I mistakenly missed the dot off of an IP address and typed in 192.168.072.
To my surprise I connected to a machine at

If I ping 192.168.072 I get responses from

Why is this?

I'm on a Windows PC on a Windows domain.

If I ping 192.168.72 I get a response from, so it seems the 0 in 072 (in my original mistake) is significant.

This question was a Super User Question of the Week.
Read the blog entry for more details or contribute to the blog yourself

George Duckett
  • 5,400
  • 6
  • 27
  • 44
  • 9
    **Relevant:** http://blog.superuser.com/2012/02/10/wtfriday-http2915189091/ – Tamara Wijsman Oct 12 '12 at 17:27
  • 3
    Interestingly, exactly the same thing happens on Linux: `ping 192.168.072` prints `PING 192.168.072 ( 56(84) bytes of data.`[...]. – Mechanical snail Oct 12 '12 at 18:43
  • 9
    what's even more random is that you had a machine at `` to get a response. What are the odds of that? – James Mertz Oct 12 '12 at 20:27
  • 3
    @KronoS it's actually not so weird if you're on a school or company network. Some DHCP servers will give adresses in increasing order and most of them will be used. – Taum Oct 12 '12 at 22:38
  • 1
    Try loading http://1249739915/. In Chrome it translates to, in Firefox it loads that URL. Related: http://php.net/ip2long – Luc Oct 12 '12 at 23:06
  • Firefox translates it for me actually and redirects to Google's home page. – Boris_yo Oct 13 '12 at 16:02
  • 5
    ```` is timing out for me.. can all the ping requests have somehow knocked out the server?! – iamserious Oct 16 '12 at 09:19
  • 2
    @iamserious: That is the IP address on your local network (not the internet), if you don't have a PC with that IP address you won't get a response. – George Duckett Oct 16 '12 at 09:24

4 Answers4


Everybody is over-complicating it with RFCs, IP classes, and such. Simply run a few tests to see how the ping command parses the IP input by the user (extraneous chaff removed):

> ping 1
Pinging with 32 bytes of data:

> ping 1.2
Pinging with 32 bytes of data:

> ping 1.2.3
Pinging with 32 bytes of data:

> ping
Pinging with 32 bytes of data:

> ping
Ping request could not find host Please check the name and try again.

> ping 255
Pinging with 32 bytes of data:

> ping 256
Pinging with 32 bytes of data:

As you can see, the ping command (in Windows) allows you to use different IP address formats. An IPv4 address can be broken down into four parts (“dotted-quad”) as so: A.B.C.D, and the ping command allows you to leave some out, filling in a default of 0 as follows:

1 part  (ping A)       : 0.0.0.A
2 parts (ping A.B)     : A.0.0.B
3 parts (ping A.B.C)   : A.B.0.C
4 parts (ping A.B.C.D) : A.B.C.D

If you only supply a single part, then if it is under 255 (the maximum for an octet), it is treated like an octet as above, but if it is greater than 255, then it is converted and rolled over into the next field (i.e., mod 256).

There are a few edge cases like providing more than four parts doesn’t seem to work (e.g., pinging google.com’s IP won’t work for either or

You can also use hexadecimal notation in both dotted-quad and flat form, but must format it by pre-pending 0x to each octet.

So, there are plenty of ways to represent an (IPv4) IP address. You can use flat or dotted-quad (or dotted-triple, dotted-double, or even dotted-single) format, and for each one, you can use (or even mix and match) decimal, octal, and hexadecimal. For example, you can ping google.com in the following ways:

  • google.com  (domain name)
  •  (dotted decimal)
  • 1249763844  (flat decimal)
  • 0112.0175.0342.0004  (dotted octal)
  • 011237361004  (flat octal)
  • 0x4A.0x7D.0xE2.0x04  (dotted hex)
  • 0x4A7DE204  (flat hex)
  • 74.0175.0xe2.4  (ಠ_ಠ)

(Thank goodness that binary notation support was not added!)


In your case, pinging 192.168.072 uses the third format in the above table (A.B.0.C), so you are actually pinging Further, because you have a leading zero on the last part, it is treated as octal, which in decimal is 58.

Mystery solved.

Note, that while the Windows ping command allows for such a wide variety of formats for the input and interprets non-standard formats in the ways seen, that does not necessarily mean that you can use such formats everywhere. Some programs may force you to provide all four parts of a dotted-quad, others may not allow mixing and matching decimal and octal, and so on.

