Tom Kroll

Learning about programming, reverse engineering, binary exploitation, and everything else I can about cybersecurity

---

IPv4 Subnetting

30 Apr 2025

When I was first learning about networking, it was difficult for me to wrap my head around the concept of subnetting. When I'm having a tough time understanding a difficult subject like this, I make it a point to study it hard enough to understand every little aspect (maybe this is the reason for my binary exploitation obsession). Most of the material I found did not explain subnetting well and made the associated calculations much harder than they needed to be (this is a recurring theme with many topics and is the reason for my write-up on printf exploits). Here I'll try to simplify what I've learned and add an extra trick I learned along the way. I'll assume certain requisite knowledge such as how basic IP addressing works and hope that this sparks of a love of binary for you just like it did for me.

Sections:

1. What Is Subnetting?
2. Contruction of a Subnet
3. Calculations
4. Cheat Sheet

What Is Subnetting?

The purpose of subnetting is a simple idea. You take the IP address assigned to your network and split it up into different segments. These different segments each act as their own network and cannot freely communicate, so in order for traffic to pass from one subnet to another, it will have to go through the router first. This is a good basic network security measure and also helps with organizing a network.

Construction of a Subnet

There are two ways to identify subnets; subnet mask and CIDR notation. Subnet masks looks like 255.255.255.0 and CIDR notation is /24. What these symbols do is identify the beginning of the subnet range, which determines its size. The zero in 255.255.225.0 means that the entirety of the fourth octet in whichever IP address is given will be used for one subnet. The /24 is derived from the bits of the IP address. There are 8 bits in each octet, so /24 means that the last 8 bits will be used for the subnet. If you are not familiar with binary, the reason there are 8 bits per octet is that 255 in binary is 11111111, or eight places. So in binary, the subnet example of 255.255.255.0 would look like 11111111.11111111.11111111.00000000. Another subnet mask like 255.255.255.192 would be 11111111.11111111.11111111.11000000. 10000000, which is 128 in binary, plus 01000000, which is 64 in binary, equals 192. In CIDR notation, this example would be a /26 subnet because the first 26 places are occupied, leaving the remaining 6 places for subnet addresses.

Now that the subnet mask is defined, we can determine the size of the subnet using that mask. This is easy because all you need to know is the last occupied binary digit. Using the last example of 255.255.255.192, which is 11111111.11111111.11111111.11000000, I've already said that 01000000 is equal to 64 in decimal, so that is the answer. If a given IP address is subnetted using this /26 mask, that will split the fourth octet into four segments that each includes 64 addresses. The actual usable addresses will be 62. For every subnet you must subtract one address for the Network ID, which will be the first address, and a second address for the Broadcast ID, which will be the last address. Using an example network address of 192.168.0.*, the first subnet would be a range of 192.168.0.0 - 192.168.0.63, with 192.168.0.0 being the Network ID and 192.168.0.63 being the Broadcast ID.

This example would result in the following subnets:

192.168.0.0 - 192.168.0.63
192.168.0.64 - 192.168.0.127
192.168.0.128 - 192.168.0.191
192.168.0.192 - 192.168.0.255

With the Network ID and Broadcast ID being the first and last address of each range, respectively.

Calculations

Now we get to the good stuff. Let me begin by saying that binary is awesome and it is used for so many things that you would place yourself at a huge disadvantage if you did not study it. The first thing I did with my scrap paper when taking my CCNA exam is draw out a table so I could make quick calculations for subnetting questions. Most of these questions only involve the fourth octet, but you can draw a second chart for the third if you are so inclined.

These are the rows of the chart I used:

1. CIDR - CIDR notations from /25 through /32.
2. # of IPS per subnet - This row contains the decimal equivalents of those binary placeholders. Finding these placeholders in binary is easy; you just work from right to left, start at 1, and multiply by 2 each time.
3. Subnet Masks - To find the subnet mask, you just use the decimal equivalent of the binary number for the CIDR notation such as the example earlier of /26 = 11000000 = 192. Alternatively, you could keep adding the previous mask to the current subnet size, but this would only work for the fourth octet chart.
4. # of Hosts - The number of hosts is simply subnet size - 2.
5. # of Subnets - When studying subnets I also discovered a neat trick for finding the number of subnets in a given range for fourth octet subnets. If you start at 2 and write the binary placeholders backwards it will give you the number of subnets for the given mask. I just checked how to perform this calculation for the third octet and it turns out that it's the same! I told you binary is awesome!

Cheat Sheet

Here is an example of the chart I drew out for my CCNA exam for the fourth octet:

CIDR	/25	/26	/27	/28	/29	/30	/31	/32
# of IPs per subnet	128	64	32	16	8	4	2	1
Subnet Mask	128	192	224	240	248	252	254	255
# of Hosts	126	62	30	14	6	2	0	0
# of Subnets	2	4	8	16	32	64	128	256

And if you need the third octet, here is another example (in my experience, I have only seen tests ask for the first couple masks):

CIDR	/17	/18	/19	/20	/21	/22	/23	/24
# of IPs per subnet	32768	16384	8192	4096	2048	1024	512	256
Subnet Mask	128	192	224	240	248	252	254	255
# of Hosts	32766	16382	8190	4094	2046	1022	510	254
# of Subnets	2	4	8	16	32	64	128	256

I hope this helps! Happy networking!

Feedback is welcome and encouraged! Please leave a comment below: