0

If you have multiple members in a household using each their own PCs, some connected wirelessly, some via LAN cable - How can you check if all those PCs are all in the same subnet or broadcast domain?

Please advise step by step how to check it on both systems Linux and Windows? Any straight forward command line available?

To clarify: By LAN I mean a PC connected via wired LAN Cable to the Router. By WIFI I mean a wireless connected PC.

Thanks

threeeMiaNichole
  • 33
  • 1
  • 2
  • 9
  • Are your wireless and wired devices connected to the same router? – Sam Forbis May 21 '20 at 14:33
  • @SamForbis this shouldn't matter to the answer, WiFi presents as Ethernet packets to the router (once WiFi overheads are removed) and WiFi and Ethernet devices can - and typically are bridged into the same subnetwork. – davidgo May 21 '20 at 19:32
  • @davidgo I'm aware, I was just thinking of reasons why someone would ask a question like this. Obviously, if they are on the same router (especially a consumer router), they will be on the same subnet. I was thinking this OP may be in a situation where they may have multiple routers set up. – Sam Forbis May 21 '20 at 19:36

2 Answers2

2

You need to know subnet mask and IPv4 adress of each PC.
Open a command/terminal prompt. Type:
ipconfig for Windows
ifconfig for Linux.
Press ENTER.

Look at the subnet mask. Does it match?
NO: You know right away computers are not on the same network.
YES: Proceed below to determine whether or not computers are on the same subnet.

Compare IP addresses to determine if devices are on the same subnet.

We will be using most common subnet mask of 255.255.255.0 as example. It tells us the size of the network block:

  • In each of the four sections, if the value is 255, we will substitute that with a 0.
  • If there is any other number in the section, we then subtract that number from 256.
  • In the example above, we would get 0.0.0.256 (256 - 0 = 256). This is a block of 256 numbers.

If the subnet were 255.255.252.0, we substitute and get 0.0.4.256. This is a block of 1024 addresses (4 x 256 = 1024).

When comparing two IP address/subnet combinations, the addresses must match for any section where the subnet value is 255. For a subnet of 255.255.255.0, we expect to see the first three sections of the IP address match (reading left to right) if they are in the same subnet.

The key is to match up the subnet and the IP address. Let’s look at four examples: enter image description here

Bald Eagle
  • 176
  • 6
  • thx. And do you also know how to make it that wired connected PCs are NOT in the same subnet as the wirelessly connected PCs? How could one achieve that, with what settings @bald-eagle? – threeeMiaNichole May 21 '20 at 17:42
  • Go to network settings and set local IPs and masks. As example, you can set mask 255.255.255.0 everywhere, 192.168.1.xxx for wired and 192.168.0.xxx for wirless PCs. @ threeeMiaNichole – Bald Eagle May 21 '20 at 17:47
  • To open network config at win10 press Win+R. Command "control.exe /name Microsoft.NetworkandSharingCenter" and Enter. Then click "change adapter settings". There right click on the LAN or wi-fi network, select "Properties". Left click on TCH/IPv4, click properties. There you can set up required parameters. Instructions for linux: https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-B02ACB37-C1CD-44E7-9AF7-ABB50F2E42BB.html – Bald Eagle May 21 '20 at 17:57
  • last two clarifications please: (1) If all the wired and wirelessly connected PCs would use a VPN, would they still be in same subnet? Or is a VPN somehow hindering them to be in the same broadcast domain @bald-eagle?.. (2) when you say "go to network settings and set local IPs and masks..." - how do I navigate to the network settings that apply for wired LAN, and the settings that apply for wireless WLAN? – threeeMiaNichole May 21 '20 at 18:07
  • (1) VPN does not change your actual IP, so your local network will not be affected. (2) for linux, in ifconfig output "link encap" parameter and/or "flags" should indicate type of connection for particular interface_name. This is how "change adapter settings" window looks: https://help.keenetic.com/hc/article_attachments/360001400240/win-autoip-01-en.png – Bald Eagle May 21 '20 at 18:39
  • oh thanks, sorry to bother you but (1) even when each PC is on a VPN, a wirelessly connected PC could interact with a LAN connected PC? @bald-eagle, (2) Are you preventing interaction by putting them on different subnets (following your above steps)?, (3) How would you personally go about it if your goal was to prevent interaction in same household of WLAN with LAN connected PCs? – threeeMiaNichole May 21 '20 at 18:47
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/108307/discussion-between-bald-eagle-and-threeemianichole). – Bald Eagle May 21 '20 at 19:28
1

There is a way then @BaldEagle answer if you don't want to do math or worry about netmasks. This way is more reliable as it can work even if you have 2 isolated networks both with same the ip range ( eg an office with 2 internet connections, 2 routers both set up with the default 192.168.1.1/24 and doing NAT).

Establish the IP address of system 1. Have the a system 1 ping another system 2 and while (or shortly after) this ping is in process on system 2 in a terminal or command window type "arp -an" If the IP address on system 1 appears in the list of entries its on the same subnet (and this will be true even if ping fails to respond).

