# ============================================================================= # WUC Technologies — IPv4 Field Guide # CLI cheat sheet: Public IPv4 — RIR-allocated, internet-routable # Source: https://www.wuctechnologies.com/resources/field-guides/ipv4-address-analyzer/ # License: CC0 1.0 Public Domain (https://creativecommons.org/publicdomain/zero/1.0/) # Released: 2026-05-22 # # Any IPv4 address NOT in RFC1918 (10/8, 172.16/12, 192.168/16), CGNAT # (100.64/10), APIPA (169.254/16), loopback (127/8), multicast (224/4), # reserved (240/4), broadcast (255.255.255.255), TEST-NET (192.0.2/24, # 198.51.100/24, 203.0.113/24), or benchmarking (198.18/15) is public. # Allocated by ARIN, RIPE, APNIC, AFRINIC, LACNIC. # ============================================================================= # ----------------------------------------------------------------------------- # Identify the public-side address of a host # ----------------------------------------------------------------------------- # What the public internet sees: curl -4 -s https://ifconfig.me curl -4 -s https://api.ipify.org curl -4 -s https://icanhazip.com # What the host has on its WAN interface (may differ from above if behind NAT): ip -4 addr show $(ip route get 1.1.1.1 | awk '/dev/ { print $5; exit }') # Trace the path to a known public anchor: traceroute -n 8.8.8.8 mtr -n -c 50 1.1.1.1 # ----------------------------------------------------------------------------- # Identify the owner of a public IP (RIR / WHOIS) # ----------------------------------------------------------------------------- whois 8.8.8.8 whois -h whois.arin.net 8.8.8.8 # ARIN-specific query whois -h whois.cymru.com " -v 8.8.8.8" # Team Cymru — ASN + org in one line # ASN reverse lookup (where the prefix is announced from): dig +short AS15169.asn.cymru.com TXT dig +short -x 8.8.8.8 # PTR / reverse DNS # ----------------------------------------------------------------------------- # BGP-side inspection # ----------------------------------------------------------------------------- # Looking glass over HTTP — query an upstream's view: curl -s "https://stat.ripe.net/data/network-info/data.json?resource=8.8.8.0" # Via DNS (Team Cymru): dig +short -t TXT 8.8.8.8.origin.asn.cymru.com # Locally with BIRD or FRR: # vtysh -c "show ip bgp 8.8.8.0/24" # ----------------------------------------------------------------------------- # Packet capture — public-only traffic (exclude all special-purpose ranges) # ----------------------------------------------------------------------------- sudo tcpdump -i eth0 -nn \ 'not (net 10.0.0.0/8 or net 172.16.0.0/12 or net 192.168.0.0/16 or net 100.64.0.0/10 or net 169.254.0.0/16 or net 127.0.0.0/8 or net 224.0.0.0/4 or net 240.0.0.0/4)' # ----------------------------------------------------------------------------- # Reachability check from multiple vantage points # ----------------------------------------------------------------------------- # Plain ICMP from this host: ping -c 4 8.8.8.8 # TCP-port reachability (firewall-aware): nc -vz 8.8.8.8 443 hping3 -c 3 -S -p 443 8.8.8.8 # DNS reachability: dig @8.8.8.8 example.com +short +tries=1 +time=2 # ----------------------------------------------------------------------------- # Geolocation (rough — DO NOT use for compliance) # ----------------------------------------------------------------------------- # Free services for ad-hoc lookups (each may differ): curl -4 -s "https://ipinfo.io/8.8.8.8/json" curl -4 -s "https://ipapi.co/8.8.8.8/json/" # For enterprise geolocation requirements, use MaxMind GeoIP2 against the # licensed database — never trust public lookup APIs for routing or compliance. # ----------------------------------------------------------------------------- # Egress policy — restrict outbound to specific public destinations # ----------------------------------------------------------------------------- # Allow outbound only to known-good public destinations: sudo iptables -A OUTPUT -d 8.8.8.8 -j ACCEPT sudo iptables -A OUTPUT -d 1.1.1.1 -j ACCEPT sudo iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT # internal sudo iptables -A OUTPUT -j DROP # ----------------------------------------------------------------------------- # Bogon filtering — drop sources that should never be public # ----------------------------------------------------------------------------- # Inbound from RFC1918, CGNAT, loopback, multicast, reserved, etc., is # spoofed by definition if arriving on a public interface: for net in 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 100.64.0.0/10 \ 169.254.0.0/16 127.0.0.0/8 224.0.0.0/4 240.0.0.0/4 \ 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24 0.0.0.0/8; do sudo iptables -A INPUT -i eth_wan -s $net -j DROP done # ----------------------------------------------------------------------------- # Resources # ----------------------------------------------------------------------------- # IANA IPv4 Special-Purpose Address Registry: # https://www.iana.org/assignments/iana-ipv4-special-registry/ # Team Cymru bogon list (machine-readable): # https://team-cymru.com/community-services/bogon-reference/ # =============================================================================