What Is a Subnet Mask? A Simple, Clear Explanation
A subnet mask is a 32-bit number that works alongside an IP address to define which part of the address identifies the network and which part identifies the individual device. Think of it like an area code in a phone number: the area code tells the phone system which region to route the call to, while the remaining digits identify the specific phone. A subnet mask does the same thing for network traffic.
Key Concept:
Every device on a network needs two things to communicate: an IP address (its identity) and a subnet mask (the rules for determining what is local and what is remote). Without a subnet mask, your device would not know whether to send data directly to a neighbor on the same network or route it through a gateway to the internet.
How Subnet Masks Work
An IPv4 address is made up of 32 bits, typically written as four decimal numbers separated by dots (e.g., 192.168.1.100). A subnet mask uses the same format and acts as a filter that splits the IP address into two parts:
- Network portion: Identifies which network the device belongs to. All devices on the same local network share this portion.
- Host portion: Identifies the specific device within that network. Each device must have a unique host portion.
The subnet mask uses binary ones (1) to mark the network bits and binary zeros (0) to mark the host bits. Where the mask has a 1, the corresponding bit in the IP address belongs to the network portion. Where the mask has a 0, it belongs to the host portion.
Binary Example
Consider the IP address 192.168.1.100 with subnet mask 255.255.255.0:
IP Address (binary):
11000000.10101000.00000001.01100100
Subnet Mask (binary):
11111111.11111111.11111111.00000000
Result:
11000000.10101000.00000001.01100100
Blue = Network (192.168.1) | Green = Host (.100)
This means any device with an IP starting with 192.168.1.x is on the same local network.
Common Subnet Masks
The following table lists the most commonly used subnet masks along with their CIDR notation, the number of usable host addresses, and typical use cases.
| Subnet Mask | CIDR | Usable Hosts | Typical Use |
|---|---|---|---|
| 255.0.0.0 | /8 | 16,777,214 | Very large enterprise networks (Class A) |
| 255.255.0.0 | /16 | 65,534 | Large corporate networks (Class B) |
| 255.255.255.0 | /24 | 254 | Home networks, small offices (Class C) -- most common |
| 255.255.255.128 | /25 | 126 | Medium subnets, departmental networks |
| 255.255.255.192 | /26 | 62 | Small subnets, branch offices |
| 255.255.255.224 | /27 | 30 | Small workgroups, lab environments |
| 255.255.255.240 | /28 | 14 | Very small segments, DMZ networks |
| 255.255.255.252 | /30 | 2 | Point-to-point links between routers |
Why not all addresses are usable: In every subnet, two addresses are reserved: the network address (all host bits set to 0) and the broadcast address (all host bits set to 1). For example, in a /24 network with 256 total addresses, 254 are usable for devices.
Why Subnetting Matters
Subnetting -- the practice of dividing a larger network into smaller subnetworks -- is a fundamental networking skill used by organizations of all sizes. Here is why it matters:
Security
Subnetting creates isolated network segments. A security breach in one subnet does not automatically compromise devices in another. For example, a company might place guest Wi-Fi on a separate subnet from its internal servers, preventing guests from accessing sensitive resources.
Efficiency
Without subnetting, all broadcast traffic reaches every device on the network, consuming bandwidth unnecessarily. Smaller subnets reduce the size of broadcast domains, improving overall network performance -- especially important on large networks with hundreds or thousands of devices.
Organization
Subnetting allows network administrators to logically group devices by department, function, or location. The accounting department might use the 192.168.10.x subnet while engineering uses 192.168.20.x, making management and troubleshooting much easier.
IP Address Conservation
With IPv4 addresses in short supply, subnetting allows efficient allocation. Instead of assigning a /24 block (254 addresses) to a team of 10 people, a network administrator can use a /28 block (14 addresses), freeing the remaining addresses for other uses.
