ETHICAL HACKING

OVERVIEW OF ETHICAL HACKING:

Ethical hacking is the legal and professional practice of testing computer
systems, networks, and applications. This is done to find and fix security
weaknesses before malicious hackers can exploit them. It involves using
hacking techniques, but with permission and a positive goal.
AIM:
The aim is to protect digital assets and improve overall cybersecurity.
Ethical hackers, often called white-hat hackers, are trained professionals who
simulate real-world cyberattacks. Their job is to think like attackers, simulate real-
world threats, and identify weak points that could pose a risk to sensitive
information and infrastructure. Ethical hacking plays a crucial role in:
 Strengthening an organization’s security posture.
 Ensuring compliance with cybersecurity standards.
 Building resilience against cyberattacks.
 Uses hacking techniques with prior approval from the system owner.

Key aspects of Ethical Hacking

 Reporting: Ethical hackers report back to the organization with the results of the
tests.
 Permission-Based: This permission becomes necessary to differentiate their job
from criminal hacking jobs
 Objective: The main goal is to find the holes before hostile attackers can
penetrate them. This includes discovering system, application, and network
vulnerabilities that an attacker could exploit.
 Methodology: Ethical hackers perform these steps using a variety of tools and
techniques, similar to criminal hackers. It includes scanning for vulnerabilities
testing to break in, and accessing control measures available.

Importance of Ethical Hacking

Ethical hacking contributes significantly to contemporary cybersecurity, ethical hackers
are able to identify and address vulnerabilities before they are exploited by simulating
the strategies and tactics utilized by cybercriminals. This proactive methodology serves
to:
 Enhance Security: Identify and address flaws to stop data breaches and
cyberattacks.
 Compliance: Meet security standards set by the industry and regulatory
requirements.
 Management of risk: Assess and reduce potential threats to the assets of the
organization
 Occurrence Reaction: Enhance the company's capacity to respond to security
incidents and recover from them.

Types of Ethical Hacking

Depending on the focus of the security testing, ethical hacking can be broken down into
a number of different categories:
 Hacking the network: involves testing the infrastructure of the network in order to
find flaws in the protocols, configurations, and devices of the network
 Hacking Web Applications: Centers around distinguishing shortcomings in web
applications, for example, SQL injection or cross-website prearranging (XSS)
weaknesses
 Hacking the system: Targets working frameworks and programming to find
security defects that could be taken advantage of.
 Social Designing: attempts to manipulate individuals into revealing confidential
information or performing actions that could compromise security, putting the
human element to the test.
 Hacking into wireless networks: involves identifying potential dangers in wireless
communications and evaluating the security of wireless networks.

Types of Ethical Hackers

Ethical hacking is to scan vulnerabilities and to find potential threats on a computer or
network. An ethical hacker finds the weak points or loopholes in a computer, web
application or network and reports them to the organization. So, let’s explore more
about Ethical Hacking step-by-step. These are various types of hackers:
 White Hat Hackers (Cyber-Security Hacker)
 Black Hat Hackers (Cracker)
 Gray Hat Hackers (Both)
 Blue Hat hackers
 Green Hat Hackers
 Red Hat Hackers.

1. White Hat Hackers: Here, we look for bugs and ethically report them to the
organization. We are authorized as a user to test for bugs in a website or network
and report it to them. White hat hackers generally get all the needed information
about the application or network to test for, from the organization itself. They use
their skills to test it before the website goes live or attacked by malicious hackers.
To become a white hat hacker, you can earn a bachelor's degree in computer
science, information technology, or cybersecurity. In addition, certifications such
as Certified Ethical Hacker (CEH) and Certified Information Systems Security
Professional (CISSP) are highly recommended.
2. Black Hat Hackers: Here, the organization doesn't allow the user to test it. They
unethically enter inside the website and steal data from the admin panel or
manipulate the data. They only focus on themselves and the advantages they will
get from the personal data for personal financial gain. They can cause major
damage to the company by altering the functions which lead to the loss of the
company at a much higher extent. This can even lead you to extreme
consequences.
3. Grey Hat Hackers: They sometimes access to the data and violates the law. But
never have the same intention as Black hat hackers, they often operate for the
common good. The main difference is that they exploit vulnerability publicly
whereas white hat hackers do it privately for the company. One criticism of Grey
Hat hackers is that their actions can still cause harm. Even if they do not steal or
damage data, their unauthorized access to computer systems can still disrupt
operations and cause financial losses for companies. Additionally, there is always
the risk that a Grey Hat hacker will accidentally cause damage while attempting
to identify vulnerabilities.
4. Blue Hat hackers: They are much like the script kiddies, are beginners in the
field of hacking. If anyone makes angry a script kiddie and he/she may take
revenge, then they are considered as the blue hat hackers. Blue Hat hackers
payback to those who have challenged them or angry them. Like the Script
Kiddies, Blue hat hackers also have no desire to learn.
5. Green Hat hackers : They are also amateurs in the world of hacking but they are
bit different from script kiddies. They care about hacking and strive to become
full-blown hackers. They are inspired by the hackers and ask them few questions
about. While hackers are answering their question they will listen to its novelty.
6. Red Hat Hackers: They are also known as the eagle-eyed hackers. Like white
hat hackers, red hat hackers also aims to halt the black hat hackers. There is a
major difference in the way they operate. They become ruthless while dealing
with malware actions of the black hat hackers. Red hat hacker will keep on
attacking the hacker aggressively that the hacker may know it as well have to
replace the whole system.

