Beginner โ†’ Intermediate โฑ 75โ€“90 Minutes Core Skill

IP Addressing & Subnetting

Understanding the logical addressing system of the internet. From binary basics to calculating complex network boundaries for firewall evasion and defense.

1. IPv4 Structure

An IPv4 address serves two purposes: it identifies the host (computer) and the network it belongs to. It is a 32-bit number, usually represented in "Dotted Decimal" notation for human readability.

Structure Breakdown

Format: x.x.x.x (Four Octets)
Range per Octet: 0 to 255
Example: 192.168.1.50

Why Logical Addressing Exists

While MAC addresses (Physical) are burned into hardware and work locally, IP addresses (Logical) are assigned by software and allow routing across the globe. Without IPs, the internet would just be one giant, chaotic local network.

2. Binary Logic

Computers do not see 192. They see 11000000. To understand subnetting, you must be comfortable with the "Power of 2".

Power of 2 Chart

Memorize this sequence. It is the key to everything in networking.

1282โท
642โถ
322โต
162โด
82ยณ
42ยฒ
22ยน
12โฐ

Conversion Example: 192

Does 128 fit into 192? Yes (Remainder 64). Bit = 1.
Does 64 fit into 64? Yes (Remainder 0). Bit = 1.
Remaining bits are 0.
Result: 11000000

3. Network vs Host Portion

Every IP address is split into two parts. The Subnet Mask determines where the line is drawn.

NETWORK ID Street Name (Shared by all)
HOST ID House Number (Unique)

The Golden Rule

Devices can only talk directly to other devices if their Network ID matches perfectly. If the Network ID is different, they must send traffic to a Gateway (Router).

4. Subnet Masks & CIDR

The Subnet Mask tells the computer which bits belong to the network. CIDR (Classless Inter-Domain Routing) is the shorthand notation (e.g., /24).

CIDRSubnet MaskHosts (Total)Usable Hosts
/8255.0.0.016,777,21616M+
/16255.255.0.065,53665,534
/24255.255.255.0256254
/25255.255.255.128128126
/26255.255.255.1926462
/27255.255.255.2243230
/30255.255.255.25242

Host Calculation Formula

Formula: 2Host Bits - 2

Example: A /26 network has 6 host bits (32 - 26 = 6).
2โถ = 64 total addresses โ†’ 64 - 2 = 62 usable hosts.

Special CIDR Cases

  • /31 โ†’ Used in point-to-point links (no broadcast required).
  • /32 โ†’ Represents a single host (used in routing tables).

*Usable Hosts = Total - 2 (One for Network ID, one for Broadcast).

5. Subnetting Math: A Walkthrough

Let's calculate the range for a specific network. This is a critical skill for configuring networks and setting scan ranges.

Example: 192.168.10.0/26

Step 1: Identify the Block Size
A /26 means 26 bits are on. The last octet has 2 bits on (11000000).
Decimal value of mask: 128 + 64 = 192.
Block Size Formula: 256 - Mask = Block Size.
256 - 192 = 64.

Step 2: List the Subnets (Increments of 64)
1. 192.168.10.0
2. 192.168.10.64
3. 192.168.10.128
4. 192.168.10.192

Step 3: Analyze the First Subnet (.0)
Network ID: 192.168.10.0
First Usable: 192.168.10.1
Last Usable: 192.168.10.62
Broadcast: 192.168.10.63

Fast Mental Subnetting Trick

Instead of converting to binary every time:

  • Identify which octet changes.
  • Subtract mask from 256.
  • Count in that increment.

Example: /27 โ†’ Mask 224 โ†’ 256 - 224 = 32 โ†’ Subnets increment by 32.

โšก STOP GUESSING. START CALCULATING.

Don't waste time on manual math during a live engagement. Use the IP Subnet Calculator Pro to visualize network ranges, bitmasks, and binary conversions instantly.

๐Ÿš€ Launch Pro Calculator

6. Public vs. Private IPs

Not all IPs are routable on the internet. RFC 1918 defines "Private" ranges used inside LANs (Local Area Networks).

TypeRangeDescription
Class A Private10.0.0.0/8Large Enterprise / Data Centers
Class B Private172.16.0.0/12AWS VPCs, Universities, Docker
Class C Private192.168.0.0/16Home routers, Small Business
Loopback127.0.0.0/8Refers to "This Machine" (localhost)
APIPA169.254.x.xDHCP Failed (Self-assigned)

7. Troubleshooting Network Issues

When connectivity fails, follow this checklist to isolate the problem.

  1. Check IP & Mask: Is the device in the correct subnet? Does the mask match the router?
  2. Check Gateway: Is the Default Gateway address in the same subnet as the device? (It must be).
  3. Check APIPA: If you see 169.254.x.x, the DHCP server is unreachable.
  4. Ping Loopback: ping 127.0.0.1 verifies the TCP/IP stack is working on the OS.
  5. Ping Gateway: Verifies connection to the local router.

8. ๐Ÿ›ก๏ธ Security Context

How Hackers Use Subnetting

1. Target Mapping: Many scanning tools default to scanning a /24 range when users do not explicitly define a subnet mask. If a company uses a /23 (510 hosts), a lazy hacker scanning 192.168.1.0 might miss half the targets.

2. Pivot Points: Compromising a machine with two network interfaces (Dual Homed) allows an attacker to route traffic from one subnet to another, bypassing firewalls. This is called "Pivoting".

3. Firewall Evasion: Understanding subnet boundaries helps in crafting packets that might slip through ACLs (Access Control Lists) that are poorly defined (e.g., allowing "Any" instead of a specific range).

9. Elite Knowledge

Ready to go beyond the basics? These concepts separate the admins from the architects.

VLSM (Variable Length Subnet Mask)

Legacy networks used "Classful" addressing (fixed sizes). VLSM allows network engineers to use different subnet masks within the same network address space. This maximizes efficiency by fitting the subnet size exactly to the department size.

Supernetting (Route Aggregation)

The opposite of subnetting. Supernetting combines multiple smaller subnets into one larger network. This reduces the size of routing tables on core routers, making the internet faster.

Pentester Scenario

You compromised a host at 192.168.10.15/26.
Question: How many other hosts could be in this subnet?
Answer: 62 usable hosts. You should scan 192.168.10.1-62 immediately.

๐Ÿงช Subnet Practice Lab

Test your knowledge. Try to solve these without a calculator first.

Q1: What is the broadcast address for 192.168.1.0/25? Hint: /25 splits a /24 in half.
Q2: How many usable hosts does a /30 network provide? Hint: Often used for Point-to-Point links.
Q3: Is 172.20.10.5 a Public or Private IP?
Q4: Can Host A (192.168.1.10/24) talk directly to Host B (192.168.2.10/24)?
Q5: You see an IP 169.254.12.5. What does this indicate?

A1: 192.168.1.127 (Range is 0-127)

A2: 2 Usable Hosts (Total 4 minus NetID and Broadcast)

A3: Private (It falls within 172.16.0.0 - 172.31.255.255)

A4: No. They are in different networks (1.x vs 2.x). They need a router.

A5: DHCP Failure (APIPA address).

๐Ÿ“Œ Module Recap

  • IP Address: Logical ID (Network + Host).
  • Subnet Mask: Defines the boundary between Network and Host bits.
  • CIDR: Shorthand for masks (e.g., /24). Higher number = smaller network.
  • Network ID: First IP (Unusable). Broadcast: Last IP (Unusable).
  • Private IPs: (10.x, 172.16-31.x, 192.168.x) are not routable on the open internet.
โ† Previous Module
Next: MAC & Local Network
Next Module โ†’