Rolling Thunder Security · Codex · Network Security · IPv4

IPv4 Address
Anatomy

Five tables hide a single 32-bit number. Read the reference, then break things in the four interactive labs below.

Reference · 5 tables Hands-on · 4 labs Per address · 32 bits
01
Reference

IP Address Classes

The classful system carved the 32-bit IPv4 space into five blocks based on leading bits. Classes A through C carry traffic. Class D is multicast. Class E is reserved.

Modern routing uses CIDR rather than classes, but the boundaries still define where reserved ranges live and how addresses are parsed by humans. Knowing them is the difference between recognizing 10.0.0.1 as private and treating it as a routable host.

ClassStartEndLeading Bits
A0.0.0.0127.255.255.2550xxxxxxx
B128.0.0.0191.255.255.25510xxxxxx
C192.0.0.0223.255.255.255110xxxxx
D224.0.0.0239.255.255.2551110xxxx
E240.0.0.0255.255.255.2551111xxxx
02
Reference

Reserved Private Ranges

Some address blocks never leave the local network. RFC 1918 carves out three private ranges for internal use, and additional blocks handle loopback and auto-configuration.

DesignationRangePurpose
Class A10.0.0.0 to 10.255.255.255Large internal networks (RFC 1918)
Class B172.16.0.0 to 172.31.255.255Medium internal networks (RFC 1918)
Class C192.168.0.0 to 192.168.255.255Home and small office (RFC 1918)
Localhost127.0.0.0 to 127.255.255.255Loopback to this machine
Zeroconf169.254.0.0 to 169.254.255.255APIPA and Bonjour auto-config
03
Definitions

Terminology

Two terms come up constantly when reading or writing IPv4 access policies. They are easy to confuse, so anchor them now.

// Definition

Wildcard Mask

Indicates which parts of an IP address are available for examination. Used heavily in ACLs and OSPF. The wildcard mask is the bitwise inverse of a subnet mask.

// Definition

CIDR

Classless Inter-Domain Routing. Replaces legacy classful addressing with bit-level granularity. Notation is expressed as /XX where XX is the number of network bits, like 192.168.1.0/24.

04
Walkthrough

Binary to Decimal

Every dotted decimal address is four 8-bit binary numbers wearing a friendlier disguise. The example walks through 172.16.254.1.

172
1010 1100
16
0001 0000
254
1111 1110
1
0000 0001
1 byte = 8 bits · 32 bits total (4 octets × 8 bits)
05
Reference

Decimal to Binary: Mask Values

A subnet mask only takes nine possible values in any one octet. Memorize these and the binary math becomes pattern recognition.

SubnetBinaryWildcardBinary
2551111 111100000 0000
2541111 111010000 0001
2521111 110030000 0011
2481111 100070000 0111
2401111 0000150000 1111
2241110 0000310001 1111
1921100 0000630011 1111
1281000 00001270111 1111
00000 00002551111 1111
Hands-On

Interactive Labs

06
Lab 01

IP Inspector

Type any IPv4 address. The inspector reveals its class, reserved status, leading bit pattern, governing RFC, and full binary breakdown.

ipv4-inspector.sh 0x0001
Live

Try the example addresses or type your own. Press Enter or click Analyze.

192.168.1.42 10.0.0.1 127.0.0.1 169.254.99.7 224.0.0.1 8.8.8.8
07
Lab 02

Bit Toggler

Click bits to flip them. The decimal updates instantly. The place values are printed beneath each bit so the binary math stays visible.

octet-builder.bin 0x0002
Live

Each row is one of the four octets. The leftmost bit is the 128s place, rightmost is the 1s place.

08
Lab 03

CIDR Visualizer

Slide the CIDR prefix. The 32-bit ribbon shows network bits in gold and host bits in red. Subnet mask, wildcard mask, and usable host count update live.

cidr-prefix.calc 0x0003
Live

The slider moves the boundary between network and host bits. Watch all three outputs change together.

/24
Network bits Host bits
Subnet Mask
255.255.255.0
Wildcard Mask
0.0.0.255
Usable Hosts
254
09
Lab 04

Class & Range Quiz

Identify the class or reserved status of randomly generated addresses. Score and streak update on the page.

classify.quiz 0x0004
Live
Correct0 Attempted0 Streak0