Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
Employee Employee
Employee

IPCALC on CLI

This migt be old news for some but definitely new news for myself Smiley Happy

Ever wondered to quickly calculate network address, broadcast or mask from a host? Usually it's the online ipcalc but it actually lives in your GW. Good for scripting etc.

## SHOW MASK
[Expert@vsx]# ipcalc -m 190.160.3.100/28
NETMASK=255.255.255.240

## SHOW NETWORK ADDR
[Expert@vsx]# ipcalc -n 190.160.3.100/28
NETWORK=190.160.3.96

## SHOW BROADCAST ADDR
[Expert@vsx]# ipcalc -b 190.160.3.100/28
BROADCAST=190.160.3.111‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍
7 Replies
AlekseiShelepov
Advisor

I always used netcalc websites to verify mask and network address!

Commands can look like all-in-one:

# ipcalc -nmbp 192.168.1.34/28
NETMASK=255.255.255.240
PREFIX=28
BROADCAST=192.168.1.47
NETWORK=192.168.1.32

It works on Gaia and Splat, but not on IPSO.

Kaspars_Zibarts
Employee Employee
Employee

had to learn it after 15 years of using ipcalc online haha

Oliver_Fink
Advisor
Advisor

I used ipcalc (different program) on my local Mac for years not knowing that it also exists on the firewall gateways.  😕

0 Kudos
Danny
Champion Champion
Champion

Looks like you stumbled upon Yuri Slobodyanyuk's blog post: Subnet calculator in Checkpoint – yurisk.info 

0 Kudos
Gary_Lipets
Participant

A colleague of mine wrote a python script on a similar topic, the argument it expects is an output of "ifconfig -a" on a firewall. You will get all the locally attached subnets on the firewall, this might be useful to give to your vulnerability scanner to be able to scan all the DMZ's off the firewall

/////////////

#!/usr/bin/python

import sys

input_name = sys.argv[1]

with open(input_name, "r") as f:
contents = f.readlines()

for i, item in enumerate(contents):
if "inet addr:" in item and "Mask:" in item:
interface = contents[i - 1].split()[0]
cidr = 0
ip_octets = ((item.split("inet addr:")[1]).split()[0]).split(".")
subnet_mask_octets = ((item.split("Mask:")[1]).split()[0]).split(".")
for j, item in enumerate(subnet_mask_octets):
if item == "255":
cidr += 8
continue

elif item == "254":
cidr += 7

elif item == "252":
cidr += 6

elif item == "248":
cidr += 5

elif item == "240":
cidr += 4

elif item == "224":
cidr += 3

elif item == "192":
cidr += 2

elif item == "128":
cidr += 1

octet_number = j
octet_value = 256 - int(item)
break

ip_octets[octet_number] = str(int(ip_octets[octet_number]) // octet_value * octet_value)

for j in range(octet_number + 1, 4):
ip_octets[j] = "0"

print "%s/%s %s" %(".".join(ip_octets), cidr, interface)

////

0 Kudos
PhoneBoy
Admin
Admin

Had no idea we had that utility on Gaia.

Quite useful Smiley Happy

Kaspars_Zibarts
Employee Employee
Employee

Haha great, then I don't feel left out..

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events