another IP addressing question

hi guys..
i wrote here a while back when i had confusion over ip addressing..
i have another question now, i hope u can help, its probably something very simple that im confusing for myself anyway..
u see, the last time, i was confused that when i typed in "ipconfig /all" on my laptop, i got a private ip address (192.x.x.x) and when i used a website to find my ip address (whatismyipaddress.com) i got a public address (116.x.xx.). now i know that its my router that assigns my private address and uses NAT etc.. which is why im confused now... at my college, i use the wireless connection here... now when i type "ipconfig /all" i see my ip address as a public address (135.1.2.46). i thought, ok fine..theyve assigned me a public address directly..then i go to www.whatismyipaddress.com and i find that my IP address there is 116.12.143.210..another public address, a different one...wats going on here? hope someone can help me, thanks a lot!

 

how do you know thats not an address their system assigned?

private network address arent limited to 192.xxx.x.x

at work ive assigned the network to be 10.x.x.xx

 

The address you got from whatismyipaddress.com is the internet router's address of your college, which is a Class A IP address (116.12.143.210)

135.1.2.46 is the local IP address given to you, which is a Class B mainly used for campuses and large networks.

Do a tracert to www.google.com and it will go from your IP address to the internet router then out to the web.

Class A is used for jumbo networks (1.x.x.x - 126.x.x.x) which can accommodate millions of addresses.

Class B is used for medium-large sized networks. (127.x.x.x - 191.x.x.x) which have less IP's available than Class A

Class C is used for small LAN/Local uses (191.x.x.x - 223.x.x.x). This is why routers are commonly defaulted to 192.168.1.1

There are reserved IP address like 127.0.0.1 which is a loopback address. Quite useful for blocking stuff through DNS

and 255.255.255.255 is used to broadcast to all host addresses.

 

thanks a lot..so basically, the class B IP address is a kind of private IP address? are only class A IP addresses considered public?
EDIT: because, i thought only 192.x.x.x and 10.x.x.x are private addresess.. but then again, im not too sure about much of this..

 

Yes look at it this way. I have an ADSL modem connected to my wireless router.

My ADSL modem which is my gateway to the internet is assigned with an IP of lets say 112.213.212.03

My wireless router/LAN gives me an IP address of 192.168.3.15

When i try access the internet, it will go to my local router first > then through the modem > then out to the internet. See how i have 2 IP addresses? One is for WAN the other is for LAN.

Theres also something called Subnetting, it makes IP addressing more complex.

 

yup, got that ^^.. so in my college case, where they use class B addresses, is that like a private address, like the 192.x.x.x that my home router gives me? coz i thought private addresses are only 192 and 10.x.x.x...? if this is not the case, how are public IP addreses defined? thanks!

 

Hmm..If I'm not mistaken:

Private IPs:
Class A - 10.0.0.0 to 10.255.255.255
Class B - 172.16.0.0 to 172.31.255.255
Class C - 192.168.0.0 to 192.168.255.255

The rest of the IPs are public.

Found the wiki --> http://en.wikipedia.org/wiki/Private_network

 

Yes thats correct. So if another notebook connects to your college, it will be given a different local address but it will have the same Internet IP since it is being shared.

Yes something like that. Im not very good with the specifics..

 

thanks again...so the local address assigned can be a public IP address? coz, correct me if im wrong, but the 135.x.x.x range is in the public range, right?

 

Your school is probably big enough that it made sense for them to register a set of public IP addresses for use on their network (and they probably did it so far back in time that getting a big block of public IPs for internal use was still feasible). So when you're on the school's network, you're being assigned an IP out of the pool of available public IP addresses they have.

On the other hand, it could be the case that your school has just decided to use a set of private IP addresses that's within the range of public IP addresses - according to the IP protocol, doing that is "illegal" (i.e., not within the compliance scope of the protocol); however, so long as the school makes sure that it's use of those IPs without registration doesn't get beyond the school's own internal network, it won't make any practical difference.

For example, given that you have a router with NAT capabilities sitting between your computer and the rest of the world, you could assign your internal subnetwork a set of IP addresses that happened to be within one of the public ranges (provided your router would accept that IP assignment - I'm sure that many routers are programmed not to issue anything other than private IPs), and it wouldn't cause any problems because those IP addresses would never get beyond your router, and the outside world would continue to see only the registered public IP address your ISP assigned to you.

