# ============================================================================= # WUC Technologies — IPv4 Field Guide # CLI cheat sheet: RFC1918 private address space # Source: https://www.wuctechnologies.com/resources/field-guides/ipv4-address-analyzer/ # License: CC0 1.0 Public Domain (https://creativecommons.org/publicdomain/zero/1.0/) # Released: 2026-05-22 # Ranges covered: # 10.0.0.0/8 — 16.7M addresses (RFC 1918) # 172.16.0.0/12 — 1M addresses (RFC 1918) # 192.168.0.0/16 — 65K addresses (RFC 1918) # ============================================================================= # ----------------------------------------------------------------------------- # Linux — assign / inspect / remove an RFC1918 address (iproute2) # ----------------------------------------------------------------------------- # Show current addresses on all interfaces: ip -4 addr show # Show only RFC1918 addresses (10/8, 172.16/12, 192.168/16): ip -4 addr show | grep -E "inet (10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.)" # Add a static address to an interface (requires root): sudo ip addr add 192.168.10.5/24 dev eth0 sudo ip addr add 10.0.0.5/8 dev eth1 # Remove it: sudo ip addr del 192.168.10.5/24 dev eth0 # Bring interface up after configuration: sudo ip link set eth0 up # ----------------------------------------------------------------------------- # Linux — packet capture scoped to RFC1918 traffic (tcpdump) # ----------------------------------------------------------------------------- # All RFC1918 traffic in/out of eth0: sudo tcpdump -i eth0 -nn \ 'net 10.0.0.0/8 or net 172.16.0.0/12 or net 192.168.0.0/16' # RFC1918 traffic leaving the host (egress; useful for diagnosing accidental # leakage of internal IPs into public-facing flows): sudo tcpdump -i eth0 -nn -w /tmp/rfc1918-egress.pcap \ 'src net 10.0.0.0/8 or src net 172.16.0.0/12 or src net 192.168.0.0/16' \ 'and dst not in (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)' # ----------------------------------------------------------------------------- # Linux — scan an RFC1918 subnet (nmap) # ----------------------------------------------------------------------------- # Discover hosts on the local /24 (ARP-based, fast, no port probe): sudo nmap -sn 192.168.1.0/24 # Discover + service detection on the /24: sudo nmap -sV -T4 192.168.1.0/24 # Full RFC1918 sweep (slower; restrict to your actual allocation): sudo nmap -sn 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 # ----------------------------------------------------------------------------- # Linux — netfilter / iptables rules (NAT outbound, firewall, drop spoofed) # ----------------------------------------------------------------------------- # Drop inbound packets with RFC1918 source from the WAN interface (anti-spoof): sudo iptables -A INPUT -i eth_wan -s 10.0.0.0/8 -j DROP sudo iptables -A INPUT -i eth_wan -s 172.16.0.0/12 -j DROP sudo iptables -A INPUT -i eth_wan -s 192.168.0.0/16 -j DROP # Masquerade outbound from internal LAN (typical SOHO NAT): sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth_wan -j MASQUERADE # Allow established/related return traffic: sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # ----------------------------------------------------------------------------- # Linux — routing table inspection # ----------------------------------------------------------------------------- # Show routes (current iproute2 syntax): ip route show # Show only RFC1918 routes: ip route show | grep -E "^(10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.)" # Add a static route to a remote RFC1918 subnet via a gateway: sudo ip route add 10.20.30.0/24 via 192.168.1.1 # Test routability: ip route get 10.0.0.5 # ----------------------------------------------------------------------------- # Linux — quick subnet math (ipcalc / sipcalc) # ----------------------------------------------------------------------------- ipcalc 192.168.1.42/24 sipcalc 192.168.1.42/24 # alternative; richer output # ----------------------------------------------------------------------------- # Operational notes # ----------------------------------------------------------------------------- # - RFC1918 is NOT routable on the public internet. Any RFC1918 source/dest # leaving your edge router is a misconfiguration. # - Two organizations frequently collide on 192.168.1.0/24 during M&A. # When merging networks, plan a renumbering window before the cutover. # - 172.16.0.0/12 is the most under-utilized of the three; favor it for new # internal allocations to reduce collision surface. # =============================================================================