# Heuristics of subnet guessing in Software Defined Networks(SDN)

• Last Updated : 30 Sep, 2021

Overview :
To guess the subnet for a given IP address, there are 3 basic heuristics that will be used in Software Defined Networks Algorithm. The three heuristics are as follows.

1. Subnet guessing using broadcast ping
2. Subnet guessing from a cluster of address
3. Guessing valid address in a domain

Let’s discuss it one by one as follows.

Heuristic-1 :
Subnet guessing using broadcast ping –
Ping is a command which is used to validate the IP address. Broadcast ping is a command which is also used to validate the IP address but it receives multiple responses from IP present in the subnet. This heuristic uses both ping and broadcast ping.

Procedure –

1. Ping the given IP address first, to validate it.
2. If validated, then use mask length from 31 to 7 one by one to get the subnet for a given IP address.
5. If multiple responses are received from this IP, then Ping these broadcasted  IP addresses to validate it.
6. If it is validated, then that is the subnet mask for a given IP address. So return that mask length.
7. Else continue with different mask lengths.

Heuristic-2 :
Subnet guessing from a cluster of addresses –
It differs from heuristic 1 in the way that it uses a cluster of IP addresses to find the subnet number. Bitwise AND is used in this heuristic to find the subnet number approximately since all four address spaces share the same common prefix. Bitwise OR is used next to guess the exact subnet number and subnet mask.

Procedure –

1. For a cluster of valid IP addresses, do bitwise AND for those IP addresses.
2. The answer of the bitwise AND is the approximate subnet number.
3. Then do bitwise OR  for those IP addresses to exactly find the subnet number.

Heuristic-3 :
Guessing valid address in a domain –
As with heuristic 1, this heuristic also uses only one IP address to find the subnet number but with the difference in the procedure. Ping command is used here to discard the invalid IP address.

Procedure –

1. Ping the given IP address to validate.
2. If pinged successfully, then add the next N consecutive IP  address to the temporary set.
3. If the address ends in (1,63,129, 193) then add N random address with the same prefix to the temporary set.
4. Then another IP address from the temporary set is taken and step1 is repeated.
5. All the address spaces are populated by this heuristic
6. Then from the addresses in the temporary set, the subnet number is found.

Note :

1. N value is high –
All live hosts are found but also with invalid addresses.

2. N value is low –
Most guesses are valid but not all hosts are found.
My Personal Notes arrow_drop_up