Simple Subnet Calculations in IPv4

Hey All,

I recently wrote up some information on subnetting, and figured I would share it. For a more in depth overview I would highly recommend reading A Dive Into Subnetting, which @_py wrote. Hopefully this quick and dirty reference helps in it’s own way!

Subnetting is the product of logically dividing up a network up into smaller, modular networks. This has many benefits, such as speed increases, easier administration, and increased options for maintaining security. While this post will not go into detail on the benefits or implementation of subnetworks, it is important to be able to calculate subnetwork ranges, network addresses, and broadcast addresses. In other words, “What is the network for for IP XXX.XXX.XXX.XXX/XX? What is the IP range of this network?”, and so on.


Finding the Subnet Mask

When running commands such as ipconfig or ifconfig you may be given your IP and subnet mask; but let's assume that we are working with a classless IP displayed as 192.168.0.23/21 and that you have to calculate the subnet mask yourself. The portion preceding the "/" would be the IP, and the portion afterwards indicates the amount of subnet mask bits. Like IPs, subnet masks are comprised of four binary octets. The bits are typically assigned left to right, so we would have a subnet mask of 11111111.11111111.11111000.00000000, or 255.255.248.000 in decimal format.

Simple Calculations with the Binary Method

Now that we have our subnet mask, lets calculate the network address, which is the very first IP in a subnet range. This is done with a bitwise AND operation, so the IP needs to be represented as binary as well, 11000000.10101000.00000000.00010111. Here we perform the AND operation and find our network address:
11000000.10101000.00000000.00010111 = 192.168.000.023 (Address)  
11111111.11111111.11111000.00000000 = 255.255.248.000 (Mask)  
-----------------------------------AND---------------  
11000000.10101000.00000000.00000000 = 192.168.000.000 (Network Address)

This means that, for IP 192.168.0.23/21, our host 0.23 belongs to network 192.168.0.0. Now, lets look at the range of this network. We calculate this by once again looking at the bits assigned in our network mask octets, and keeping in mind the binary values of each. More specifically, we look at whichever our rightmost octet is which contains 1 values, and then the value of our rightmost bit.

Value: 128 64 32 16 8 4 2 1
Bits: 1 1 1 1 1 0 0 0

The rightmost bit corresponds to 8, which indicates our range. In other words, the subnet range that 192.168.0.23/21 belongs to is 192.168.0.0 through 192.168.7.255, and 192.168.8.0 is the adjacent subnet. Now we also know our broadcast address, which is always the last IP address in the range (192.168.7.255). Since the first and last IP addresses are reserved for the network and broadcast addresses, the host address range (all valid addressable IPs) would be 192.168.0.1 through 192.168.7.254, giving a total of 2,046 valid host addresses (calculated as (8 x 256) - 2). We can calculate the amount of valid host addresses as rightmost bit value, 8, multiplied by 256 per octet to the right, subtracting 2 lastly.


Even Simpler Calculations with the Magic Number Method

Now that we have examined the binary method, let's take a look at a simpler way of calculating the same subnet properties. Assuming we have our subnet mask, perhaps using a lookup chart such as the cheatsheet at the bottom, we instead want to find our leftmost number that isn't 255. Let's assume we are working with an IP of 66.52.3.30 and a subnet mask of 255.255.255.240. So, for 255.255.255.240, we have the number 240. To get our "magic number", we subtract 240 from 256, resulting in 16. Our magic number is calculated from the 4th binary octet, so we know our subnets calculate in intervals of 16 from the 4th octet. In other words, we know we would have network addresses of 66.52.3.0, followed by 66.52.3.16, followed by 66.52.3.32, and so on. Using this logic, we know that address 66.52.3.30 is within the network of 66.52.3.16, because the host range of the subnet extends from 66.52.3.17 through 66.52.3.30. We now also know that our broadcast address is 66.52.3.31, and that the next subnet range will begin at 66.52.3.32, giving a valid host range of 14. We can calculate the amount of valid host addresses as our magic number, 16, multiplied by 256 per octet to the right, subtracting 2 lastly.

Cheatsheet Chart

Mask Bit Suffix Subnet Mask Host Addresses per Subnet
/1 128.0.0.0 2,147,483,646
/2 192.0.0.0 1,073,741,822
/3 224.0.0.0 536,870,910
/4 240.0.0.0 268,435,454
/5 248.0.0.0 134,217,726
/6 252.0.0.0 67,108,862
/7 254.0.0.0 33,554,430
/8 255.0.0.0 16,777,214
/9 255.128.0.0 8,388,606
/10 255.192.0.0 4,194,302
/11 255.224.0.0 2,097,150
/12 255.240.0.0 1,048,574
/13 255.248.0.0 524,286
/14 255.252.0.0 262,142
/15 255.254.0.0 131,070
/16 255.255.0.0 65,534
/17 255.255.128.0 32,766
/18 255.255.192.0 16,382
/19 255.255.224.0 8,190
/20 255.255.240.0 4,094
/21 255.255.248.0 2,046
/22 255.255.252.0 1,022
/23 255.255.254.0 510
/24 255.255.255.0 254
/25 255.255.255.128 126
/26 255.255.255.192 62
/27 255.255.255.224 30
/28 255.255.255.240 14
/29 255.255.255.248 6
/30 255.255.255.252 2
/31 255.255.255.254 x
/32 255.255.255.255 x

Note that /31 and /32 are not frequently used, and would only be considered “valid” in hyper-specific circumstances which fall outside the scope of this post.

12 Likes

Ah yes, the good ol days when @_py did networking and used Python.

4 Likes

Thanks for the dive. Exactly the type of information I was looking for. Couple of questions because I am new to this topic (these may go a bit deeper): :slightly_smiling_face:

  1. What happens if the subnet does not match the associated router IP address?
  2. Which calculation method do you think works better and why?
  3. How do you know if the subnet has been spoofed?

-Archangel

If a computer and router have a subnet mismatch a lot of weird stuff can happen. Communication between two comptuers on the same network can stop completely depending on their individual IP addresses. Say computer A has the correct settings of 192.168.1.161/24, and computer B has the incorrect 192.168.1.13/25, A will be able to send information to B but B won’t be able to send anything back, because B is going to (incorrectly) send those packets to the router instead of directly to the computer. The router is going to see that the source and destination are in the same subnet and not do any forwarding on them.

I, and most people I know, use the “magic number” method. It’s much easier, and working in powers of 2 becomes second nature after a bit.

I’m not sure what you mean by this. Can you give an example?

1 Like

@onom4stic0n Like the subnet has been tampered with for malicious purposes. I am going to test it out either way, just want to know if there was a way of picking it up/tracing it.
-Archangel

This topic was automatically closed after 30 days. New replies are no longer allowed.