Understanding IPv4:
As a penetration tester, networking knowledge is a must-have. At the core of networking is IP addressing, and IPv4 is still the most widely used version today. Understanding how IPv4 works will help you navigate networks, identify misconfigurations, exploit vulnerabilities, and avoid confusion when conducting recon or lateral movement.
What is IPv4?
IPv4 stands for Internet Protocol version 4. It’s a system that assigns addresses to devices on a network so they can communicate with each other. Every device connected to a network, be it a laptop, phone, router, or printer needs an IP address to send and receive data.
IPv4 uses a 32-bit address scheme, written in dot-decimal notation. For example:
192.168.1.1
Each of the four numbers (called octets) can range from 0 to 255. That’s because each octet is 8 bits, and 2^8 = 256 possible values (0–255). Now I don’t want to go to deep on each topic in this post.
If you’re feeling a bit lost or unsure about what’s going on, don’t worry, I’ve got you. I’ll leave a link here to a great video series by NetworkChuck that breaks down IP addresses and subnetting in a really easy-to-understand way. Definitely worth checking out:
How Many IPv4 Addresses Are There?
With 32 bits, IPv4 provides a total of:
2^32 = 4,294,967,296 addresses
That sounds like a lot, but with the explosion of devices worldwide, we’ve been running out for years. To help with this shortage, IP addresses are categorized into different classes and we also use private IPs internally.
IP Address Classes
IPv4 addresses are split into five main classes (A–E), but only Classes A, B, and C are used for host addressing(Class D and E are reserved for other things):
| Class | First Octet Range | Default Subnet Mask | Number of Hosts | Use Case |
|---|---|---|---|---|
| A | 1 – 126 | 255.0.0.0 | ~16 million | Large networks |
| B | 128 – 191 | 255.255.0.0 | ~65,000 | Medium-sized networks |
| C | 192 – 223 | 255.255.255.0 | 254 | Small networks |
| D | 224 – 239 | N/A | N/A | Multicast |
| E | 240 – 255 | N/A | N/A | Reserved (Research) |
Note: 127.0.0.0 to 127.255.255.255 is reserved for loopback (more on that later).
Knowing these ranges helps during recon when trying to identify what kind of network you’re dealing with.
Public vs Private IP Addresses
IPv4 is divided into public and private IPs. This helps conserve address space and adds a layer of network segmentation.
Private IP Ranges (RFC 1918):
| Class | Private IP Range |
|---|---|
| A | 10.0.0.0 – 10.255.255.255 |
| B | 172.16.0.0 – 172.31.255.255 |
| C | 192.168.0.0 – 192.168.255.255 |
Private IPs cannot be routed over the internet. They’re meant for internal use within networks (home, office, data centers). Routers and firewalls block them from being forwarded across the internet.
Public IPs
Public IPs are globally unique and routable on the internet. These are the IP addresses you see when you check your external IP from a browser. (Type “what is my IP address” in your browser)
Why Do We Have Both?
The main reason is address conservation. Not every device needs a unique public IP. Using NAT (Network Address Translation), multiple devices on a private network can share one public IP. I will have a seperate post on NAT.
As a pentester, it’s important to understand the difference:
- Public IPs are targets during external assessments.
- Private IPs are what you deal with during internal engagements or once you pivot inside a network.
Subnetting – Breaking Networks Into Smaller Pieces
Subnetting is the process of dividing a larger network into smaller sub-networks (subnets). It helps with better network management, improved performance, and enhanced security.
For example, a Class C network (e.g., 192.168.1.0) has 256 IPs. But maybe you only need 50 for your subnet. You can subnet it to smaller ranges like:
192.168.1.0/26 => 64 addresses (62 usable)
CIDR (Classless Inter-Domain Routing) notation like /26, /24, /16, etc., tells you how many bits are used for the network portion.
Practical Networking has an excellent video series on this topic. I highly recommend checking it out: Watch the series here.
As a pentester, you should know how to:
- Calculate the size of a subnet.
- Determine usable host ranges.
- Identify the network and broadcast addresses.
- Use this info to map out and target internal networks accurately.
Loopback Address – 127.0.0.1
The loopback address is:
127.0.0.1
It refers to the local machine. Any traffic sent to it never leaves your computer.
Use cases:
- Testing services running locally.
- Diagnosing local network stack issues.
You’ll often use this in exploitation labs and when testing things like local web servers (e.g., http://127.0.0.1:8000).
APIPA – Automatic Private IP Addressing
When a device fails to get an IP from a DHCP server, it assigns itself an IP in the following range:
169.254.0.0 – 169.254.255.255
This is called APIPA. It means the device tried DHCP and failed, but still wants to communicate with other devices on the same subnet using link-local addressing.
As a pentester, this can indicate:
- DHCP issues.
- Misconfigured systems.
- Isolation from the main network (a potential misconfigured segment).
Why Pentesters Need to Understand IPv4
- Reconnaissance: Knowing IP classes and subnets helps you scan more efficiently and understand how the network is structured.
- Pivoting: Once inside a network, private IP knowledge lets you identify internal targets and plan lateral movement.
- Exploitation: Knowing subnets and ranges helps you avoid detection and optimize attack paths.
- Avoiding Noise: You don’t want to scan public IPs by accident on an internal test—or vice versa.
- Privilege Escalation: You might find a misconfigured DHCP, NAT, or loopback service that gives you leverage.
Final Thoughts
IPv4 is the language of the network. Whether you’re scanning, pivoting, or enumerating targets, understanding how IP addressing works gives you an edge. It helps you move smarter, avoid detection, and identify weaknesses others might miss.