Networking glossary.
Short, plain-English definitions for the concepts the rest of the site references. Each entry has a longer explainer and links into the relevant IPFerret tool.
Addressing
IP addresses, allocation, private/public space.
CGNAT
Carrier-Grade NATA second layer of NAT operated by an ISP, sharing one public IP between many customers because IPv4 ran out.
CIDR
Classless Inter-Domain RoutingA notation for IP address ranges using a prefix length, e.g. 192.168.1.0/24 = 256 addresses.
DHCP
Dynamic Host Configuration ProtocolThe protocol that hands out IP addresses, DNS resolvers, and other network settings to devices joining a LAN.
IPv4
The original 32-bit IP addressing scheme — addresses look like 203.0.113.42 and there are ~4.3 billion of them.
IPv6
The 128-bit successor to IPv4 — addresses look like 2001:db8::1 and there are 2^128 of them.
NAT
Network Address TranslationRewriting the source/destination IP (and usually port) of packets as they cross a network boundary.
RFC 1918
Private address spaceThe IPv4 ranges set aside for private use — 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Not routed on the public internet.
Routing
How packets find their way across the public internet.
ASN
Autonomous System NumberA globally unique number identifying a network with its own routing policy on the public internet.
BGP
Border Gateway ProtocolThe routing protocol that holds the internet together — every router announces which IP prefixes its network can reach.
RIR
Regional Internet RegistryOne of the five organisations that allocate IP space and ASNs in a defined geographic region.
Transport
TCP, UDP, MTU, and the rest of the per-packet plumbing.
MSS
Maximum Segment SizeThe largest TCP payload that fits in one packet — typically MTU minus 40 bytes of TCP/IP overhead.
MTU
Maximum Transmission UnitThe largest packet, in bytes, that a link can carry without fragmentation. Ethernet defaults to 1500.
Port
TCP portA 16-bit number (0–65535) identifying a specific service or socket on a host. Web is 80/443, SSH is 22, DNS is 53.
QUIC
A modern UDP-based transport protocol — encrypted, with multiplexing built in — that underpins HTTP/3.
TTL
Time To LiveA field that limits how long a packet can wander or how long a DNS answer should be cached.
Naming
DNS and the registry data behind it.
DNS
Domain Name SystemThe distributed directory that maps human-readable names like example.com to IP addresses (and other records).
RDAP
Registration Data Access ProtocolA modern, JSON-based replacement for the original 1980s WHOIS protocol — structured responses, internationalised text, cross-RIR redirects.
Security
TLS, DNSSEC, and the cryptographic layers on top of the wire.
ALPN
Application-Layer Protocol NegotiationA TLS extension that lets client and server agree which application protocol to speak (HTTP/1.1, h2, h3).
DNSSEC
DNS Security ExtensionsCryptographic signatures on DNS records so resolvers can verify the answer wasn't forged or tampered with.
DoH
DNS over HTTPSDNS queries encrypted inside HTTPS so neither your ISP nor the local network can read or modify them.
DoT
DNS over TLSDNS encrypted with TLS on dedicated port 853 — same goal as DoH but uses its own protocol port.
SNI
Server Name IndicationA TLS extension that tells the server which hostname the client wants, so it can pick the right certificate.