Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Authority
Authority

IPCALC on CLI

This migt be old news for some but definitely new news for myself Smiley Happy

Ever wondered to quickly calculate network address, broadcast or mask from a host? Usually it's the online ipcalc but it actually lives in your GW. Good for scripting etc.

## SHOW MASK
[Expert@vsx]# ipcalc -m 190.160.3.100/28
NETMASK=255.255.255.240

## SHOW NETWORK ADDR
[Expert@vsx]# ipcalc -n 190.160.3.100/28
NETWORK=190.160.3.96

## SHOW BROADCAST ADDR
[Expert@vsx]# ipcalc -b 190.160.3.100/28
BROADCAST=190.160.3.111‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍
7 Replies
Highlighted

I always used netcalc websites to verify mask and network address!

Commands can look like all-in-one:

# ipcalc -nmbp 192.168.1.34/28
NETMASK=255.255.255.240
PREFIX=28
BROADCAST=192.168.1.47
NETWORK=192.168.1.32

It works on Gaia and Splat, but not on IPSO.

Highlighted
Authority
Authority

had to learn it after 15 years of using ipcalc online haha

Highlighted
Collaborator

I used ipcalc (different program) on my local Mac for years not knowing that it also exists on the firewall gateways.  😕

0 Kudos
Reply
Highlighted
Champion
Champion

Looks like you stumbled upon Yuri Slobodyanyuk's blog post: Subnet calculator in Checkpoint – yurisk.info 

0 Kudos
Reply
Highlighted
Participant

A colleague of mine wrote a python script on a similar topic, the argument it expects is an output of "ifconfig -a" on a firewall. You will get all the locally attached subnets on the firewall, this might be useful to give to your vulnerability scanner to be able to scan all the DMZ's off the firewall

/////////////

#!/usr/bin/python

import sys

input_name = sys.argv[1]

with open(input_name, "r") as f:
contents = f.readlines()

for i, item in enumerate(contents):
if "inet addr:" in item and "Mask:" in item:
interface = contents[i - 1].split()[0]
cidr = 0
ip_octets = ((item.split("inet addr:")[1]).split()[0]).split(".")
subnet_mask_octets = ((item.split("Mask:")[1]).split()[0]).split(".")
for j, item in enumerate(subnet_mask_octets):
if item == "255":
cidr += 8
continue

elif item == "254":
cidr += 7

elif item == "252":
cidr += 6

elif item == "248":
cidr += 5

elif item == "240":
cidr += 4

elif item == "224":
cidr += 3

elif item == "192":
cidr += 2

elif item == "128":
cidr += 1

octet_number = j
octet_value = 256 - int(item)
break

ip_octets[octet_number] = str(int(ip_octets[octet_number]) // octet_value * octet_value)

for j in range(octet_number + 1, 4):
ip_octets[j] = "0"

print "%s/%s %s" %(".".join(ip_octets), cidr, interface)

////

0 Kudos
Reply
Highlighted
Admin
Admin

Had no idea we had that utility on Gaia.

Quite useful Smiley Happy

Highlighted
Authority
Authority

Haha great, then I don't feel left out..