IP Subnetting and Subnet Masks
This article here covers the decimal and binary math related to ip addressing and subnet masks. A well rounded
knowledge of these concepts is critical for network administrators to know in order to design networks and implement
security.
Subnet Masks and the Corresponding Subnets:
subnetmask |
shorthand |
number of addresses |
255.255.255.0 |
/24 [8-bit] |
28 = |
256 |
= 254 hosts + 1 bcast + 1 net base |
255.255.255.128 |
/25 [7-bit] |
27 = |
128 |
= 126 hosts + 1 bcast + 1 net base |
255.255.255.192 |
/26 [6-bit] |
26 = |
64 |
= 62 hosts + 1 bcast + 1 net base |
255.255.255.224 |
/27 [5-bit] |
25 = |
32 |
= 30 hosts + 1 bcast + 1 net base |
255.255.255.240 |
/28 [4-bit] |
24 = |
16 |
= 14 hosts + 1 bcast + 1 net base |
255.255.255.248 |
/29 [3-bit] |
23 = |
8 |
= 6 hosts + 1 bcast + 1 net base |
255.255.255.252 |
/30 [2-bit] |
22 = |
4 |
= 2 hosts + 1 bcast + 1 net base |
255.255.255.254 |
/31 [1-bit] |
21 = |
- |
invalid, no possible hosts |
255.255.255.255 |
/32 [0-bit] |
20 = |
1 |
a host route |
Some Notes:
An IP number has four 8-bit binary octets. A binary bit has two possible values, on or off (0 or 1). Each octet in a ip address can be represented by 28 or 256 decimal
numbers (0..255). If we count up all 32 bits (4 octets x 8 bits per octet = 32 bits), we have an network of 256x256x256x256 or 232 = 4,294,967,296
possible ip addresses. Since that is too many for any one network; this number is segmented into more manageable chunks, or subnets,
via routing. The network base address and subnet mask determines what portion of the 32-bit ip address that belongs to a given
subnet.
A network interface (NIC) should not waste its processing power looking at all IP traffic. We want each
NIC to ignore everything that is not meant for itself. A subnet mask provides a way to quickly and efficiently filter out anything
not meant for that particular interface. NICs on hosts, routers, etc., use a combination of network "base" address and "subnet mask" to
determine what to ignore and what to listen to.
The subnet mask shorthand notation (the /##'s) just specifies how many places to keep to determine the network address
of an interface. In other words if you would have the shorthand notation of /24 or 255.255.255.0 that would mean that the
remaining 8 places (32-24=8) is for ip addresses in the subnet the interface is in. A subnet mask of 0.0.0.0 or /0, means
look at all the places in all the octets in other words the entire Internet. Again, we generally do not want a NIC to listen
for the entire Internet.
The subnet mask is called a "mask" because it also tells how many places on the left-hand side to mask-out when figuring
out a specific host address.
Subnet Mask Classes: For a "Class C" or "8-bit" subnet (32-24=8), the network interfaces only care about
the last octet. So we use 255.255.255.0, or its shorthand equivalent, /24.
For a "Class B" or "16-bit" subnet (32-16=16), the network interfaces only care about the last two octets.
So we use 255.255.0.0, or its shorthand equivalent, /16.
For a "Class A " or "24-bit" subnet (32-8=24), the network interfaces only care about the last three octets.
So we use 255.0.0.0, or its shorthand equivalent, /8.
Network Base Address and Broadcast Address:
The network base address is the first IP address in a given subnet; the broadcast address is the last. There's nothing
"special" about these first and last numbers in the math; it's just the engineering specification that defines them to these
functions. All NICs have to listen for traffic directed at their specific IP addresses and the broadcast address for their
subnet. The base network address is all 0's for the hostid and refers to the subnet itself; the broadcast address is all 1's
and refers to all hosts on the subnet.
32-bit Binary to Dotted Decimal Conversion:
Computers love octal math because they're essentially binary in nature (they like a switch to be either OFF/0 or ON/1) the
same way humans like base ten (because we count on our fingers). Our base ten tendencies cause our eyes to glaze over when
presented with binary numbers. Still, some understanding of the binary numbering system helps us comprehend IP networking a bit more
clearly.
The math behind the madness:
The following numbers are equivalent:
Binary |
Decimal |
1 |
1 |
10 |
2 |
100 |
4 |
1000 |
8 |
10000 |
16 |
100000 |
32 |
1000000 |
64 |
10000000 |
128 |
Lets convert the ip address 128.10.2.30 into binary
Binary Place Holder |
|
10000000 |
1000000 |
100000 |
10000 |
1000 |
100 |
10 |
1 |
|
Decimal Place Holder |
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
total |
|
|
128 + |
0 + |
0 + |
0 + |
0 + |
0 + |
0 + |
0 = |
128 |
1st octet |
binary |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
0 = |
10000000 |
|
|
0 + |
0 + |
0 + |
0 + |
8 + |
0 + |
2 + |
0 = |
10 |
2nd octet |
binary |
0 |
0 |
0 |
0 |
1 |
0 |
1 |
0 = |
00001010 |
|
|
0 + |
0 + |
0 + |
0 + |
0 + |
0 + |
2 + |
0 = |
2 |
3rd octet |
binary |
0 |
0 |
0 |
0 |
0 |
0 |
1 |
0 = |
00000010 |
|
|
0 + |
0 + |
0 + |
16 + |
8 + |
4 + |
2 + |
0 = |
30 |
4th octet |
binary |
0 |
0 |
0 |
1 |
1 |
1 |
1 |
0 = |
00011110 |
128.10.2.30 = 10000000.00001010.00000010.00011110
Ok lets say the ip address that we just worked with (128.10.2.30) has a subnet mask of 255.192.0.0 or /10. that means the last 22 binary places represent the subnet the ip address is in. That also means the interface this ip address is assigned to will only listen to ip addresses within this subnet. If it needs to communicate with an ip address outside of it's subnet it refers to it's default gateway. Ok let's figure it out.
Binary Place Holder |
|
10000000 |
1000000 |
100000 |
10000 |
1000 |
100 |
10 |
1 |
|
Decimal Place Holder |
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
total |
|
|
128 + |
64 + |
32 + |
16 + |
8 + |
4 + |
2 + |
1 = |
255 |
1st octet |
binary |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 = |
11111111 |
|
|
128 + |
64 + |
0 + |
0 + |
0 + |
0 + |
0 + |
0 = |
192 |
2nd octet |
binary |
1 |
1 |
0 |
0 |
0 |
0 |
0 |
0 = |
11000000 |
|
|
0 + |
0 + |
0 + |
0 + |
0 + |
0 + |
0 + |
0 = |
0 |
3rd octet |
binary |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 = |
00000000 |
|
|
0 + |
0 + |
0 + |
0 + |
0 + |
0 + |
0 + |
0 = |
0 |
4th octet |
binary |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 = |
00000000 |
Subnet mask 255.192.0.0 = 11111111.11000000.00000000.00000000
Everything after the first 10 bits is the subnet.
The subnet is 00000000.00111111.11111111.11111111. So let's figure the decimal ip address range of the subnet.
Binary Place Holder |
|
10000000 |
1000000 |
100000 |
10000 |
1000 |
100 |
10 |
1 |
|
Decimal Place Holder |
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
total |
|
|
0+ |
0+ |
0+ |
0 + |
0 + |
0 + |
0 + |
0 = |
0 |
1st octet |
binary |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 = |
00000000 |
|
|
0 + |
0 + |
32 + |
16 + |
8 + |
4 + |
2 + |
1 = |
63 |
2nd octet |
binary |
0 |
0 |
1 |
1 |
1 |
1 |
1 |
1 = |
00111111 |
|
|
128 + |
64 + |
32 + |
16 + |
8 + |
4 + |
2 + |
1 = |
255 |
3rd octet |
binary |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 = |
11111111 |
|
|
128 + |
64 + |
32 + |
16 + |
8 + |
4 + |
2 + |
1 = |
255 |
4th octet |
binary |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 = |
11111111 |
The ip address of 128.10.2.30 with a subnet mask of 255.192.0.0 is in a subnet from 128.0.0.0-128.63.255.255. The
first ip address 128.0.0.0 is the network base address. The last ip address 128.63.255.255 is the broadcast address of
the subnet. The subnet has 4,194,302 available host ip addresses (64 x 256 x 256 = 4,194,304 - 1 base address and 1 broadcast
address = 4,194,302). |
Top
Windows Articles
Top
Software Downloads
Top
Scripts 
M$
Security Bulletins
Symantec
Virus Alerts