Also, IPv6 addresses further complicate the parsing logic and input format acceptability.


syss pointed out that if you use an invalid character in one of the numbers (e.g., an 8 or 9 when using octal, a g in hex-mode, etc.) then ping is smart enough to recognize that and interpret it as a string(-al? -ic?) URL instead of as a numberic IP address.

(As someone who has had numerous aneurysms and heart-attacks trying to write supposedly “simple” code to accommodate the exponentially exploding number of permutations of data values, I appreciate that it—seems to—correctly process all of the input variations; in this case, at least 31+32+33+34=120 variations.)

So, while specifying will ping as expected, passing to ping will be treated like a URL instead of an IP address—like foo.bar.baz.com which could (but sadly does not) exist. In other words, it tries to ping the subdomain 010 on the subdomain 020 on the domain 030 at the top-level domain 080. However, since 080 is not a valid TLD (like .com, .net, and their buddies), the connection fails right at the first step.

The same thing happens with where the invalid character is in a different octet. Likewise, 0xf.0xf.0xf.0xf pings, but 0xh1.0x1.0xg0.0f fails.

Oh well, I guess that’s what you get for not being fluent in multiple number-bases.

It’s probably easier and safer to just make sure to always use 4–dotted-quad (“40q”? “quaddy-quad”? “cutie-q”?) addresses.

So go forth and learn some number bases. You’ll be able to show off at and be the life of parties, and as they say, there are 10 types of people: those who know binary and those who don’t.

Let’s not even think about IPv6 addresses; I think they’re one of the 111 seals!!!

  • 68,243
  • 36
  • 223
  • 356
  • 40
    Overcomplicating? Experimentation can be very useful, and in this case produced a good answer; but without a theory or documentation or standards, you can be missing a critical factor and not know it. Or you could be determining how one particular version works and be wrong about 90% of the implementations out there. Or you could come up with rules that explain your experiments' results but are more complicated than the intended rules. In this case I think the documentations' rules (for `inet_aton()`) are simpler in one respect - no conditionals for "under/over 255". – LarsH Oct 12 '12 at 18:35
  • Lest I be misinterpreted... I'm not trying to dis this answer ... I upvoted it. I'm just saying that **both** experimentation and documentation (including standards) have an important place in answering this kind of question. – LarsH Oct 12 '12 at 18:38
  • 72
    Hey, look! The "science" part of Computer Science makes an appearance! (hypothesize, experiment, verify) – Izkata Oct 12 '12 at 19:20
  • 13
    @LarsH, that’s my point though, that the `ping` command (at least on Windows) is like many of Microsoft’s programs (especially the notorious) IE. It tries to be too forgiving and take anything you throw at it and tries to interpret it. Yes, there is an official document on IP address formats, but that this isn’t a question about ISOs and RFCs, it’s practical, *I did something and it’s being weird* question which can be answered without resorting to (admittedly long, dry, boring technical specifications)—though linking to them in case the OP wants to read them is good too. – Synetech Oct 12 '12 at 19:47
  • +1 Didn't know you could use half of these formats, great answer – Windle Oct 12 '12 at 20:08
  • 1
    @Windle, I think the first time I learned of weird IP formats was back in 1997 when I learned (somehow) that you could enter a flat decimal, and then flat hex address. It was a pretty cool trick to show my classmates, especially back then when the Internet was still fairly new to non-academics. (I think I recall entering Hotbot’s IP address as a flat decimal in some people’s browsers for them and then reveling in their confusion. `:-D`) – Synetech Oct 12 '12 at 20:21
  • 3
    Best line ever written in su: 74.0175.0xe2.226 (ಠ_ಠ) – Adam Nelson Oct 12 '12 at 21:45
  • 74.0175.0xe2.226 is interpreted as by ping. A coincidence that this specific IP is owned and operated by Google? I think not :) – mekwall Oct 12 '12 at 23:16
  • 6
    0-prefixed octal parsing should be completely abandoned, save for `chmod`. That's it. That's the only exception for octal allowed. Period. – James Dunne Oct 12 '12 at 23:42
  • @Joey, thanks. I was wondering why the spell-checker kept underlining “hexidecimal”. Too much pumpkin cheesecake make me not think so gooder. `⊙_ʘ` – Synetech Oct 13 '12 at 00:25
  • It isnt obvious until one looks. But then, next time I see a ping 'mismatch' I am going to try this out for sure :) – Srikanth Venugopalan Oct 13 '12 at 05:31
  • 6
    it is useful for RGB HEX to DEC conversion. lol~ `C:\>ping 0xffffcc` `Pinging with 32 bytes of data:` – wilson Oct 15 '12 at 07:51
  • 3
    @wilson, nice trick! It even “supports” the alpha channel. `:-D` – Synetech Oct 15 '12 at 16:30
  • ping is more complex than I ever thought. +1 – Michael Jul 10 '13 at 10:02
  • @Michael, indeed. You’d be amazed how sometimes what should be a simple program turns out to be shockingly complex under the hood. At this very moment, I’m struggling (and almost done) with a program that I wrote a while back. It was very simple and I knocked it out in no time. Later, I decide to make it slightly more powerful to handle a few more types of input. The slight addition made the program *drastically* more complex and worse, plagued by potential off-by-one-(or-two)-errors. I’ve now spent *much* more time trying to get it to work and test it for every possible error than I expected. – Synetech Jul 11 '13 at 19:50

