Computer Networks

Subnets, netmasks and CIDR notation

Easy
10 min

Subnets

Subnet is essentially an IP range, a set of consecutive IP addresses, within which network devices can communicate with each other directly using MAC addresses. If you want to connect a device whose IP address is not in the same subnet, you need a gateway that knows how to route the packet to the recipient in another network. But we will cover gateways and routing in a future module.

Example: Jaska's laptop and phone are in a small subnet with two IP addresses: 192.168.0.5 and 192.168.0.6. The laptop's IP address is 192.168.0.5 and the phone's address is 192.168.0.6.

You can directly connect Jaska's laptop to Jaska's phone using the MAC address (using ARP protocol as we learned earlier) at address 192.168.0.6.

But now Jaska wants to connect to a game server on the Internet at address 1.2.3.4. The IP address 1.2.3.4 does not belong to Jaska's small subnet, so Jaska needs to route to the game server through the Internet.

But how does Jaska's computer know that 1.2.3.4 is not within Jaska's subnet IP range, but 192.168.0.6 is? The answer lies in the IP address combined with the subnet mask set in Jaska's network card settings, which allow Jaska's computer to directly determine that both 1.2.3.4 and even 192.168.0.7 are outside Jaska's network.

Subnet Mask

Subnet mask, which doesn't really roll off the tongue so let's call it a mask from now on, is a way to split an IP address into two parts, network and device.

Assume that we have an IP address of 192.168.1.100 and we are using the following mask: 255.255.255.0 (which we will discuss shortly in /24 CIDR notation). Let's examine this example using bit strings.

  • IP Address: 11000000.10101000.00000001.01100100
  • Subnet Mask: 11111111.11111111.11111111.00000000
  • Network: 11000000.10101000.00000001.00000000
  • Device: 00000000.00000000.00000000.01100100

In this example, the network mask contains 24 "1" bits and 8 "0" bits. The network is defined based on the "1" bits of the network mask, while the device is formed at the positions of the "0" bits of the network mask. Hence, the network is 192.168.1.0 and the device address is 0.0.0.100.

This means that the IP address in question belongs to network 192.168.1.0 and the device is 100. With the help of the mask, we can differentiate this IP address from other devices in the same domain.

CIDR Notation

CIDR notation (Classless Inter-Domain Routing) provides a condensed way to represent network masks. It enables clear expression of network masks by combining the IP address and the network mask into one notation.

In CIDR notation, the subnet mask is represented after the address with a slash, followed by the subnet mask length expressed in bits. For example, if the IP address is 192.168.1.10 and the subnet mask is 255.255.255.0, in CIDR notation it would be 192.168.1.10/24. In this case, "/24" indicates that there are 24 "1" bits in the subnet mask, which is equivalent to the subnet mask 255.255.255.0.

CIDR notation enables the compression and clear expression of network masks. It is a commonly used practice in network design and IP address management.

Test your knowledge

On the network 192.168.0.0/24, what does "/24" mean?

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.