CIDR Addressing and Subnet Masking On IP Networks (Part 1)

(Photo Source and Credit Pexels)

An IP address is used to identify hosts and devices on a TCP/IP-based network e.g. the Internet. Currently there are 2 versions in use, IPv4 (IP version 4) and IPv6(IP version 6). I will explain IPv4 throughout this article. Addressing requires planning, so they are not just created randomly, especially when it is a host on the Internet. Another important part of IP addressing is what is called “subnetting”. Subnetting is the process of logically dividing a network into subnets. This allows network engineers to partition a network into “broadcast domains” called segments, so that traffic is isolated from one network segment to another.

So let’s start with an IP address:

A typical Class C Host ID (IP Address)

This is a Class C IP address that cannot be used on the Internet. It is a part of the 24-bit block of private addresses which require either a proxy or address translation to route Internet traffic. In corporate business networks, assigning IP addresses using this scheme is very common. This is because assigning an actual routable IP is not practical for let’s say desktop computer inside the network. If the world used all actual public IP addresses, we would surely not have enough to go around. That is why a private IP using proxy gateways is the best way to assign an IP to any device. Public IP addresses are used for gateways, web interfaces and any front-facing device that communicates directly on the Internet.

The problem with class based IP addressing is that it limits the range of IP subnets. The class based scheme requires reserving certain octets for the network. Here is an example:

Class A —

Class B —

Class C —

Class A reserves the first octet for the network or subnet ID. Class B reserves the 2nd and 3rd, while Class C reserves the first three octets. This is rather inefficient because addresses will run out quickly.

A scheme called CIDR (Classless Inter-Domain Routing) was developed to allow more networks and subnets to be created. This allows networking devices to disregard classes in IP addressing. At the same time a network can now use more bits for subnetting. That means it is no longer restricted by octets. For example, you can now borrow more bits to create more subnets, but less hosts per subnet. Overall, you can connect more hosts when you have more subnets.

An IP address is divided into 4 parts, called octets. Each octet consists of 8-bits or 1 byte of information. CIDR notation is used to identify a host portion of the IP (the address) followed by a “/” (forward slash) which refers to the subnet mask. The subnet is the partition of the network to which the host belongs to, and the subnet mask is what identifies it. If you add up all the octets in an IP address you get:

8 + 8 + 8 + 8 = 8-bits x 4 octets = 32 bits

The CPU embedded in computers and digital electronics in hosts and devices do not read numbers like we do. We know our numbers based on the decimal system. In digital electronics it requires converting from decimal to machine readable binary numbers. So our IP address example above must be converted to binary. converted to binary numbers

Digital electronics uses strings of 1’s and 0’s that make up binary numbers. Digital electronics like computer devices, use circuits called transistors to process information as a presence of voltage that is either on (1) or off (0). Each position in a binary string has a corresponding number that can either be expressed in hexa-decimal (base16) or decimal (base10).

Base2 numbers are binary, while the numbers we are familiar with are base10. We call our decimal number system base10 because we have a finite set of “base” numbers from 0 to 9:

0 1 2 3 4 5 6 7 8 9

All other numbers used in the decimal system are a combination of any of those base numbers.

Base2 on the other hand only has 2 “base” numbers:

0 1

All other numbers in the binary system are a combination of 1 and 0 base numbers.

To simplify things I will use base2 to give a clearer understanding, though machines prefer base16 which is actually faster to compute. Now to understand why 11000000 is the binary equivalent of 192, let’s look at the IP address in base2.

The 1’s position indicates the base2 numbers that make up 192

What we need to look for is which position in the binary string has a value of 1. We can clearly see that when we add 128 + 64 we get 192. Likewise for the other octets we do the same procedure.

Going back to our IP address,, we need to identify its subnet, broadcast address and range of IP addresses used. Here is a brief explanation of those variables we are looking for.

subnet — Logical division or segment of an IP network.

broadcast address — The address in a subnet not assigned to single host, it is broadcasted or sent to all hosts and devices on the network.

range of IP address — This is the number of IP addresses that can be used on the network.

Finding the Subnet ID

To find the subnet, you must first identify the subnet mask. From our CIDR notation example you have a /24 subnet mask which translates to binary as:


In a Class C IP address, the first 3 octets are reserved for the network. In decimal, this is converted to:

Now we take our IP address and perform a logical AND operation with the subnet mask and we get this result:



The subnet is therefore

Finding the Broadcast ID

Since we know the network portion of the ID based on the subnet, we now take what is called the wildcard bits which will indicate the portion of the octet bits that are not a part of the network. We logically assign a value of 1 to all those bits, and in this example our wildcard is:

Now using our example, since the subnet is, the last octet consists of the wildcard bits. Since all bits are set a value of 1, it will be:

That is then our broadcast address. Think of the broadcast ID as an inversion or opposite of the bits set in the subnet ID.

Wildcard bits are the portion of the IP address that is not part of the subnet which are set a value of 1.

Finding the IP Address Range

By now we can already see from this example, that we have a determined range already. We know the subnet ID is That means that the first usable logical IP address that can be assigned on the network is plus one. So our first IP starts from:

192.168.4. 1

Now that we know the first IP address in the network, we can determine the last based on the broadcast ID. In this case we need to subtract 1 from the broadcast ID and we get:

Therefore, the last usable IP address is 1 less that of the broadcast ID. We then have a total of 254 hosts on the network from–

Finding Total Hosts

Another way to look at this is that we have 256 IP addresses on the network from 0 to 255. You take the total IP addresses of 256 and subtract 2 from it. We subtract by 2 in order to exclude the IP address assigned to the subnet and the broadcast ID.

Finding the total hosts on the network

Thus we have a total of 254 hosts (256–2) on the network.

Putting It All Together

Based on the information we have gathered about, we can construct a table.

Real World Application

In the real world, there are more complex networks that don’t use a /24 subnet mask. If we were to change the /24 to /20 it will be a totally different result. We can create more subnets and add more hosts. Network engineers use subnets to be able to properly plan how many computers they can connect to the network. This was a simple example that defines a single network. Big companies don’t use a single network address space since they can have more than 254 computers in the whole organization. They may have > 1,000 computers that all need access to other networks to get information.

I will explain that in Part 2.





Multimedia, Imaging, Audio and Broadcast Technology

Recommended from Medium

How to HACK Your Way to Cybersecurity Gains: 5 Securities Investors Should Look at NOW!!!

{UPDATE} みっちりねこバブル Hack Free Resources Generator

{UPDATE} Live pets on the desktop Hack Free Resources Generator

SaTT Announces Listing on Coinsbit as SATT Token Gets Onboarded CoinGecko

Incognito is not very Incognito

{UPDATE} Quebra-cabeça deslizante Hack Free Resources Generator

Announcing the Crypto Sailors Program

Solana programs Part 4: Metaplex Candy Machine — how does it work?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vincent Tabora

Vincent Tabora

Editor HD-PRO, DevOps Trusterras (Cybersecurity, Blockchain, Software Development, Engineering, Photography, Technology)

More from Medium

How I use Roll20 macros

How to integrate Duo Two Factor Authentication with CakePHP3

Internet Immortalized

Robust, continuous audio recording: