June 14, 2021

Binary Blogger

Are you a 1 or a 0? News, Thoughts and Reviews

How To: IP CIDR Cheat Sheet

2 min read

nmap-trinityIf you are involved with networks architecture, firewall configuration or do any kind of security scans then you rely heavily on working with IP addresses and ranges. There are a few ways you can accomplish working with them in bulk, some are more efficient than others. If you have a small number to deal with you may list them all out in a comma delimited list or load them into a text or feed file to use. If you need to enter them into a configuration file this may not be the best approach. If you are scanning, especially in a discover scan where you don’t know what is active, you need to cover an entire range. You will spend more time creating a list of sequential addresses than the actual scans will take. There is another way to do it that give you far better coverage control and that’s using CIDR. If you want a full background and the math behind CIDR you can read up here.

In my experience using CIDR you need to take a step back and think about what you are going to do carefully. I always go back and double check and I added a cheat sheet below to lay out the coverage of each CIDR configuration. If you are not careful you may inadvertently open up your firewalls to exponentially more IP addresses or scan far more than intended by changing one number. In the chart below you can see that if you want to put in a firewall rule to allow only to you would use the CIDR However if you put in you now just opened up to over 65,000 unintended IP addresses through a rule when you only wanted 256. Most tools that allow CIDR entries limit them to 24-32 because of the sheer size of anything more.

You can never have too many reference charts hanging on your wall or easily accessible. One simple number can turn your whole world upside down and in IT it’s the ‘whoopsies’ that bite the hardest.

CIDR Start Range End Range Total addresses Bits selected in IP address 4,294,967,296 ********.********.********.******** 2,147,483,648 0*******.********.********.******** 268,435,456 0100****.********.********.******** 16,777,216 01000101.********.********.******** 2,097,152 01000101.110*****.********.******** 1,048,576 01000101.1101****.********.******** 524,288 01000101.11010***.********.******** 262,144 01000101.110100**.********.******** 131,072 01000101.1101000*.********.******** 65,536 01000101.11010000.********.******** 32,768 01000101.11010000.0*******.******** 16,384 01000101.11010000.00******.******** 8,192 01000101.11010000.000*****.******** 4,096 01000101.11010000.0000****.******** 2,048 01000101.11010000.00000***.******** 1,024 01000101.11010000.000000**.******** 512 01000101.11010000.0000000*.******** 256 01000101.11010000.00000000.******** 128 01000101.11010000.00000000.0******* 64 01000101.11010000.00000000.00****** 32 01000101.11010000.00000000.000***** 16 01000101.11010000.00000000.0000**** 8 01000101.11010000.00000000.00000*** 4 01000101.11010000.00000000.000000** 2 01000101.11010000.00000000.0000000* 1 01000101.11010000.00000000.000000

End of line.

Please follow and like us:
Copyright © All rights reserved. | Newsphere by AF themes.
Follow by Email
Visit Us
Follow Me