In terms of the IP address you "see" from the outside, that's almost certainly the public IP address of the proxy server your school runs everything through if it's going to, or coming from, the internet. In this respect, your school's proxy server is more or less doing a function similar to (but not the same as) that done by your own router - filtering internet traffic and mapping external IP addresses to internal IP addresses.

 

ah! thanks a lot for that explanation ^^
the second part especially made sense to me...however ur first explanation, about the school registering a set of public IP addresses...if a computer was assigned one of these, then why would it need to be mapped to another public IP address? or are u saying that it is not mapped onto another IP address, but the other IP address im seeing is the proxy server's? sorry for the bunch of questions! thanks

 

It wouldn't "need" to be mapped to another public IP, but the school may be doing that so that it can run everything through a proxy server as a means of protecting its network from intrusions and whatnot.

If the school has had a network using the TCP/IP protocol for a long time (say, since the 70s), then it's entirely possible that they just signed up for a big range of public IP addresses when they were setting up their network because back then it was more or less assumed that the current set of IPv4 addresses (i.e., addresses in the form www.xxx.yyy.zzz, where each triplet is a decimal number between 0 and 255) would be all that was needed for the very long foreseeable future, so there was no thought given to an institution like a university that wanted to register a whole bunch of public IP addresses for its own internal use.

 

oh ok.. so the IP address that is seen from outside, from whatismyipaddress.com etc, is the proxy server's IP, basically? or does the client computer's public IP address need to be mapped to another public address before it can go thru the proxy server? thats my last question. thanks a lot

 

The IP address you see from the outside would be whatever computer is the last link in the chain going from your computer, through the school's network, and out to the internet. Odds are it's the IP address of the proxy server and that there's just the one proxy between you and the internet, but there could be other systems. One way to tell is to run a tracert from your computer when it's connected to the school's network out to an external IP (such as, say, google); provided your school's network admin hasn't shut down the ability to ping on the network, you should get a set of data back showing each router the app encountered on its trip from your computer to whatever IP address you traced to, and you should be able to identify the system that's assigned the public IP address you're seeing from the outside.

 

thanks a lot for ur help,much appreciated!
does this also apply to home internet networks? say, when my router assigns me a private address and uses NAT to map it to a public address...is this the public IP address seen from outside, or are there proxy servers etc used by the ISP? i guess this could depend on each ISP?

 

That would, of course, depend on the particular ISP. My guess, though, would be that if the ISP is interposing a proxy server between your modem and the internet, that they would have assigned you a private IP address instead of a public IP address.

Again, this is something you can check out by doing a tracert from the commandline.

Basically, what tracert does is send out ping packets with the so-called time-to-live (TTL) value set initially at 0, and incremented by one each time the utility gets back a packet-discarded message. What happens under the TCP/IP protocol is that, in order to prevent the internet from being flooded by constantly circulating packets that cannot find their destinations, each packet comes with what amounts to an exiration date on it. Each time a router or other gateway device receives a packet, it lowers the TTL value by one before passing the packet on to the next network. Once the TTL value hits 0, the router receiving it discards the packet if the destination IP address isn't on the router's own subnetwork, and the router then sends a packet-dropped message back to the machine from which the packet originated.

That message-dropped packet, of course, contains the identifying information on the router/gateway that discarded the packet. What the tracert utility does, basically, is map the number of routers between its local machine and the destination machine by sending out packets with a TTL that slowly increases so that each router along the way, starting with the first one, will drop the packet and send back a dropped-packet message with that router/gateway's identifying information, which tracert keeps track of.

By doing that, tracert essentially builds up a map of every router sitting between its local machine and the destination machine, and that's the result you get back if you run tracert on a particular IP address.

In your case, if you run tracert on, say, google, you'll see your own internal router, any router(s) your ISP uses, several other routers on the internet, and then googles router(s), ending with the destination machine. From that, you should be able to identify each router that belongs to your ISP, along with the IP addresses of those routers, and from that you should be able to determine if what you're seeing from the outside is actually your own ISP-assigned IP address, or the IP address of one of the ISP's proxy servers.