There are two reasons for this:

First, a '0' prefix indicates an octal number. Since oct(072) = dec(58), 192.168.072 = 192.168.58.

Second, that second-to-last 0 can be dropped from IP addresses as a shorthand. 127.0.1 is interpreted as, and in your case 192.168.58 is interpreted as

  • 1,416
  • 2
  • 12
  • 14
  • 8
    It does not group zeroes. It actually treats each dot as a separator corresponding to the next byte boundary. Thus, the IP addresses 2130706433 and are the same addresses. – Serge Oct 12 '12 at 12:07
  • 1
    does the x.x.x.x notation for 32 bits numbers has a name? It might be used/helpful in other domains but I can't google it :) edit: nevermind, it's the dot-decimal notation – Guillaume86 Oct 12 '12 at 13:17
  • 2
    more precisly it's the quad dotted notation in the case of an IP address – Guillaume86 Oct 12 '12 at 13:24
  • 4
    The famous leading zero has hit once more time! – Luc M Oct 12 '12 at 14:21
  • If 0's are dropped, how does the recipient decide where to add them back in? Why isn't 127.1 equivalent to, for example? Can anybody verify that adding 0's into an IP address is legal (standard) behavior? (citation needed) I searched and didn't find it. – LarsH Oct 12 '12 at 14:38
  • 1
    I'm surprised at so many upvotes, since this answer doesn't account for (all of) what the OP observed, unless we know there are rules for adding missing zero-bytes into a received IP address notation. – LarsH Oct 12 '12 at 14:45
  • 1
    @LarsH: It definitely seems to be standard behavior, Windows command line, my linux terminal and the three major web browsers all follow the same pattern: 1->, 1.2->, 1.2.3-> I was unable to find this specified in an RFC, so it's possible that it's not required behavior. – MatsT Oct 12 '12 at 15:36
  • @Guillaume86: apparently (http://www.kernel.org/doc/man-pages/online/pages/man3/inet_pton.3.html#NOTES), "dotted-decimal" requires that the numbers are actually interpreted as base-10 rather than octal; the looser notation is known as "numbers-and-dots". – LarsH Oct 12 '12 at 15:37
  • @MatsT: it's definitely common behavior, whether standardized or not. The answer I just posted has more details. According to http://www.kernel.org/doc/man-pages/online/pages/man3/inet_aton.3.html, "inet_aton() [the function that implements this behavior] is not specified in POSIX.1-2001, but is available on most systems". – LarsH Oct 12 '12 at 15:38
  • 2
    now this is the real answer! – Alex Gordon Oct 12 '12 at 18:48
  • 2
    That answer is incorrect and misleading. Dropping a 0 in (1.2.3) gives a different IP address ( – sch Oct 12 '12 at 19:53
  • @LarsH just saw this QA and 1st thing I saw was 072 and "58" being an octal to dec conversion. The big long answer just explains skipping the 3rd octet. – Krista K Jan 04 '15 at 05:33

In addition to @neu242's important point about octal notation, and observation that IP addresses can be shortened, the other critical piece is knowing how shortened IP addresses are interpreted.

