21 | 69.208.0.0 | 69.208.7.255 | 2,048 | 01000101.11010000.00000***.******** |
| 69.208.0.0/22 | 69.208.0.0 | 69.208.3.255 | 1,024 | 01000101.11010000.000000**.******** |
| 69.208.0.0/23 | 69.208.0.0 | 69.208.1.255 | 512 | 01000101.11010000.0000000*.******** |
| 69.208.0.0/24 | 69.208.0.0 | 69.208.0.255 | 256 | 01000101.11010000.00000000.******** |
| 69.208.0.0/25 | 69.208.0.0 | 69.208.0.127 | 128 | 01000101.11010000.00000000.0******* |
| 69.208.0.0/26 | 69.208.0.0 | 69.208.0.63 | 64 | 01000101.11010000.00000000.00****** |
| 69.208.0.0/27 | 69.208.0.0 | 69.208.0.31 | 32 | 01000101.11010000.00000000.000***** |
| 69.208.0.0/28 | 69.208.0.0 | 69.208.0.15 | 16 | 01000101.11010000.00000000.0000**** |
| 69.208.0.0/29 | 69.208.0.0 | 69.208.0.7 | 8 | 01000101.11010000.00000000.00000*** |
| 69.208.0.0/30 | 69.208.0.0 | 69.208.0.3 | 4 | 01000101.11010000.00000000.000000** |
| 69.208.0.0/31 | 69.208.0.0 | 69.208.0.1 | 2 | 01000101.11010000.00000000.0000000* |
| 69.208.0.0/32 | 69.208.0.0 | 69.208.0.0 | 1 | 01000101.11010000.00000000.000000 |
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.
Subscribe
Facebook Page
Follow Me On Twitter
contactme@binaryblogger.com