 

thank u so much ^^ i ran a tracert on google.com and i saw my router's ip, and several from my ISP, several nameless ones (internet ones, i guess) and google's... and none of the ISP's addresses were the one i got from whatismyipaddress.com, so my isp does not use any server in between me and the internet... im gonna do this in college too! thanks a lot

 

argh, just when i thought i understood it all, i suddenly noticed that on whatismyipaddress.com, it says
Proxy server detected!
Proxy Reports IP as: 116.15.84.190

Proxy Server IP address: 220.255.7.192
Proxy Server Details: 220.255.7.192

this is on my home network.. and i cant find the 220.x.x.x address that is supposedly my proxy server, on my tracert report.. could this be an error by whatismyipaddress.com? coz they say they attempt to detect proxy servers by running some tests, maybe they got it wrong? thanks!

 

Ahh, that's because the real world is much, much too complicated to try and explain all at one go - it is possible for a proxy server to be set up so that the server's clients - e.g., you - do not "see" the proxy server, as briefly discussed in the Wikipedia article subsection on intercepting proxy servers.

So, unfortunately, it is possible for your ISP to set up a proxy server that is invisible to you when you're looking from the inside out.

However, these servers may often be like a one-way glass - transparent in one direction but visible in the other. As a result, it can often be useful to try and view the perspective from outside, by, e.g., running a tracert from a third-party website such as DNS Stuff's free DNS tools.

Based on the two IPs you posted - 116.15.84.190 and 220.255.7.192 - a tracert from DNSStuff.com gets to your IP 116.15.84.190, although it states that your router doesn't respond to the ICMP packet, which is generally the better way to set up a personal router. The link to that tracert result is here: http://private.dnsstuff.com/tools/tracert.ch?ip=116.15.84.190

The tracert result to the other IP is here: http://private.dnsstuff.com/tools/tracert.ch?ip=220.255.7.192&detail=1

Basically, it doesn't get anywhere, and the tracert packets don't actually ever make it to the target. That indicates that the proxy server whatismyipaddress found is - if it actually exists, because one can never be 100% sure - probably a one-way server that accepts only outgoing connections, not incoming; your incoming packets seem to get bounced through a number of routers/gateways with IPs beginning 202.166, which are, in all probability part of your ISP's network in Singapore. That being said, one or more of them could also be doing content filtering along the way - I have no way of knowing based on the little poking I've done.

Hmm, funny; while I was typing, I ran a tracert on your IP several times, and I just saw your Singapore ISP pull one of their servers out of rotation - the first time I did tracert, the first Singapore-based machine was 202.166.126.126, followed by 202.166.126.209, 202.166.124.250, and202.166.121.22. Just now I did three more tracerts, and this time the chain I get (for all three) is: 202.166.126.126, 202.166.126.157, 202.166.124.250, and 202.166.121.22.


Something else that's interesting; I did a quickie google on detecting proxies, and came up with a website that has a listing of known public proxy servers in Singapore - the list doesn't have the one you seem to be going through, but it does have two that appear to be related, with IPs that both begin 220.255 - perhaps you've found a not-so-public proxy server in Singapore. That certainly suggests that whatismyipaddress.com may have gotten it right about there being a transparent, one-way proxy through which all of your outgoing packets are passing.

 

hmmm.. thanks so much for ur time, firstly..
secondly..this has got so much more complicated from my first question! but then again, i wanna learn, so i guess its good.. so, for me to clarify, let me talk in two points of view...if there is a proxy server or not..
if there is no proxy server, then its pretty simple.. my router maps my private IP to a public IP and the 116.x.x.x ip that the website shows is my assigned public IP address.. the tracerts from the third party site not showing the proxy servers address make sense

if there IS a proxy sever... then does this mean that the 116.x.x.x address is the proxy serverr's address, or has that site detected my IP address THRU the proxy server? coz if this is the case, then going back to my campus network: shouldnt the website have detected my computer's IP address thru the proxy address? coz if u recall, my original question was, how come my ipconfig /all showed that my IP address was 135.x.x.x and whatismyipaddress showed 116.x.x.x. coz we kinda assumed that the the first address was my comp's IP and the second was the proxy servers, thats why there's 2....so thats a tad confusing again..
i understand that if there IS a proxy server, it cant be detected by my tracerts coz its transparent from this end, and it cant be detected by the third party tracert that u tried, coz its accepting only outgoing..correct me if im wrong

