Deano’s answer to: “Will different computer users inside one company (i.e. at one building location) normally share the same IP address?”

The short answer: No. All IP addresses for individual computers must be unique to allow for proper/intended network function.

The more complicated truth: Most users inside a company have “multiple IP addresses” – one local/internal IP address associated with their computer, and one or more external IP addresses, which map back to the local address via a process called Network Address Translation (NAT), and pass actual Internet traffic back and forth.

(Image snuck safely out of http://qwikstep.eu/search/get-ex…)

These external IPs exist, and continue to be used for several reasons:

  • The IPv4 address space, which most Internet ready devices still use is comparatively small, so assigning unique IPs worldwide to all Internet-capable devices is simply no longer possible[*]. The “new” address space, known as IPv6, has been in development for several hundred years, and will be rolled out “any day now” to consumers and business.
  • Because of this, companies use routers to translate between internal and external IP addresses, even on a one-to-many basis. While it is unlikely that a large company will use a single external IP for a given building/campus, it’s possible that whatever your internal IP address, external traffic to your single computer may hop between external IPs over time, or based on the service(s) you use.
  • Internal IP addresses also give you a nearly-unlimited and “free” supply (okay, a mere 18 million or so usable) of addresses, that you can organize as you wish. While most home Internet users are at least somewhat familiar with the “192.168.0.0/16” network, the other private address spaces are “172.16.0.0/12”, or my personal favorite, the “10.0.0.0/8”[“]. By contrast, external “Internet IPs” are usually leased through a hosting provider, and more IPs = larger monthly bill.
  • Most companies (or at least their ISPs) use firewalls and other security measures to protect from both external attack, and various kinds of internal tampering/espionage. These firewalls typically sit between the internal and external address spaces, and monitor traffic for suspicious behavior, blocking known exploits and recording log data to help forensically source unknown attack vectors after the fact.

Long story short – Yes, in many cases, everyone in a single location of a given company will share one external IP address, making it difficult to associate IP traffic to a specific user within the company[†]. For this reason, marketers, website administrators, hackers, and security and support companies will typically try to use other means (transparent GIFs, cookies, user registrations, “MAC IDs”, etc) to identify individuals as distinct from their associates within the company.

[* Actually, back in the day I worked at several companies and universities that used a public network address for all their Internetworked machines (often numbering in the hundreds or less)… It wasn’t until the advent of students needing their own IPs that most universities switched over. ]

[“ For more on the private network address space, check out the great Wikipedia entry here: http://en.wikipedia.org/wiki/Pri… ]

[† Depending on the purpose of your question and individual network configuration, that could be a very good/anonymizing, or a very bad/incriminating thing. Best to just start deleting the wikileaks porn now, just in case…]

This answer originally appeared on Quora: Will different computer users inside one company (i.e. at one building location) normally share the same IP address?

Advertisements

2 thoughts on “Deano’s answer to: “Will different computer users inside one company (i.e. at one building location) normally share the same IP address?”

  1. Pingback: Deano's answer to: “Will different computer users inside one … | IP address.co.uk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s