Core Concepts of System Hacking in Ethical Hacking

System hacking refers to the activity of searching for and taking advantage of
weaknesses in a target system for unauthorized access, privilege escalation, and data
tampering or stealing.
These activities are used by ethical hackers to mimic actual attacks and assist
companies in making their defenses more impenetrable.

Phases of System Hacking

System hacking usually occurs in an organized fashion, normally following
the lifecycle of an ethical hacker. The most important phases are:
1. Reconnaissance
 Gathering information on the target system (e.g., IP addresses, operating
systems, open ports).
 Tools: Nmap, Whois, Google Dorks.
2. Scanning
 Vulnerability identification in the target system (e.g., open ports, services,
misconfigurations).
 Tools: Nessus, OpenVAS, Nikto.
3. Gaining Access
 Illicit access to the system using vulnerabilities.
 Techniques: Password cracking, exploiting software vulnerabilities, social
engineering.
4. Maintaining Access
 Guaranteed ongoing access to the system (e.g., installing backdoors,
rootkits).
 Tools: Metasploit, Netcat.
5. Clearing Tracks
 Erasure of attack traces to avoid detection.
 Techniques: Log deletion, timestamp manipulation.

Phases of Ethical Hacking

 Preparation and planning: Characterize the extent of the test, acquire

fundamental authorizations, and accumulate data about the objective framework.
 Reconnaissance: Gather in-depth data about the target system, including
information about its network structure, IP addresses, and potential security
holes.
 Scanning: Scan the target system using a variety of tools and methods to look for
vulnerable services, open ports, and vulnerabilities.
 Gaining Access: Attempt to gain access to the system by mimicking potential
real-world attacks by taking advantage of identified vulnerabilities.
 Maintaining Access: Test the capacity to keep up with access inside the
framework and survey ingenuity components that could be utilized by assailants.
 Reporting and Analysis: Produce a comprehensive report to the organization,
document findings, and offer suggestions for reducing vulnerabilities.

Benefits of Ethical Hacking

Ethical hacking has advantages that go beyond just enhancing security, They
consist of:
 Preventing Data Breach: Organizations can avoid costly data breaches by
identifying vulnerabilities before attackers do.
 Protecting Private Information: safeguards vital data from misuse and
unauthorized access.
 Enhancing the System's Resilience: It makes applications and systems stronger
and more resistant to attacks.
 Developing Trust: Demonstrates a commitment to data security and improves
the company's reputation.

Role of security and penetration testers

Role of Penetration Testing in Ethical Hacking: Identifying Vulnerabilities and

Risks

Penetration testing, colloquially known as ‘pen testing’, is a simulated

cyber attack against a computer system, network, or web application with
the aim of discovering exploitable vulnerabilities. It’s the cybersecurity
equivalent of a fire drill, providing a realistic scenario to evaluate the
strength of an organization’s defenses.

Penetration testers employ the same strategies and tools as malicious

hackers, but with one significant difference: their activities are lawful,
ethical, and conducted with explicit permission from the system owner. The
goal is not to cause harm, but identify weaknesses prior to their exploitation
by others.

