IP Subnet Calculator
Calculate subnet masks, network ranges, broadcast addresses, and usable hosts from CIDR notation or IP ranges.
How to Use the Subnet Calculator
- Enter an IP address with CIDR notation (e.g., 192.168.1.0/24) or an IP with subnet mask.
- The tool calculates the network address, broadcast address, and usable host range.
- Review the number of usable hosts, wildcard mask, and binary representation.
- Use the results for network planning, firewall rules, or access control lists.
Understanding IP Subnetting and CIDR
Subnetting is the practice of dividing a network into smaller logical segments called subnets. CIDR (Classless Inter-Domain Routing) notation represents an IP address and its subnet mask as a single expression like 192.168.1.0/24, where /24 indicates that the first 24 bits are the network portion. The remaining bits define the host portion, determining how many devices can exist on that subnet. A /24 subnet provides 254 usable host addresses (256 total minus the network and broadcast addresses). A /25 splits that in half to 126 usable hosts, /26 gives 62, and so on. Understanding these calculations is essential for network design, IP address management, firewall rule configuration, and cloud infrastructure (VPC/VNET) planning where subnet sizing directly impacts cost and scalability. In security, proper subnetting is a core defense-in-depth strategy. Network segmentation isolates sensitive systems (databases, admin panels, payment processing) into separate subnets with controlled access between them. Penetration testers routinely calculate subnet boundaries to map network topology, identify the scope of broadcast domains, and find misconfigured access controls. Understanding CIDR is also critical for configuring security groups, NACLs, and firewall rules in AWS, Azure, and GCP environments.
Frequently Asked Questions
A /24 subnet uses 24 bits for the network portion, leaving 8 bits for hosts, providing 254 usable addresses. A /16 subnet uses 16 network bits and 16 host bits, providing 65,534 usable addresses. Each bit removed from the network portion doubles the number of available hosts.
The network address is the first address in a subnet (all host bits set to 0) and identifies the subnet itself. The broadcast address is the last address (all host bits set to 1) and is used to send packets to all hosts on the subnet. Neither can be assigned to a device, which is why a /24 has 254 usable addresses, not 256.
Subnetting enables network segmentation, which limits the blast radius of a security breach. By placing sensitive systems on isolated subnets with strict access controls, you prevent lateral movement after an initial compromise. Firewall rules and ACLs are configured using CIDR notation to control traffic flow between subnets.
RFC 1918 defines three private IP ranges: 10.0.0.0/8 (16 million addresses), 172.16.0.0/12 (1 million addresses), and 192.168.0.0/16 (65,536 addresses). These ranges are not routable on the public internet and are used for internal networks. NAT translates private addresses to public ones for internet access.