I have assumed here that devices only have 1 route to see each other. (Ie things might break down in cases where a device has an Ethernet and WiFi connection - in this case you need to know the iIP address of the interface sendingvthe ping - typically the LAN one).

The idea here is that (for systems calculated by system 1 as being in the broadcast domain - which is done at a technical level as per BaldEagle answer) will send a broadcast packet "who has IP address X" - and the appropriate machine will respond "me, here us my MAC address", and IP and the systems can then communicate directly. The ARP command shows the table of remembered addresses.

davidgo
  • 68,623
  • 13
  • 106
  • 163
  • thanks and can you just tell, @davidgo- How would you personally go about it if your goal was to prevent interaction of WLAN with LAN connected PCs ( in same household)? Any straight forward way to achieve such separation via command line or other settings in LInux/Windows? – threeeMiaNichole May 22 '20 at 00:20
  • 1
    The way I would personally do it (and have more-or-less done) is to ensure my router runs dd-wrt and not bridge WIFI to Ethernet and have them in seperate vlans, but I draw on a skillset likely very different to yours. Depending on your router, there are a few options which are a lot easier - many routers have a "Wifi Isolation" feature which you can just turn on. Alternatively I'd get a second router, disable WIFI on it and then connect the WAN port of this router to a LAN port on the main router. There are limitations to this, but likely what you want. – davidgo May 22 '20 at 00:38
  • 1
    See https://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wireless-access https://superuser.com/questions/1503686/isolate-wifi-network-lans-from-each-other-while-sharing-same-wan for some other approaches. – davidgo May 22 '20 at 00:40
  • ,@davidgo- can you quickly check this reference here https://community.sophos.com/products/unified-threat-management/f/vpn-site-to-site-and-remote-access/90065/how-to-isolate-designated-devices-from-the-rest-of-the-lan-e-g-isolate-iot-devices-on-the-lan , the expert there says that VLAN method would not be enough to 100% isolate because there are some layers and each device would still be transparent to L3 traffic and share same L2 domain. Do you know what physical adapter I could add to my router so that a guest devices are always isolated from home devices? You have a amazon Link? – threeeMiaNichole May 22 '20 at 11:03
  • 1
    @threemianichole I don't see where he is saying that at all. In fact he says "Your best bet is to build VLANs according to importance, control being the most sensitive of all, like putting a vlan for each type of device"... Are you maybe confusing vlans with subnets, which are both talked about and are different. (If you have 2 subnets on the same vlan there can be leakage between them. If you have 2 subnets on seperate 2 vlans there can't be leakage) – davidgo May 22 '20 at 18:16
  • ok @davidgo, I misread the source then. And do you know of another isolation method, without involving VLAN, i would like using some additional hardware, like an adapter. But I don't know what type of device I need, what should I look for when searching in Amazon? Some easy pluggable stuff maybe which would work with the already existing router which I got from the ISP – threeeMiaNichole May 23 '20 at 15:05
  • I've answered this already " Alternatively I'd get a second router, disable WIFI on it and then connect the WAN port of this router to a LAN port on the main router...". – davidgo May 23 '20 at 19:26
  • this sounds easy @davidgo. So this is it, in the shop I have to ask for a "wifi router"? No other specs that you would advice me to ask for? Final clarification, if I had such second device, where would I have to "Plug" it in? Into a free WAN port of my existing main Router of the ISP? thx – threeeMiaNichole May 24 '20 at 11:29
  • You need to ask for an Ethernet router. (Tell the shop that the wan port needs to be Ethernet, not DSL or cable). They are very common. Most will have WiFi which is OK, but you don't need it. – davidgo May 24 '20 at 19:18
  • To connect it up you put it next to your current router and then move all the devices plugged into LAN ports on your current router to LAN ports on your new router. You then connect the WAN port on your new router to a LAN port on your old router. *make sure you get/have a network cable when you buy your new router*. WWhen your new router is plugged in, disable WIFI on it and change replace 192.168.* * with 10.0.*.* - that should be it! – davidgo May 24 '20 at 19:24
  • thx @davidgo, finally could you clarify please: (1) "You will need to ensure its programmed to use a different network." - how/where exactly can I do this change on Windows/Linux? Or is it not to be done on OS level but rather on the router device settings level? If both is possible, please explain changing it also in Windows/Linux without entering the router settings? (2) AND what implication has such a change from 192** to 10** on the internet network, are you refering to the "subnets"? Does it matter what numbers I select? -Thank you – threeeMiaNichole May 25 '20 at 19:41
  • I'm not up for fully answering the above (part of it is you have 3 questions on the same issue), but you can do this by changing the settings on your router and replacing 192.168,x,x with 10.1.x.x. 192.168.x.x, 10.x.x.x and 172.16-32.x.x are all RFC1918 space which means they set aside for internal network use. (Subnets are how you group IP addresses - and its important they are in the same group. If you follow this advice it will just work without you needing to adjust subnets ) – davidgo May 26 '20 at 00:53