π° Originally published on SecurityElites β the canonical, fully-updated version of this article.
DAY 6 OF 100
100-Day Ethical Hacking Course
π΄ Day 6 β IP Addressing & Subnetting for Beginners
Day 100 β Professional Pentester
06
Every time a student types nmap 192.168.1.0/24 in a tutorial, I ask them: βWhat does the /24 mean?β Most canβt answer. They typed it because the tutorial said to. That works right up until something goes wrong β and then they have no idea why.
Today you learn to actually understand that notation. And once you do, every scan range, every network diagram, and every infrastructure assessment youβll ever do will make complete, immediate sense.
Iβm going to be direct about subnetting: it has a reputation for being the topic that breaks beginners. That reputation exists because most teachers jump straight into the math without explaining why any of it matters. Iβm going to do the opposite β purpose first, mechanics second. By the end of today youβll understand subnetting well enough to calculate target ranges in your head for common networks.
π Day 6 Contents
- Why Subnetting Matters for Hackers
- IPv4 Address Structure
- Binary β Just Enough to Understand
- Subnet Masks Demystified
- CIDR Notation β The Shorthand
- Calculating Host Ranges
- Common Subnets Cheat Sheet
- Tools β ipcalc, ip route, Nmap
- Subnetting in Real Assessments
- Day 6 Practical Task
Why Subnetting Matters β The Hackerβs Perspective
Before we touch any math, I want you to understand exactly where subnetting shows up in practical ethical hacking work. This context will make the technical details meaningful rather than abstract.
π
Defining Scan Targets
When you run nmap 10.10.10.0/24, you need to know what that /24 means β 254 potential hosts on that network segment. Understanding this prevents you from accidentally scanning too broad (entire internet) or too narrow (missing live hosts).
πΊοΈ
Reading Network Diagrams
Penetration test reports include network topology diagrams. Every segment is labelled with CIDR notation. Understanding subnetting means you can read a network map, identify which systems are on which segment, and plan lateral movement accordingly.
π―
OSINT & Scope Definition
Bug bounty programs define scope using CIDR ranges. A company might say βin-scope: 203.0.113.0/24β β you need to know exactly which IPs that includes to stay inside the rules.
π’
Internal Network Understanding
Enterprise networks are divided into subnets by function β 10.1.0.0/24 for servers, 10.2.0.0/24 for workstations, 10.3.0.0/24 for management. Recognising these patterns tells you whatβs likely on each segment during a pentest.
IPv4 Address Structure β Anatomy of an IP
An IPv4 address is a 32-bit number written in a human-readable format called dotted decimal notation. The 32 bits are split into four groups of 8 bits (called octets), each converted to a decimal number between 0 and 255, separated by dots.
Anatomy of an IP address: 192.168.1.100
OCTET 1
192
11000000
OCTET 2
168
10101000
OCTET 3
1
00000001
OCTET 4
100
01100100
Each octet = 8 bits Β |Β 4 octets Γ 8 bits = 32 bits total Β |Β Values: 0β255 per octet
Total possible IPv4 addresses: 2Β³Β² = 4,294,967,296 (~4.3 billion)
Every IP address has two parts: the network portion (which network does this belong to?) and the host portion (which specific device on that network?). The subnet mask tells you where the dividing line falls between these two parts.
Binary β Just Enough to Understand Subnetting
Iβm not going to teach you to think in binary. Iβm going to give you the one table you need, and the one concept that makes subnet masks immediately clear. Thatβs all the binary you need for subnetting.
Binary bit values β one octet (8 bits), memorise this row
BIT POSITION
7
6
5
4
3
2
1
0
DECIMAL VALUE
128
64
32
16
8
4
2
1
Example: decimal 192 in binary
128 + 64 = 192 β binary: 11000000
bit 7 = 1 (128) + bit 6 = 1 (64) + rest = 0
Example: decimal 255 in binary
128+64+32+16+8+4+2+1 = 255 β binary: 11111111
All 8 bits = 1. Maximum value of one octet = 255.
π‘ The one thing to remember: A subnet mask is always a string of 1 bits followed by 0 bits β never mixed. 11111111.11111111.11111111.00000000 is valid. 11110101.00001111.11110000.10101010 is not a valid subnet mask. This single rule explains everything about how subnet masks work.
Subnet Masks Demystified β What Theyβre Actually Telling You
A subnet mask is a 32-bit number that tells you which part of an IP address is the network portion (the 1 bits) and which part is the host portion (the 0 bits). Every device on a network has both an IP address and a subnet mask β together they define what network the device belongs to.
Subnet mask breakdown β 255.255.255.0 explained bit by bit
IP Address: 192 . 168 . 1 . 100
IP Binary: 11000000.10101000.00000001.01100100
Subnet Mask: 255 . 255 . 255 . 0
Mask Binary: 11111111.11111111.11111111.00000000
βββββ NETWORK PORTION βββββ βHOSTβ
The 1s in the mask = network bits (locked β same for all hosts in subnet)
The 0s in the mask = host bits (varies β different for each device)
Network address (all host bits = 0): 192.168.1.0
Broadcast address (all host bits = 1): 192.168.1.255
Usable hosts: 192.168.1.1 β 192.168.1.254 (254 addresses)
NETWORK ADDRESS
192.168.1.0
All host bits = 0
Identifies the subnet itself
USABLE HOSTS
192.168.1.1β254
254 addresses
Assigned to devices
BROADCAST ADDRESS
192.168.1.255
All host bits = 1
Sends to all devices
CIDR Notation β The Shorthand That Appears Everywhere
Writing out 255.255.255.0 every time is clunky. CIDR (Classless Inter-Domain Routing) notation solves this by just counting the number of 1 bits in the mask and appending that count after a slash. Itβs a compressed way to express both the network address and the subnet mask together.
π Read the complete guide on SecurityElites
This article continues with deeper technical detail, screenshots, code samples, and an interactive lab walk-through. Read the full article on SecurityElites β
This article was originally written and published by the SecurityElites team. For more cybersecurity tutorials, ethical hacking guides, and CTF walk-throughs, visit SecurityElites.
Top comments (0)