How to Find IP Addresses on a Network and Monitor their Usage

Experts predict that by 2025 we’ll have more than 75 billion connected devices, a number almost triple that recorded in 2019. With networks becoming far more dynamic and complex than ever before, the ability to find IP addresses on the network is essential.

As well, people are connecting to company networks with an ever-increasing number of devices, leading to increased risk not only in security but also in maintenance and management.

There’s also the matter of people connecting to company networks with personal devices. According to Bitglass’ 2020 Bring Your Own Device Report, nearly 85% of companies allow their employees to use personal devices on their networks. Security isn’t keeping up either, with 63% of respondents saying they were worried about data leakage, 53% concerned about unauthorized access to data, and 52% concerned about malware infections.

Even in this environment, network administrators are still expected to ensure the health and security of their network. While it’s certainly challenging, it’s not an impossible task. It starts with being able to find IP addresses on the network effectively.

What is an IP address?

An Internet Protocol (IP) address is a 32-bit number used to identify a device or a network (IPv4 is 32-bit while IPv6 is 128 bits, but let’s focus on IPv4 for now). In its simplest, when you connect to a network, the IP address associated with your device allows you to send and receive data with other devices on that network or across the internet.

Let’s say you want to access a specific website. The first thing you’d do is enter a URL into your browser, which queries your domain name server (DNS) to find the IP address associated with that website. This enables your device to find and connect to the relevant website by its IP address.

IP addresses are in Layer 3 (the network layer) of the Open Systems Interconnect (OSI) model. This layer takes care of data routing and transmission from one network to another. It selects the shortest possible path from one host to another on different networks. It also identifies whether the packet is destined for the local host, a different host on the local network, or a different network altogether, and in this case it does the necessary routing to the address contained in the frame.

While IP addresses need to be unique in a network, they are not always tied to a specific device. IP addresses can be set manually (called a static IP), or can be set dynamically using a protocol such as DHCP.

The importance of IP addressing in networking

IP addresses let us build complex networks that don’t require devices to be directly connected. That’s because IP addresses are broken into two components, the network address and the host address, enabling network engineers to design networks without needing to worry about the specific addresses of every host.

When a network is designed, a network engineer has to define the subnet mask, which decides how many of the available 32-bits will represent the network address, and how many of the bits will represent the host address.

It’s similar to sending a piece of mail. The post office first sorts the mail based on a zip code (the network), then as the mail gets closer to the destination, it further sorts the mail based on the street address (the host). Sorting millions of pieces of mail by street address alone wouldn’t be scalable, as you’d have a post office in New York City sorting mail destined for an address in Los Angeles.

As a device is making routing decisions, it will leverage the subnet mask to determine whether an IP address is in the same network as the current device, or if it is in a different network.

Classful vs. classless addressing

The topic of network address and host address can be tricky, and warrants a bit more discussion. To help, let’s start with the difference between classful and classless addressing.

Classful addressing

IPv4 addresses consist of two elements: the network address, or network ID, and the host address, or host ID. Classful addressing splits all available IPv4 addresses into “classes”, each class containing a fixed number of address blocks. Each address block contains a fixed number of available hosts.

The “class” determines how much of the IP address’ 32-bits are allocated to the network ID: Class A uses 8-bits, Class B 16-bits, and Class C-24 bits.

So what does this mean? Why bother with different types of IP classes? Largely, it comes down to how many individual addresses your network needs. The fewer the bits an engineer allocates to a network prefix, the more individual addresses would be available (but the fewer the blocks). While Class A may have only 128 blocks available, each of those blocks has over 16.7 million available IP addresses. In theory, this would have been great for large businesses or even entire countries, but some practical limitations apply (see: broadcast domain). On the other hand, there are more than 2 million Class C blocks available, but only 256 addresses in each.

Example of an IP address table
The main problem of the classful addressing approach was that it either leads to wasted addresses (far more than you need), or blocks of addresses that are too small. At only 32-bits, IPv4 hit a numerical limitation: there just wasn’t enough flexibility with the number and size of each address block to serve the hundreds of billions of devices looking to connect to the internet anymore.

Classless addressing

The limitations of this addressing system led to the development of the classless approach, or the Classless Inter-Domain Routing (CIDR) system. Classless addressing does away with the fixed number and size of address blocks, and allows IPv4 addressing to scale thanks to dynamic network sizing.

Bits customarily allocated to the address’s host portion can now also be used to extend the network component. In essence, classless makes it possible to size IP address blocks to the network’s specific needs, making classful addressing obsolete.

This can sound complex, so let’s use an example. A network admin needs to create a network with 300 addresses. Under a classful addressing system, they would technically require a Class B block, as a Class C block with 8-bits for the host address would only provide 256 addresses – not enough. And while a Class B network with 16-bits for the host address would enable them to have the 300 IP addresses they need, it would throw away 65,000+ addresses that would never be used.

With classless addressing, the network admin can instead set aside 9-bits for the host address, leaving 23 bits for the network address, so that a total of 512 addresses would be available. While it is a little more than the 300 addresses they need, it minimizes waste and maximizes the number of network addresses available.

How to assign IP adddresses

IP addresses can be static or dynamic. A static IP address is one that is manually assigned to a device and typically never changes. A dynamic IP address is automatically assigned to a device from a pool of available IP addresses as it connects to a network. Both static IP addresses and dynamic IP addresses have their place in a good network design.

If you’re opting for static IP addresses, that means that you’ll assign each device a specific address that will belong only to it. It won’t change with a server update, a router reboot, or anything else. The advantage here is you’ll always know what device is associated with that specific IP address.

In some cases, static IP addresses can be helpful. If you want to make sure that everyone can access a printer, server, or other shared resources at all times from any device, a static IP address is a good option.

You’ll also definitely want to ensure all of your network devices have static IPs.

Static addresses are also a good choice if you’ll be using devices that aren’t compatible with DHCP, if you want to avoid issues a problematic DHCP server can cause, or if you want better network security.

However, manually allocating static addresses to each device can be a massive undertaking if you have a large network. You also have to consider guest devices and how it would slow everything down if you had to allocate an IP to each one manually. Compatibility issues are also likely to arise, so relying solely on static addresses is not advisable.
To solve this scalability issue, a Dynamic Host Configuration Protocol, or DHCP, automatically allocates IP addresses to devices as they connect to the network. The advantage here is an administrator doesn’t have to oversee the process. The DHCP server can assign a unique IP address, a subnet mask, a gateway address, and other information to every device. It requires less administrative intervention and can be easily scaled.

There are also potential disadvantages, too. Since a different IP address can be allocated to the same device every time it connects, connectivity issues that could be resolved by always knowing the IP address will take longer. You’ll want to ensure you have solid tracking of IP addresses in your network, or look to leverage a network discovery and documentation tool to automate this process.

The right answer for most networks is to use a hybrid system, where most addresses are dynamic, but you have a few static ones for network devices, printers and other critical devices. As you’re setting up your DHCP server, you’ll want to ensure that your DHCP address pools do not overlap with any of your static IP addresses – or you’ll run into duplicate IP addresses in your network, which can cause a bit of mayhem!

How to find all IP addresses on a network

Effective IP address management (or IPAM) starts with knowing how to find them all on your network. Having access to a complete list of IP addresses and the devices they’re allocated to can be beneficial when attempting to resolve connectivity issues.

If you’re looking for a specific IP address, the simplest way to discover that device is to use the ICMP ping command. Typing in “ping ” with the address you are looking for will let you know whether the device is on the network and responding to pings.

Now, you can leverage the ARP command, “arp -a” to determine the MAC address associated with that IP address.

But what if you want to find all the devices on your network?

First, you can leverage the ping command to send out a ping request to a broadcast address. For example, if you wanted to discover all the IPs connected to the 192.168.1.0/24 network, you can type:

> ping 192.168.1.255

Then, leveraging the ARP table (“arp -a”), you can see all the devices that responded to that ping request. There are some limitations to this approach, though, as not all devices respond to pings on the broadcast IP address.

Another tactic is to simply script pings to a specific subnet. For *nix and Mac OSX machines, you can type (replacing 192.168.1 with your network):

> for ip in $(seq 1 254); do ping -c 1 -W 1 192.168.1.$ip | grep "ttl"; done

On a Windows device, it would be similar to:

> FOR /L %i IN (1,1,254) DO ping -n 1 192.168.1.%i | find /i "TTL"

In either case, you’ll get replies from all devices in that subnet, and can then leverage the ARP table (command “arp -a”) to find their MAC addresses. With this info, you can use the forward table on your network switch or leverage your network discovery software to pinpoint the specific switch port that the device is connected to — a valuable bit of info to have.

Keep in mind that this approach is best used for smaller networks or if you’re in a real hurry and need to do a one-time check for a particular device. If you’re looking to discover IP addresses on networks of any substantial size, you’ll want to use an automated discovery tool, like a network scanner.

Why is a network scanner useful?

Attempting to manually track down an IP address on a large network is a challenge. It’s practically impossible in corporate networks that have endless dynamic IP addresses and random devices connecting to them constantly.

This is where a network scanner, or network discovery software, comes in. This type of IT network management software helps detect all the active devices on a network, and associates them with their respective IP. A network scanner can automatically scan and discover connected devices across all subnets as well.

Network visibility tools like automated network scanners offer a wide range of advantages. Regularly scanning the network allows you to identify the devices connected to your network at any time, and gather device information such as available services, the operating systems in use, potential risks, and more.

If you’re considering adding a network scanner, look to see which ones offer network infrastructure mapping as well. The visual context that granular network topology maps provide can really accelerate your troubleshooting process.

Regardless of your network’s size, if you want to find IP addresses on a network, the most efficient approach is to use a dedicated tool. The software will help reduce your workload and improve efficiency. It will also free you up to focus on more important, high-level tasks, rather than spending your time trying to figure out what IP address belongs to which device.

—-
Auvik provides cloud-based network monitoring and management, automating the discovery of IP addresses on your network. Get started now and have every IP address on your network documented in less than an hour.