Rules of Engagement and Code of Ethics

Ethical hackers operate under a set of rules of engagement and a code of ethics.
These guidelines ensure that their actions remain legal, ethical, and within the
boundaries defined by the organization being tested. The rules of engagement specify
the scope and limitations of the testing, including the systems and networks that can
be targeted. The code of ethics ensures that penetration testers prioritize the protection
of sensitive data, respect user privacy, and avoid causing any harm during their testing
activities.
Penetration Testing

Penetration testing, or pen testing, is like a practice cyber attack conducted on

your computer systems to find and fix any weak spots before real attackers can
exploit them. It focuses on web application security, where testers try to breach parts
like APIs and servers to uncover vulnerabilities such as code injection risks from
unfiltered inputs.

The results help adjust web application firewall (WAF) settings and fix any
weaknesses found to boost overall security.

Penetration testing stages

The pen testing process has five stages.

Planning and Reconnaissance
 This stage involves defining the scope and objectives of the penetration
test. It's crucial to understand what systems or networks will be tested
and what testing methods will be employed.
 During reconnaissance, information about the target system is gathered.
This includes details like network names, domain records, and any
publicly available information about the organization's infrastructure.

Scanning
 In this phase, various tools and techniques are used to understand how
the target application responds to intrusion attempts.
 Static analysis involves inspecting the application's code without
executing it. This helps identify potential vulnerabilities based on code
structure and logic.
 Dynamic analysis involves inspecting the application's behavior while
it's running. This provides real-time insights into how the application
responds to different inputs and interactions.
Gaining Access
 Once vulnerabilities are identified in the scanning phase, this stage
focuses on exploiting those vulnerabilities to gain unauthorized access
to the target system.
 Common techniques include exploiting flaws like SQL injection or
cross-site scripting to gain control over the application or system.
Maintaining Access
 After gaining initial access, the goal is to establish a persistent presence
within the system. This mimics the behavior of real attackers who aim to
maintain access over an extended period.
 Techniques like establishing backdoors, escalating privileges, and
maintaining persistence are employed to ensure continued access to the
system.
Analysis
 Once the penetration test is complete, the results are compiled into a
detailed report.
 This report includes information about the vulnerabilities that were
successfully exploited, any sensitive data accessed, and the duration of
undetected access.
 Security personnel analyze this information to understand the effectiveness
of existing security measures and to prioritize remediation efforts.

Penetration testing methods

Here are the main Penetration testing methods follows:

1.External Testing
This test targets a company's online assets, like its website, web applications,
email systems, and domain name servers (DNS). The goal is to break in and steal
valuable data, just like a real hacker would.

Purpose: This method helps organizations understand their vulnerabilities from an

external threat perspective, highlighting weaknesses that malicious actors could
exploit. It enables proactive mitigation of risks before they are exploited by real
attackers.

2.Internal Testing
A tester who has access to the company's internal systems simulates an attack
from within. This could be like an employee's account being hacked through a
phishing attack, even if the employee themselves isn't doing anything wrong.

Purpose: The aim is to evaluate the effectiveness of internal security controls

and detection mechanisms. By simulating an insider threat scenario, organizations
can identify weaknesses in their internal security posture and improve measures to
prevent unauthorized access.

3.Blind Testing
In this test, the tester only knows the name of the company. This simulates a
real attack, showing how the company's security team responds in real time without
prior knowledge of the test.
 Purpose: This approach tests the organization's incident response capabilities
and readiness to handle unexpected attacks. It helps assess how effectively security
teams detect, respond to, and mitigate security breaches without advance notice,
reflecting real-world attack scenarios.

4.Double-Blind Testing
The security team doesn't know about the test in advance, so they can't
prepare. This shows how well they can handle unexpected attacks.

Purpose: The objective is to evaluate the organization's overall security

posture, including the effectiveness of monitoring and response mechanisms under
realistic conditions. It provides insights into the organization's ability to detect and
mitigate security threats without prior preparation or knowledge of the simulated
attack.
5.Targeted Testing
Both the tester and the company's security team know about the test and work
together. This is a training exercise where the security team gets live feedback from
the tester, learning how to improve their defenses.

Purpose: This method serves as a controlled exercise to train and validate the
response capabilities of the security team. It allows for real-time feedback from the
tester, facilitating continuous improvement of security measures and incident
response protocols based on identified vulnerabilities and weaknesses.

Types of Penetration Testing

1.Black Box Penetration Testing:- In this Method attacker does not know the target
as it exactly simulates an actual cyber attack where an actual black hat hacker
attacks. This testing takes time as the attacker does not know the system so he
gathers them. This method is used to find existing vulnerabilities in the system and
to simulate how far a hacker can go into the system without any info about the
system.

2.Grey Box Penetration Testing:- In this method, the attacker is provided with a bit
more information about the target like network configurations, subnets, or a specific
IP to test, Attacker has a basic idea of how the machine is to which he/she is going to
perform an attack, they may also be provided with low-level login credentials or
access to the system which helps them in having a clear approach, This saves time of
Reconnaissance the target.

3.White Box Penetration Testing:- We can say that in this testing method attackers
have developer-level knowledge about the system which also includes an assessment
of source code, Ethical hackers have full access to the system more in-depth than
black box testing. It is used to find out potential threats to the system due to bad
programming, misconfigurations, or lack of any defensive measures.

Penetration testing and web application firewalls

 Penetration testing utilizes WAF data such as logs, except in blind and double
blind tests, to identify and exploit application weaknesses.
 WAF administrators use pen testing results to update configurations and
enhance protection against vulnerabilities discovered during testing.
 Penetration testing satisfies compliance requirements for security audits like
PCI DSS and SOC 2.

 Standards like PCI-DSS 6.6 mandate a certified WAF, but pen testing remains
crucial for improving WAF configurations and overall security.

Advantages of the Penetration test

 The penetration test can be done to find the vulnerability which may serve as a
weakness for the system.
 It is also done to identify the risks from the vulnerabilities.
 It can help determine the impact of an attack and the likelihood of it happening.
 It can help assess the effectiveness of security controls.
 It can help prioritize remediation efforts.
 It can ensure that the system is secure.
 It can be used to test the security of any system, no matter how large or small.
 It can be used to find vulnerabilities in systems that have not yet been exploited.
 It can be used to assess the effectiveness of security controls in place.
 It can be used to educate employees about security risks.

Disadvantages of the Penetration test

 The penetration test which is not done properly can expose data that might be
sensitive and more.
 The penetration tester has to be trusted, otherwise, the security measures taken
can backfire.
 It is difficult to find a qualified penetration tester.
 Penetration testing is expensive.
 It can be disruptive to business operations.
 It may not identify all security vulnerabilities.
 It may give false positives (incorrectly identifying a vulnerability).
 It may give false negatives (failing to identify a vulnerability).
 It may require specialized skills and knowledge.
 The results may be difficult to interpret.
 After the penetration test is completed, the system is vulnerable to attack.
Rules of Penetration testing Process
Some rules have to be followed when conducting the penetration test like the
methodology that should be used, the start and the end dates, the goals of the
penetration test, and more. To make the penetration test possible, there should be a
mutual agreement between both the customer and the representative. These are some
of the things which are commonly present in rules which are as follows:-
1. There will be a non-disclosure agreement where there will be written permission
to hack. This non-disclosure agreement will have to be signed by both parties.
2. There should be a start and end date for penetration testing.
3. What methodology should be used for conducting the penetration test?
4. There should be the goals of the penetration test.

Penetration testing tools

1. Nmap: It is a network exploration tool and security scanner. It can be used to
identify hosts and services on a network, as well as security issues.
2. Nessus: It is a vulnerability scanner. It can be used to find vulnerabilities in
systems and applications.
3. Wireshark: It is a packet analyzer. It can be used to capture and analyze network
traffic.
4. Burp Suite: It is a web application security testing tool. It can be used to find
security issues in web applications.

LAWS OF LAND

A LAND Attack is a Layer 4 Denial of Service (DoS) attack in which, the

attacker sets the source and destination information of a TCP segment to be the
same. A vulnerable machine will crash or freeze due to the packet being repeatedly
processed by the TCP stack.

OVERVIEW OF TCP\IP

The TCP/IP model is a framework that is used to model the communication in a

network. It is mainly a collection of network protocols and organization of these
protocols in different layers for modeling the network.
 It has four layers, Application, Transport, Network/Internet and Network Access.
 While the OSI model has seven layers, the 4 layer TCP/IP model is simpler and
commonly used in today’s Internet and networking systems.

Role of TCP/IP
One of its main goals is to make sure that the data sent by the sender arrives
safely and correctly at the receiver’s end. To do this, the data is broken down
into smaller parts called packets before being sent. These packets travel separately
and are reassembled in the correct order when they reach the destination.
This helps prevent errors and makes sure the message is complete and
accurate.

