IP Addresses — How Devices Find Each Other

Every device on a network needs an address. Without one, data has no idea where to go. An IP address (Internet Protocol address) is a non-negotiable part of understanding how cybersecurity works.

What an IP address actually is

An IP address is a number assigned to every device on a network. It's how that device gets identified and located. When your computer requests a webpage, it sends that request from its IP address to the server's IP address. The server sends the page back to your IP address. Without these addresses, neither side would know where to send anything.

Think of it like a mailing address for your house. The postal service doesn't care what color your door is or what your name is. It just needs the address to deliver the package. IP addresses work the same way for data.

IPv4 — the one you'll see everywhere

IPv4 addresses look like this: 192.168.1.1

It's four numbers separated by dots. Each number can range from 0 to 255. That gives us roughly 4.3 billion possible addresses. That sounds like a lot, and the system was designed in the 1980s. But with billions of devices connected to the internet today (phones, laptops, smart fridges, security cameras), we ran out of IPv4 addresses years ago.

IPv6 — the newer version

IPv6 was created to solve the address shortage. An IPv6 address looks like this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

It's longer, uses hexadecimal (numbers and letters), and provides practically unlimited addresses. The transition from IPv4 to IPv6 has been slow — most of the internet still runs on IPv4, and many networks use both at the same time. You'll need to understand both, but you'll encounter IPv4 far more often in your day-to-day work.

Public vs. private IP addresses

This is where people often get confused, so let's break it down.

A public IP address is the address your network uses to communicate with the internet. It's assigned by your Internet Service Provider (ISP), and it's visible to every server and website you connect to. When someone says they can "see your IP," they're referring to your public IP address.

A private IP address is the address your device uses inside your local network. Your router assigns private IPs to each device in your home — your laptop might be 192.168.1.5, your phone 192.168.1.6, your smart TV 192.168.1.7. These addresses don't work on the public internet. They only work within your local network.

Here's the analogy: your public IP is like the street address of an apartment building. Your private IP is your apartment number. People outside the building use the street address to locate it. But once inside, the apartment number is what matters.

The device that translates between these two is your router, using something called NAT (Network Address Translation). When your laptop sends a request to a website, the router swaps out the private IP for the public one before sending it out. When the response comes back, the router remembers which device requested it and routes the data to the correct private IP address. It's like a receptionist who forwards calls to the right extension.

Static vs. dynamic IP addresses

A static IP stays the same every time. Servers typically use static IPs because other devices need to know where to find them. If a web server's IP address changed every day, DNS records would constantly break, and nobody could reach the site.

A dynamic IP gets assigned automatically and can change. Most home devices get dynamic IPs from a DHCP server (usually your router). Your laptop probably doesn't have the same private IP it had last month, and that's fine — it doesn't need one.

Why IP addresses matter in cybersecurity

IP addresses appear frequently in security work. A few examples:

Log analysis — when you're reviewing firewall or server logs, you're looking at IP addresses to figure out who's connecting to what. An unfamiliar IP hitting your server thousands of times in a minute? That's probably worth investigating.

Incident response — during a security incident, tracing the attacker's IP is one of the first steps. Where is this traffic coming from? Is it an internal IP (possible insider threat or compromised device) or an external one?

Network segmentation — security teams use IP address ranges to separate network segments. The accounting department's devices might be on one range (10.0.1.x), while the engineering team's devices are on another (10.0.2.x). This way, if an attacker compromises one segment, they can't automatically access the others.

Threat intelligence — security teams maintain lists of known malicious IP addresses. If traffic from one of those IPs shows up in your network, that's an immediate red flag.

Bottom line

IP addresses are the addressing system of the Internet. Every connection, every attack, every log entry involves them. You don't need to memorize subnetting tables on day one, but you do need to understand the difference between public and private, static and dynamic, and IPv4 and IPv6.

Next up, we'll look at the actual hardware — routers, switches, and hubs. What each one does, how they're different, and why it matters.