IP lookup.

Three private blocks. Memorise them.

Every internal IPv4 network anywhere in the world uses one of three blocks defined in RFC 1918: 10.0.0.0/8 (16 million addresses), 172.16.0.0/12 (1 million), or 192.168.0.0/16 (65 thousand). Knowing which block an address sits in tells you whether you're looking at a host on someone's LAN, a Kubernetes pod, an AWS VPC subnet, or none of the above.

Three further blocks come up often enough to recognise on sight. 127.0.0.0/8 is loopback — a packet sent to 127.0.0.1 never leaves the box. 169.254.0.0/16 is link-local (APIPA on Windows) — what you get when DHCP fails, also where the AWS metadata service lives at 169.254.169.254. 100.64.0.0/10 is carrier-grade NAT — ISPs that ran out of public IPv4 space use it to multiplex thousands of customers behind a single public address.

Anything that isn't one of those is either public-routable (the open internet), multicast (224/4), or reserved (240/4 and a handful of small holes). The tool above flags each automatically.

Class is historical; CIDR is reality.

The "Class A/B/C" you see on this tool's output is a relic of the 1981 internet, when address allocations were tied to fixed prefix lengths: A was /8, B was /16, C was /24. The system collapsed by 1993 because it allocated address space inefficiently — Class B handed out 65k addresses to organisations that needed 200, and Class C only 256 to organisations that needed 5,000.

CIDR (Classless Inter-Domain Routing, RFC 1519) replaced classes with arbitrary prefix lengths. Today, every internet route is "this prefix, this length, this next-hop." The class labels survive only as a quick mental model and as defaults in some legacy tooling. Don't make routing decisions based on class.

For the math behind subnetting and CIDR splits, see the CIDR calculator — that tool is the natural pair to this one.

128 bits, eight groups, collapsed zeros.

IPv6 addresses are 128 bits wide — eight groups of four hex digits separated by colons, like 2606:2800:220:1:248:1893:25c8:1946. The full form is unwieldy, so two compressions are allowed: leading zeros within each group can be omitted (0220 → 220), and one run of consecutive all-zero groups can be replaced with ::. Only one :: per address — otherwise the expansion is ambiguous.

Five blocks matter:

• 2000::/3 — global unicast. Public-routable internet addresses.
• fc00::/7 — unique local addresses (ULA). The IPv6 equivalent of RFC 1918 private space.
• fe80::/10 — link-local. Auto-configured on every IPv6 interface; never routed off-link.
• ff00::/8 — multicast. Replaces IPv4 broadcast plus multicast in one block.
• ::/128 — unspecified. ::1/128 — loopback. Both single addresses, single bits in their respective ranges.

There is no NAT in IPv6 by design — every device gets a globally-unique address. That's why ULA addresses are added to (not substituted for) global ones: a host can have a fe80, a fc00, and a 2000 address simultaneously, each used for a different scope of communication.

Knowing the address class prevents incidents.

Three operational scenarios where classification saves you minutes or hours:

• Suspicious source IP in logs. An incoming request from 169.254.169.254 means the call came from an instance's metadata service — usually fine on AWS / GCP / Azure, suspicious in a non-cloud context. From 10.0.0.0/8: it's an internal client, and your auth model should reflect that.
• "Why can't this server reach the public IP I gave it?" Almost always because the IP is in 100.64/10 (CGNAT) or behind a NAT translation layer the operator forgot about. The tool above flags CGNAT instantly.
• Audit / firewall design. Rules like "deny inbound from RFC 1918 on the public interface" prevent a class of spoofing attack. The classification tells you which addresses count.

The companion to this tool is the CIDR calculator — when you need to know whether a specific IP belongs to a specific subnet (e.g. "is 10.4.7.92 in 10.4.0.0/14?"), use that one.