Layers of TCP/IP Model

1. Application Layer
 The Application Layer is the top layer of the TCP/IP model and the
one closest to the user. This is where all the apps you use like web browsers,
email clients, or file sharing tools connect to the network.
 It acts like a bridge between your software (like Chrome, Gmail, or
WhatsApp) and the lower layers of the network that actually send and receive
data.
 It supports different protocols like HTTP (for websites), FTP (for file
transfers), SMTP (for emails), and DNS (for finding website addresses). It
also manages things like data formatting, so both sender and receiver
understand the data, encryption to keep data safe, and session management to
keep track of ongoing connections.
2. Transport Layer
 The Transport Layer is responsible for making sure that data is sent reliably
and in the correct order between devices.
 It checks that the data you send like a message, file, or video arrives safely
and completely. This layer uses two main protocols: TCP and UDP, depending
on whether the communication needs to be reliable or faster.
 TCP is used when data must be correct and complete, like when loading a web
page or downloading a file. It checks for errors, resends missing pieces, and
 keeps everything in order. On the other hand, UDP (User Datagram
Protocol) is faster but doesn’t guarantee delivery useful for things like live
video or online games where speed matters more than perfect accuracy.
3. Internet Layer
 The Internet Layer is used for finding the best path for data to travel across
different networks so it can reach the right destination. It works like a traffic
controller, helping data packets move from one network to another until they
reach the correct device.
 This layer uses the Internet Protocol (IP) to give every device a unique IP
address, which helps identify where data should go.
 The main job of this layer is routing deciding the best way for data to travel. It
also takes care of packet forwarding (moving data from one point to
another), fragmentation (breaking large data into smaller parts),
and addressing.
4. Network Access Layer
 The Network Access Layer is the bottom layer of the TCP/IP model. It deals
with the actual physical connection between devices on the same local
network like computers connected by cables or communicating through Wi-Fi.
 This layer makes sure that data can travel over the hardware, such as wires,
switches, or wireless signals.
 It also handles important tasks like using MAC addresses to identify devices,
creating frames (the format used to send data over the physical link), and
checking for basic errors during transmission.

Working of TCP/IP Model

The working of TCP/IP can be explained with the help of the diagram given below
and explained :

When Sending Data (From Sender to Receiver)

 Application Layer: Prepares user data using protocols like HTTP, FTP, or
SMTP.
 Transport Layer (TCP/UDP): Breaks data into segments and ensures reliable
(TCP) or fast (UDP) delivery.
 Internet Layer (IP): Adds IP addresses and decides the best route for each
packet.
 Link Layer (Network Access Layer): Converts packets into frames and sends
them over the physical network.

When Receiving Data (At the Destination)

 Link Layer: Receives bits from the network and rebuilds frames to pass to the
next layer.
 Internet Layer: Checks the IP address, removes the IP header, and forwards data
to the Transport Layer.
 Transport Layer: Reassembles segments, checks for errors, and ensures data is
complete.
 Application Layer: Delivers the final data to the correct application (e.g.,
displays a web page in the browser).

Why TCP/IP is Used Over the OSI Model

TCP/IP is used over the OSI model because it is simpler, practical, and widely
adopted for real-world networking and the internet. The diagram below shows the
comparison of OSI layer with the TCP :

Reason Explanation

TCP/IP has only 4 layers, compared to 7 in OSI, making it

Simpler Structure easier to implement and understand in real systems.

Protocol-Driven TCP/IP was designed based on working protocols, while

Reason Explanation

Design the OSI model is more of a theoretical framework.

Flexibility and TCP/IP adapts well to different hardware and networks and
Robustness includes error handling, routing, and congestion control.

TCP/IP is open, free to use, and not controlled by any

Open Standard single organization, helping it gain universal acceptance.

The OSI model is great for education and design principles,

Actual Use vs but TCP/IP is the one actually used in real-world
Conceptual Model networking.

Advantages of TCP/IP Model

 Interoperability : The TCP/IP model allows different types of computers and
networks to communicate with each other, promoting compatibility and
cooperation among diverse systems.
 Scalability : TCP/IP is highly scalable, making it suitable for both small and
large networks, from local area networks (LANs) to wide area networks (WANs)
like the internet.
 Standardization : It is based on open standards and protocols, ensuring that
different devices and software can work together without compatibility issues.
 Flexibility : The model supports various routing protocols, data types, and
communication methods, making it adaptable to different networking needs.
 Reliability : TCP/IP includes error-checking and retransmission features that
ensure reliable data transfer, even over long distances and through various
network conditions.
Disadvantages of TCP/IP Model
 Security Concerns : TCP/IP was not originally designed with security in mind.
While there are now many security protocols available (such as SSL/TLS), they
have been added on top of the basic TCP/IP model, which can lead to
vulnerabilities.
 Inefficiency for Small Networks : For very small networks, the overhead and
complexity of the TCP/IP model may be unnecessary and inefficient compared to
simpler networking protocols.
 Limited by Address Space : Although IPv6 addresses this issue, the older IPv4
system has a limited address space, which can lead to issues with address
exhaustion in larger networks.
 Data Overhead : TCP the transport protocol, includes a significant amount of
overhead to ensure reliable transmission.

