I have a subnet mask of 255.255.255.255.( Why is my subnet mask 255.255.255.255?). I refer that from the above question that it is as good as each computer is on its own network and cant interact with one another. But if I use armitage (part of metasploit) and scan for hosts on my network, it shows me all the computers connected to my local network.
How is this possible when my subnet mask of 255.255.255.255 forces the computers to be on a different network?
Also is there any way I can change this subnet mask so I can put all the computers join the same network? (I use windows but even if I go to ipv4 properties and set a default subnet mask it does not seem to get reflected in the router.)
Best Answer
255.255.255.255 is a broadcast address same as 0.0.0.0 if you want two endpoints the subnet mask would be 255.255.255.254 (however this still won't do what you are asking. What you are asking for is VLANs or PVLANs (virtual or private lans). This would require hardware capable of layer2 switching and VLAN support at least. However you would still need layer3 routing abilities to talk between VLANs. The VLAN will virtualize the collision domain and thus VLAN2 does not see VLAN3 unless defined in a layer3 router connecting both VLAN2 and VLAN3. A poorman's version would be n+1 ethernet ports in a computer acting as a router and network switch where "n" is the number of pcs and the "+1" is the port going out to the internet. The computer would need to run some software like linux as a firewall/proxy/router and define all ports to different subnets like 192.168.1.0/31 192.168.2.0/31 <-- this /31 means 255.255.255.254 which allows exactly two hosts. The reason your scan tool sees everything is how the software works by incrementing the address by one then asking for an echo response at that address and the fact that the subnet mask your are using is also a broadcast address. Presently all your pcs are on the same collision domain so the see each other just fine and ipv4 trickery is not going to separate them.