oh and finally..the DNS stuff website says "Your IP: 220.255.7.182 [116.15.84.190]"

the bold part is now the important part of my question again.. coz i understand that there could be a proxy server or could be not, on my home network, and its kinda hard to be sure coz there maybe a transparent server that we cant detect.. but my original question just got a bit more confusing

sorry if im being a total pain in the thanks again

 

From what I see, and what you've reported, it sounds like your ISP assigned you a public IP address, but that, at least for some of your traffic, your packets are being routed through a transparent proxy router.

More likely than not, what you're actually seeing is one of the internet filtering proxies used by the Singapore Media Development Authority. According to this article from the OpenNet Initiative, Singapore does filter for content, although it is apparently neither pervasive nor particularly intrusive.

One way to find out would be to connect to a web server that you know is located within Singapore (which would make it much less likely that such packets would be passed through a content-filtering proxy, since there would be more direct means for making sure that a Singapore-based web server did not contain objectionable material) and see what that web server reports your IP address as.

In terms of your school's network, I am pretty comfortable that the school would not assign IP addresses to each individual machine on their internal network that were supposed to be used to access internet resources outside the school's network - doing that would be too insecure and put too much of a strain on the school's network. It's much easier for everything to pass through one or a few dedicated proxy servers that act as the sole gateway between the school's internal network and the rest of the world.

So, at school, the IP address that's actually assigned to your computer for the school's network will be the IP address that shows up when you run ipconfig /all, and the school's proxy server IP address should be the one starting 116.

The 220.255.7.182 IP address is almost certainly the IP address of a proxy server that is supposed to be transparent (i.e., neither client nor host - you or the website you're surfing to - is supposed to detect it) and in all likelihood is one of the servers the MDA uses to filter content. That would explain why, typically, it doesn't show up; however, since even transparent proxies leave some trace fingerprints, more sophisticated websites will be able to detect them, which is probably what the sites whatismyipaddress.com and dnsstuff.com are doing.

 

thanks again! and sorry for not replying earlier...
yeah, ur right, it makes a lot of sense that the proxy is used as a filter.. some sites are definitely blocked by the singapore MDA. however, whatismyipaddress can detect my IP address because the filtering proxy server is transparent, right?

ok, at school.. yes, it makes a lot of sense again, wat u just said.. but my question is.. the IP address assigned to my computer is a public IP.. it can be a private IP address too, to connect to a proxy server, right? or, as someone mentioned in an earlier post, have they assigned some addresses in the public range, as private addresses in the school network? coz like u say, the school wouldnt assign individual public addresses, especially not if theyre going thru the proxy server anyway... thanks again!

 

To answer briefly, yes, if your school is passing all out-bound traffic through a proxy server, the IP address assigned to your computer for use within the network that's being screened by the proxy can be either public or private.

As a hypothetical example, a typical network that has controlled access only to the internet passing through a single proxy server, within the network all IPs could be in the range 192.168.1.1 - 192.168.1.255, and the proxy server could have a single public IP, say 74.23.11.242 (hey, if that IP actually belongs to someone, sorry, I was just making it up off the top of my head), and whenever the computer with, say, IP 192.168.1.231, went to a website, the website's server would see only the proxy server's public IP address, as well as the destination port on the proxy server that's being used to service the internet traffic for IP 192.168.1.231. The webserver would never see the IP 192.168.1.231 because that's hidden behind the proxy server.

However, for use strictly within my hypothetical network, the admin could just have easily assigned IPs from the range 74.125.45.1-255 (which, coincidentally, is the range that contains the google IP that my DNS currently resolves), which is a public range and could not be used publicly without being assigned by the internet IP authorities; however, if the use is strictly internal, no assignment or permission is needed.

 

thanks a LOT! i really appreciate ur detailed responses, no matter how many questions i had.. much obliged!

 

You're most welcome.