IP addressing and Class of network :

IP stands for Internet Protocol and describes a set of standards

and requirements for creating and transmitting data packets, or
datagrams, across networks. The Internet Protocol (IP) is part of
the Internet layer of the Internet protocol suite. In the OSI
model, IP would be considered part of the network layer. IP is
traditionally used in conjunction with a higher-level protocol,
most notably TCP
.
IP is designed to work over a dynamic network. This means that
IP must work without a central directory or monitor, and that it
cannot rely upon specific links or nodes existing. IP is a
connectionless protocol that is datagram-oriented., so each
packet must contain the source IP address, destination IP
address, and other data in the header to be successfully
delivered.

An IP address (internet protocol address) is a numerical

representation that uniquely identifies a specific interface on the
network.
Addresses in IPv4 are 32-bits long. This allows for a maximum
of 4,294,967,296 (232) unique addresses. Addresses in IPv6 are
128-bits, which allows for 3.4 x 1038 (2128) unique addresses.
The total usable address pool of both versions is reduced by
various reserved addresses and other considerations.
or example, the address 168.212.226.204 represents the 32-bit
binary number 10101000.11010100.11100010.11001100.

Type of Network and class of network

For the better management of network and connected host in the

internet , the address of the internet computers are classified in
different types , known as class of network.
Some basic concept in class of network is
1. Netid and hostid :- in classful addressing , and IP in class
A,B,C,D,E is divided into two address, known as netid and
hosted. Here, netid represent the address of the network
connected with internet and hosted is the address of the
host connected in that network. These two id generally
formed the IP address.
2. Mask :- the mask can help us to find the netid and hosted
in IP address. For example , in Class A network  mask is /
8
B Network  mask is /16
C network  mask is /24
the mask notation is also known as slash notation or
Classless Interdomain Routing(CIDR) notation.
3. Subnetting : In the classful IP addressing , An organization
may divide the address into continuous group and can
assign each group to smaller network called subnet .
4. Supernetting :- It is the technique to increase the network
address in a particular class of network for an organization.
 i.e in class C network the maximum number of host is 256
which is not satisfy for an organization then the maximum
host size is increases by the technique of supernetting i.e
combining the two IP address together to create larger
network address.
Class A
In a Class A network, the first eight bits, or the first dotted
decimal, is the network part of the address, with the
remaining part of the address being the host part of the
address. There are 128 possible Class A networks.
0.0.0.0 to 127.0.0.0

However, any address that begins with 127. is considered a

loopback address.
Example for a Class A IP address:
2.134.213.2
Class B
In a Class B network, the first 16 bits are the network part
of the address. All Class B networks have their first bit set
to 1 and the second bit set to 0. In dotted decimal
notation, that makes
128.0.0.0 to 191.255.0.0 as Class B networks. There are
16,384 possible Class B networks.
Example for a Class B IP address:
135.58.24.17
Class C
In a Class C network, the first two bits are set to 1, and the
third bit is set to 0. That makes the first 24 bits of the address
the network address and the remainder as the host address.
Class C network addresses range from 192.0.0.0 to
223.255.255.0. There are over 2 million possible Class C
networks.
Example for a Class C IP address:
192.168.178.1

Class D
Class D addresses are used for multicasting applications.
Unlike the previous classes, the Class D is not used for
"normal" networking operations. Class D addresses have their
first three bits set to “1” and their fourth bit set to “0”. Class D
addresses are 32-bit network addresses, meaning that all the
values within the range of 224.0.0.0 – 239.255.255.255 are
used to uniquely identify multicast groups. There are no host
addresses within the Class D address space, since all the hosts
within a group share the group’s IP address for receiver
purposes.
Example for a Class D IP address:
227.21.6.173

Class E
Class E networks are defined by having the first four network
address bits as 1. That encompasses addresses from 240.0.0.0
to 255.255.255.255. While this class is reserved, its usage was
never defined. As a result, most network implementations
discard these addresses as illegal or undefined. The exception
is 255.255.255.255, which is used as a broadcast address.