Traffic Control
Routers and firewalls can apply specific rules to traffic between subnets. This makes it possible to restrict which departments can access certain servers, enforce bandwidth limits, or prioritize traffic for critical applications.
CIDR Notation Explained
CIDR (Classless Inter-Domain Routing) notation is a compact way to express an IP address and its associated subnet mask. Instead of writing both the IP address and the subnet mask separately, CIDR combines them into a single expression using a forward slash followed by the number of network bits.
How to Read CIDR Notation:
The number after the slash indicates how many of the 32 bits in the address are dedicated to the network portion. The remaining bits are for host addresses.
- 192.168.1.0/24 means the first 24 bits are the network portion, leaving 8 bits for hosts (254 usable addresses)
- 10.0.0.0/8 means the first 8 bits are the network portion, leaving 24 bits for hosts (16,777,214 usable addresses)
- 172.16.0.0/16 means the first 16 bits are the network portion, leaving 16 bits for hosts (65,534 usable addresses)
Why CIDR Replaced Classful Addressing
Before CIDR, IP addresses were divided into rigid classes (A, B, and C) with fixed subnet boundaries. This was extremely wasteful:
- Class A (/8): 16.7 million hosts per network -- far too many for most organizations
- Class B (/16): 65,534 hosts -- still too large for most needs
- Class C (/24): 254 hosts -- often too small for medium organizations
CIDR, introduced in 1993, allows networks to be divided at any bit boundary, not just the class boundaries. A company needing 500 addresses can use a /23 (510 usable hosts) instead of wasting a full Class B allocation of 65,534 addresses.
Real-world impact: CIDR significantly extended the lifespan of IPv4 by enabling much more efficient address allocation.
How to Find Your Subnet Mask
Windows
- Press Win+R, type cmd, and press Enter
- Type ipconfig and press Enter
- Look for your active connection (Wi-Fi or Ethernet)
- Find the line labeled Subnet Mask
Example output:
IPv4 Address. . . . : 192.168.1.100
Subnet Mask . . . . : 255.255.255.0
Default Gateway . . : 192.168.1.1
macOS
- Open System Settings (or System Preferences)
- Click Network
- Select your active connection and click Details
- Go to the TCP/IP tab
- Your subnet mask is displayed next to Subnet Mask
Or use Terminal:
ifconfig | grep netmask
Linux
Open a terminal and run one of the following commands:
Method 1 (modern):
ip addr show
Look for the CIDR notation after your IP (e.g., 192.168.1.100/24)
Method 2 (traditional):
ifconfig
Look for the netmask value next to your IP address
Frequently Asked Questions
What is the most common subnet mask?
The most common subnet mask is 255.255.255.0 (also written as /24 in CIDR notation). This is the default for most home routers and small networks. It allows up to 254 usable host addresses on a single subnet, which is more than enough for a typical home or small office network.
Does my subnet mask affect my internet speed?
No, your subnet mask does not directly affect your internet speed. It only determines how your local network is divided and how devices communicate within it. Internet speed is determined by your ISP plan, network hardware, and connection quality. However, an incorrectly configured subnet mask can prevent you from connecting to the internet entirely.
What happens if I use the wrong subnet mask?
Using the wrong subnet mask can cause communication problems on your network. Devices may be unable to reach each other, lose internet connectivity, or experience intermittent connection issues. If your subnet mask is too restrictive, some devices on your network may appear to be on a different subnet and become unreachable.
What is the difference between a subnet mask and a default gateway?
A subnet mask defines which portion of an IP address identifies the network and which identifies the device. A default gateway is the IP address of the router that connects your local network to the internet. The subnet mask tells your device whether a destination is local or remote; the gateway is where remote traffic gets sent.
Do I need to change my subnet mask?
For most home users, the default subnet mask assigned by your router (typically 255.255.255.0) works perfectly. You would only need to change it if you are managing a larger network that requires segmentation, setting up VLANs, or following specific network architecture requirements for a business or enterprise environment.