One might naively guess that if some of the four numbers are missing, the parser would add zero-filled bytes onto the end (or the beginning) of the sequence of bytes. But this doesn't match the behavior the OP reported: 192.168.072 was parsed as, not as, nor

Apparently Windows and Linux ping (the version you tried and the ones I tried) use something equivalent to inet_aton() to parse the IP address argument. The man page for inet_aton() says:

The address supplied in cp can have one of the following forms:

 a.b.c.d   Each of the four numeric parts specifies a byte of the address; the
           bytes are assigned in left-to-right order to produce the binary

 a.b.c     Parts a and b specify the first two bytes of the binary address.
           Part c is interpreted as a 16-bit value that defines the rightmost
           two bytes of the binary address.  This notation is suitable for
           specifying (outmoded) Class B network addresses.

 a.b       Part a specifies the first byte of the binary address.  Part b is
           interpreted as a 24-bit value that defines the rightmost three bytes
           of the binary address.  This notation is suitable for specifying
           (outmoded) Class C network addresses.

 a         The value a is interpreted as a 32-bit value that is stored directly
            into the binary address without any byte rearrangement.

So there you have it... 192.168.072 fits the a.b.c pattern, so the 072 (after parsing as an octal number) was interpreted as a 16-bit value that defines the rightmost 2 bytes of the binary address, equivalent to 0.58.

The above rules are equivalent to saying that if any of the four numbers are missing, the needed zero-filled bytes are added immediately before the last number given... not at the end nor at the beginning of the string of bytes. (Expressing it this way works if the last number given is less than 256.)

Note that newer versions of ping may not allow this kind of shorthand, nor the octal interpretation. The 2010 source code for iputils (including ping) that I found uses inet_pton() rather than inet_aton() to parse the IP address argument. The man page for inet_pton() says:

Unlike inet_aton(3) and inet_addr(3), inet_pton() supports IPv6 addresses. On the other hand, inet_pton() only accepts IPv4 addresses in dotted-decimal notation, whereas inet_aton(3) and inet_addr(3) allow the more general numbers-and-dots notation (hexadecimal and octal number formats, and formats that don't require all four bytes to be explicitly written).

  • 1,014
  • 1
  • 8
  • 19

You have to consider also that an ip can be represented by integers added together in significance to their position. is :
  192 * 256^3
+ 168 * 256^2
+   0 * 256^1
+  58 * 256^0

Here's the cool thing:

192.168.58 will be because

    0 * 256^1 
+  58 * 256^0 
=  58

192.11010106 will also be because

  168 * 256^2 
+   0 * 256^1 
+  58 * 256^0 
= 11010106

3232235578 will also be because

  192 * 256^3 
+ 168 * 256^2 
+   0 * 256^1 
+  58 * 256^0 
= 3232235578
Scott Rippey
  • 221
  • 1
  • 3
  • 8
  • 419
  • 4
  • 5
  • 1
    "192.168.56 will be because 0*256^1 + 58*256^0 = 58" Are you sure? You would expect 168 to be multiplied by 256^1 in the first case, and by 256^2 in the second case. Similarly 192 would be multiplied by 256^2 vs. 256^3. So 192.168.56 could only = if there are additional rules in place, such as the dropping of zeroes. – LarsH Oct 12 '12 at 14:35
  • @LarsH, I think what's being said here is that it's left-to-right based, unlike "normal" counting where we base everything from the 1's place. So the first dot causes whatever is to the left of it to be multiplied by 256^3, the second by 256^2, the third by 256. if there's no dot to the left of it then it's added w/o multiplying by 256^n. So 1.2.3. ( would be different than 1.2.3 (, if I understand correctly. – jacobq Oct 12 '12 at 14:59
  • @iX3: if that were the case, then "192.168.56 will be" would be incorrect, because in the first case, 56 would be multiplied by 256^1, whereas in the second case, 56 would only be multiplied y 256^0. And the OP's 192.168.072 would be interpreted as instead of – LarsH Oct 12 '12 at 15:02
  • What's a bit misleading is the fact the the address has 0 has the 3rd digit. Consider this address The 3 digit form would be 192.168.312 Because 1*256^1 + 56*256^0 is 312 – vesquam Oct 12 '12 at 15:40
  • 1
    The dots only serve to delineate which numbers should be multiplied by which power of 256. The parser looks for the first dot, and multiplies the number before it by 256^3. Repeat for 2nd and 3rd dot, but by 256^2 and 256^1, respectively. Then it adds all of the results together (some impl. may keep a running total instead, though the result is the same). If any of those dots are missing, it simply doesn't do the multiplication and just adds the final number to the running total. That's also why `1.2.3.` results in an error, because the parser can't find the last number to add to the total. – Justin ᚅᚔᚈᚄᚒᚔ Oct 12 '12 at 16:26
  • @Justinᚅᚔᚈᚄᚒᚔ: I think your description of the rules (if I'm interpreting them right) is correct. – LarsH Oct 12 '12 at 18:04