What is a Subnet Mask?

Table of Contents

    Cybersecurity 101 Categories

    Access Control

    48 Posts

    Application Security

    17 Posts

    Authentication

    73 Posts

    Compliance

    9 Posts

    Cyber Threats

    61 Posts

    Endpoint Security

    11 Posts

    General Security

    33 Posts

    IoT Security

    17 Posts

    Network Security

    51 Posts

    Networking

    28 Posts

    Zero Trust

    27 Posts
    Back to Cybersecurity Center

    What is a subnet mask and how does it work?

    A subnet mask is a 32-bit number used in IPv4 networking that helps divide an IP address into two components: the network portion and the host portion. It determines which part of the IP address identifies the network and which part identifies the device (host) on that network. This concept is key to organizing and securing IP networks.

    For example, take the IP address 192.168.1.10 with a subnet mask of 255.255.255.0. In binary, that’s:

    • IP Address: 11000000.10101000.00000001.00001010

    • Subnet Mask: 11111111.11111111.11111111.00000000

    The mask tells us that the first 24 bits are reserved for the network (192.168.1) and the last 8 bits are available for hosts. The IP 192.168.1.10 is therefore host number 10 on the 192.168.1.0 network.

    Subnet masks are critical for routing traffic correctly, segmenting networks for performance and security, and preventing IP conflicts. They are often expressed in CIDR notation — like /24 — which means 24 bits are for the network (same as 255.255.255.0).

    How do I calculate the subnet mask for a given IP range?

    To calculate the subnet mask for a specific IP range, you need to determine two things:

    • How many subnets you need, or

    • How many hosts you want per subnet

    Let’s say you want to divide a network into subnets that support at least 50 devices each. Here’s how you calculate it:

    Step 1: Use the host formula

    Number of usable host addresses per subnet = 2^n - 2
    (We subtract 2 for the network and broadcast addresses)

    We need 50 hosts →
    2^6 - 2 = 62 usable hosts → so we need 6 bits for hosts.

    Step 2: Subtract from 32 to find the subnet mask

    32 total bits – 6 host bits = 26 network bits → CIDR: /26

    Step 3: Convert /26 to dotted decimal

    • /26 = 255.255.255.192

    That subnet mask gives you 4 subnets with 62 usable IPs each (per Class C block). The trick is to choose the smallest subnet mask that still supports your required number of hosts.

    If you’re going the other way — say, creating 8 subnets from a Class C network — the formula is:

    2^n ≥ desired subnets
    2^3 = 8 → need 3 bits → /27 or 255.255.255.224

    Subnet calculators online can speed this up, but knowing the logic helps with certification exams and network troubleshooting.

    What is the difference between a subnet mask and a default gateway?

    While both are essential parts of IP networking, a subnet mask and a default gateway serve very different purposes:

    Subnet Mask: Defines the network

    A subnet mask tells a device which portion of its IP address refers to the network and which refers to the host. It’s used to determine if another IP address is within the same subnet or not.

    For example, if your IP is 192.168.1.50 with subnet mask 255.255.255.0, then anything from 192.168.1.1 to 192.168.1.254 is considered “local.”

    Default Gateway: Routes traffic to other networks

    A default gateway is the IP address of the device (usually a router) that connects your local network to external networks — like the internet. If a device wants to talk to 8.8.8.8 (Google DNS) and it’s outside its local subnet, the traffic is sent to the default gateway.

    In short:

    • Subnet mask helps devices identify who’s local.

    • Default gateway helps them communicate with the outside world.

    They’re both configured together, but one is for IP math and one is for routing.

    What does a /24 subnet mask mean?

    The notation /24 is part of CIDR (Classless Inter-Domain Routing) and represents how many bits of the IP address are reserved for the network portion. In this case, 24 out of 32 bits are used for the network, leaving 8 bits for hosts.

    So, a /24 subnet mask means:

    • Subnet mask: 255.255.255.0

    • IP range: 256 addresses total

    • Usable host IPs: 2^8 - 2 = 254

    Example:

    If your network is 192.168.5.0/24:

    • Network address: 192.168.5.0

    • First usable IP: 192.168.5.1

    • Last usable IP: 192.168.5.254

    • Broadcast address: 192.168.5.255

    Each /24 subnet gives you a clean block of 254 usable host IPs, which is perfect for small to medium-sized networks like offices, schools, or small business LANs.

    Because /24 aligns with the traditional Class C boundary, it’s one of the most commonly used subnet sizes. It’s easy to work with, doesn’t waste too many IPs, and provides a good balance of manageability and capacity.