cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

IPCALC on CLI

This migt be old news for some but definitely new news for myself Smiley Happy

Ever wondered to quickly calculate network address, broadcast or mask from a host? Usually it's the online ipcalc but it actually lives in your GW. Good for scripting etc.

## SHOW MASK
[Expert@vsx]# ipcalc -m 190.160.3.100/28
NETMASK=255.255.255.240

## SHOW NETWORK ADDR
[Expert@vsx]# ipcalc -n 190.160.3.100/28
NETWORK=190.160.3.96

## SHOW BROADCAST ADDR
[Expert@vsx]# ipcalc -b 190.160.3.100/28
BROADCAST=190.160.3.111‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍
7 Replies

Re: IPCALC on CLI

I always used netcalc websites to verify mask and network address!

Commands can look like all-in-one:

# ipcalc -nmbp 192.168.1.34/28
NETMASK=255.255.255.240
PREFIX=28
BROADCAST=192.168.1.47
NETWORK=192.168.1.32

It works on Gaia and Splat, but not on IPSO.

Re: IPCALC on CLI

had to learn it after 15 years of using ipcalc online haha

Oliver_Fink
Nickel

Re: IPCALC on CLI

I used ipcalc (different program) on my local Mac for years not knowing that it also exists on the firewall gateways.  😕

0 Kudos
Danny
Pearl

Re: IPCALC on CLI

Looks like you stumbled upon Yuri Slobodyanyuk's blog post: Subnet calculator in Checkpoint – yurisk.info 

0 Kudos

Re: IPCALC on CLI

A colleague of mine wrote a python script on a similar topic, the argument it expects is an output of "ifconfig -a" on a firewall. You will get all the locally attached subnets on the firewall, this might be useful to give to your vulnerability scanner to be able to scan all the DMZ's off the firewall

/////////////

#!/usr/bin/python

import sys

input_name = sys.argv[1]

with open(input_name, "r") as f:
contents = f.readlines()

for i, item in enumerate(contents):
if "inet addr:" in item and "Mask:" in item:
interface = contents[i - 1].split()[0]
cidr = 0
ip_octets = ((item.split("inet addr:")[1]).split()[0]).split(".")
subnet_mask_octets = ((item.split("Mask:")[1]).split()[0]).split(".")
for j, item in enumerate(subnet_mask_octets):
if item == "255":
cidr += 8
continue

elif item == "254":
cidr += 7

elif item == "252":
cidr += 6

elif item == "248":
cidr += 5

elif item == "240":
cidr += 4

elif item == "224":
cidr += 3

elif item == "192":
cidr += 2

elif item == "128":
cidr += 1

octet_number = j
octet_value = 256 - int(item)
break

ip_octets[octet_number] = str(int(ip_octets[octet_number]) // octet_value * octet_value)

for j in range(octet_number + 1, 4):
ip_octets[j] = "0"

print "%s/%s %s" %(".".join(ip_octets), cidr, interface)

////

0 Kudos
Admin
Admin

Re: IPCALC on CLI

Had no idea we had that utility on Gaia.

Quite useful Smiley Happy

Re: IPCALC on CLI

Haha great, then I don't feel left out..