Beginner → Intermediate ⏱ 75–90 Minutes Core Skill

IP Addressing & Subnetting

Understanding the logical addressing system of the internet. From binary basics to calculating complex network boundaries for firewall evasion and defense.

1. IPv4 Structure

An IPv4 address serves two purposes: it identifies the host (computer) and the network it belongs to. It is a 32-bit number, usually represented in "Dotted Decimal" notation for human readability.

Structure Breakdown

Format: x.x.x.x (Four Octets)
Range per Octet: 0 to 255
Example: 192.168.1.50

2. Binary Logic

Computers do not see 192. They see 11000000. To understand subnetting, you must be comfortable with the "Power of 2".

Each octet has 8 bits. The values of these bits, from left to right, are:

1282⁷
642⁶
322⁵
162⁴
8
4
2
12⁰

Conversion Example: 192

Does 128 fit into 192? Yes (Remainder 64). Bit = 1.
Does 64 fit into 64? Yes (Remainder 0). Bit = 1.
Remaining bits are 0.
Result: 11000000

3. Network vs Host Portion

Every IP address is split into two parts. The Subnet Mask determines where the line is drawn.

NETWORK ID Street Name (Shared by all)
HOST ID House Number (Unique)

Devices can only talk directly to other devices if their Network ID matches perfectly. If the Network ID is different, they must send traffic to a Gateway (Router).

4. Subnet Masks & CIDR

The Subnet Mask tells the computer which bits belong to the network. CIDR (Classless Inter-Domain Routing) is the shorthand notation (e.g., /24).

CIDRSubnet MaskHosts (Total)Usable Hosts
/8255.0.0.016,777,21616M+
/16255.255.0.065,53665,534
/24255.255.255.0256254
/25255.255.255.128128126
/26255.255.255.1926462
/27255.255.255.2243230
/30255.255.255.25242

*Usable Hosts = Total - 2 (One for Network ID, one for Broadcast).

5. Subnetting Math: A Walkthrough

Let's calculate the range for a specific network. This is a critical skill for configuring networks and setting scan ranges.

Example: 192.168.10.0/26

Step 1: Identify the Block Size
A /26 means 26 bits are on. The last octet has 2 bits on (11000000).
Decimal value of mask: 128 + 64 = 192.
Block Size Formula: 256 - Mask = Block Size.
256 - 192 = 64.

Step 2: List the Subnets (Increments of 64)
1. 192.168.10.0
2. 192.168.10.64
3. 192.168.10.128
4. 192.168.10.192

Step 3: Analyze the First Subnet (.0)
Network ID: 192.168.10.0
First Usable: 192.168.10.1
Last Usable: 192.168.10.62
Broadcast: 192.168.10.63

⚡ Interactive Simulator

Want to visualize the bits changing in real-time? Use our calculator to experiment with different CIDR notations.

Launch Subnet Trainer

6. Public vs. Private IPs

Not all IPs are routable on the internet. RFC 1918 defines "Private" ranges used inside LANs (Local Area Networks).

TypeRangeDescription
Class A Private10.0.0.0/8Large Enterprise / Data Centers
Class B Private172.16.0.0/12AWS VPCs, Universities, Docker
Class C Private192.168.0.0/16Home routers, Small Business
Loopback127.0.0.0/8Refers to "This Machine" (localhost)
APIPA169.254.x.xDHCP Failed (Self-assigned)

7. Troubleshooting Network Issues

When connectivity fails, follow this checklist to isolate the problem.

  1. Check IP & Mask: Is the device in the correct subnet? Does the mask match the router?
  2. Check Gateway: Is the Default Gateway address in the same subnet as the device? (It must be).
  3. Check APIPA: If you see 169.254.x.x, the DHCP server is unreachable.
  4. Ping Loopback: ping 127.0.0.1 verifies the TCP/IP stack is working on the OS.
  5. Ping Gateway: Verifies connection to the local router.

8. 🛡️ Security Context

How Hackers Use Subnetting

1. Target Mapping: When performing a scan with Nmap, hacking tools assume a /24 by default. If a company uses a /23 (510 hosts), a lazy hacker scanning 192.168.1.0/24 will miss half the targets (the 192.168.0.x range).

2. Pivot Points: Compromising a machine with two network interfaces (Dual Homed) allows an attacker to route traffic from one subnet to another, bypassing firewalls. This is called "Pivoting".

3. Firewall Evasion: Understanding subnet boundaries helps in crafting packets that might slip through ACLs (Access Control Lists) that are poorly defined (e.g., allowing "Any" instead of a specific range).

🧪 Subnet Practice Lab

Test your knowledge. Try to solve these without a calculator first.

Q1: What is the broadcast address for 192.168.1.0/25? Hint: /25 splits a /24 in half.
Q2: How many usable hosts does a /30 network provide? Hint: Often used for Point-to-Point links.
Q3: Is 172.20.10.5 a Public or Private IP?
Q4: Can Host A (192.168.1.10/24) talk directly to Host B (192.168.2.10/24)?
Q5: You see an IP 169.254.12.5. What does this indicate?

A1: 192.168.1.127 (Range is 0-127)

A2: 2 Usable Hosts (Total 4 minus NetID and Broadcast)

A3: Private (It falls within 172.16.0.0 - 172.31.255.255)

A4: No. They are in different networks (1.x vs 2.x). They need a router.

A5: DHCP Failure (APIPA address).

📌 Module Recap

  • IP Address: Logical ID (Network + Host).
  • Subnet Mask: Defines the boundary between Network and Host bits.
  • CIDR: Shorthand for masks (e.g., /24). Higher number = smaller network.
  • Network ID: First IP (Unusable). Broadcast: Last IP (Unusable).
  • Private IPs: (10.x, 172.16-31.x, 192.168.x) are not routable on the open internet.
← Previous Module
Next: MAC & Local Network
Next Module →