ipspace
what it is
ipspace is a tool that generates sequences of IPV4 addresses represented as unsigned 32-bit values in network byte order. These sequences appear 'random' in that they don't follow an obvious pattern:
$ ipspace d=192.168.1.0/24:0 | ntoa
192.168.1.37
192.168.1.21
192.168.1.141
192.168.1.117
192.168.1.109
...
To see IPs like we expect, we have to pipe the output of ipspace to ntoa, which converts the unsigned integers to human-friendly IPs.
If we run it again, we get a different sequence:
$ ipspace d=192.168.1.0/24:0 | ntoa
192.168.1.71
192.168.1.243
192.168.1.167
192.168.1.219
192.168.1.143
...
Since we are saying to generate a sequence for 192.168.1.0/24, we should be getting 256 IPs. Let's check:
$ ipspace d=192.168.1.0/24:0 | ntoa | wc -l
256
And they should all be unique. Are they?
$ ipspace d=192.168.1.0/24:0 | ntoa | sort -u | wc -l
256
Suppose you and your friend want to split up the work of scanning 192.168.1.0/24. Specify a key (an unsigned 32-bit value) and tell ipspace to split the range into 2 parts:
$ ipspace d=192.168.1.0/24:0:0xdead s=2
192.168.1.0/24:0:0xdead:0:0x7f
192.168.1.0/24:0:0xdead:0x80:0xff
ipspace gives you back two directives. You use one of these directives, and your friend uses the other.
$ ipspace d=192.168.1.0/24:0:0xdead:0:0x7f | ntoa | sort -u | wc -l
128
$ ipspace d=192.168.1.0/24:0:0xdead:0x80:0xff | ntoa | sort -u | wc -l
128
As you might expect, you and your friend are each doing half the space. Both sequences look random, but they don't overlap:
$ ipspace d=192.168.1.0/24:0:0xdead:0:0x7f | ntoa > stuff
$ ipspace d=192.168.1.0/24:0:0xdead:0x80:0xff | ntoa >> stuff
$ sort -u stuff | wc -l
256
If you want to be able to resume or split up a sequence, you need to specify a key. Otherwise, you can omit it. (A key will still be used internally, but it will be random.)
An ipspace directive looks like
base_ip:bits:repeat[:key[:offset_start[:offset_end]]]
-
base_ip
192.168.0.0, 24.0.0.0, etc.
-
bits
0-32, like CIDR notation.
-
repeat
Repeat when we get to the end of the sequence? 1 or 0 for on or off. This should be used when there is no key. If there is a key, you'll redo the sequence in the same order, which probably isn't good.
-
key
Any unsigned 32 bit value. Only needed when you want to be able to resume a sequence or split up a space.
If you want to be reminded of the parameters, do 'ipspace h'. If you don't specify any parameters to ipspace, it's waiting for directives on stdin, one directive per line. If you're not piping ipspace's output to an application that understands what to do with it, remember to pipe it through ntoa, or you will experience a crapflood.
why it is good
ipspace allows programmers to factor the IP generation code out of their programs and write their applications to read easy integer records. It also allows collaborators to split up work.
why it is being released
We are sure we made some mistakes and missed some details. We don't have time to work on it, but we want this code to improve and we want people to start writing applications that use it. Please take a look and find our bugs so that the code (and our brains) can get better.
misc
If you were to scan 0/0 (which we refer to as 'planetary mode') you'd waste time on 10/8, 192.168/16, and a lot of other reserved areas. Pipe the ipspace output through ianafilter to prevent these IPs from getting to your application.