What is a subnet mask in computers

Understanding TCP / IP addressing and subnets

  • 12 minutes to read

This article is intended as a general introduction to the concepts of Internet protocol (IP) networks and subnets. A glossary is included at the end of the article.

Applies to: Windows 10 - all editions
Original KB number:   164015


When configuring the TCP / IP protocol on Windows, the TCP / IP configuration settings require:

  • An IP address
  • A subnet mask
  • A standard gateway

To properly configure TCP / IP, you need to understand how TCP / IP networks are addressed and divided into networks and subnets.

The success of TCP / IP as the network protocol of the Internet is mainly due to its ability to connect networks of different sizes and systems of different types. These networks are arbitrarily defined in three main classes (along with a few others) with predefined sizes. Each of these subnets can be broken down into smaller subnets by system administrators. A subnet mask is used to split an IP address into two parts. One part identifies the host (computer), the other the network to which it belongs. To better understand how IP addresses and subnet masks work, look at an IP address and see how it's organized.

IP addresses: networks and hosts

An IP address is a 32-bit number. It uniquely identifies a host (computer or other device such as a printer or router) on a TCP / IP network.

IP addresses are usually expressed in dotted decimal formats, with four numbers separated by periods, e.g. B. To understand how subnet masks are used to differentiate between hosts, networks, and subnets, examine an IP address in binary notation.

For example, the dotted DECIMAL IP address (in binary notation) is the 32-bit number 1100000000101011110110000010000. This number can be difficult to make sense, so divide it into four parts of eight binary digits.

These 8-bit sections are called octets. The example IP address will then be 11000000.10101000.01111011.10000100. This number just makes a little more sense, so for most uses you'll convert the binary address to dotted decimal format ( The decimal numbers separated by periods are the octets that are converted from binary to decimal notation.

For a TCP / IP Wide Area Network (WAN) to function efficiently as a collection of networks, the routers that pass data packets between networks do not know the exact location of a host for which an information packet is intended. Routers only know what network the host is on and use information stored in their route table to determine how the packet should get into the destination host's network. After the packet has been delivered to the destination's network, the packet is delivered to the appropriate host.

For this process to work, an IP address has two parts. The first part of an IP address is used as the network address, the last part as the host address. If you break the example into these two parts, you get 192.168.123. Network .132 host or - network address. - host address.

Subnet mask

The second element that is required for TCP / IP to work is the subnet mask. The subnet mask is used by the TCP / IP protocol to determine whether a host is on the local subnet or on a remote network.

In TCP / IP, the parts of the IP address that are used as network and host addresses are not fixed. If you do not have additional information, the above network and host addresses cannot be determined. This information is provided in another 32-bit number called the subnet mask. In this example, the subnet mask is It's not obvious what this number means unless you know that 255 is equal to 11111111 in binary notation. The subnet mask is therefore 11111111.1111111.11111111.00000000.

The IP address and subnet mask together, the network and host portions of the address can be separated:

11000000.10101000.01111011.10000100 - IP address (
11111111.1111111.1111111.000000000 - Subnet mask (

The first 24 bits (the number of bits in the subnet mask) are identified as the network address. The last 8 bits (the number of remaining zeros in the subnet mask) are identified as the host address. You will get the following addresses:

11000000.10101000.01111011.000000000 - network address (
000000000.00000000.00000000.10000100 - host address (

So now you know that for this example with a subnet mask, the network ID is and the host address is When a packet arrives on the subnet (from the local subnet or a remote network) and has the destination address, the computer will receive and process it on the network.

Almost all decimal subnet masks are converted to binary numbers that are all on the left and all zeros on the right. Some other common subnet masks are:

Decimal Binary 111111.11111111.1111111.11000000 111111.1111111.1111111.11100000

Internet RFC 1878 (available under InterNIC-Public Information Regarding Internet Domain Name Registration Services) describes the valid subnets and subnet masks that can be used in TCP / IP networks.

Network classes

Internet addresses are assigned by InterNIC, the organization that manages the Internet. These IP addresses are divided into classes. The most common are classes A, B, and C. Classes D and E exist but are not used by end users. Each address class has a different default subnet mask. You can identify the class of an IP address by looking at the first octet. In the following you will find the ranges of Internet addresses of classes A, B and C, each with an example address:

  • Class A networks use a standard subnet mask of and have 0-127 as the first octet. The address is a class A address. The first octet is 10, which is between 1 and 126, inclusive.

  • Class B networks use a standard subnet mask of and have 128-191 as the first octet. The address is a class B address. The first octet is 172, so between 128 and 191, inclusive.

  • Class C networks use a standard subnet mask of and have 192-223 as the first octet. The address is a class C address. The first octet is 192, i.e. between 192 and 223 inclusive.

In some scenarios, the default subnet mask values ​​do not meet the needs of the organization for one of the following reasons:

  • The physical topology of the network
  • The number of networks (or hosts) does not fit within the standard subnet mask restrictions.

The next section explains how networks can be divided using subnet masks.


A class A, B, or C TCP / IP network can be further shared or subnetworked by a system administrator. This becomes necessary when you reconcile the Internet's logical addressing scheme (the abstract world of IP addresses and subnets) with the physical networks in the real world.

A system administrator assigned a block of IP addresses may manage networks that are not organized to easily match those addresses. For example, you have an area-wide network with 150 hosts in three networks (in different cities) that are connected via a TCP / IP router. Each of these three networks has 50 hosts. You will be assigned the class C network (To illustrate, this address is actually a range that is not assigned on the Internet.) That means you can use the addresses through for your 150 hosts.

Two addresses that cannot be used in your example are and because binary addresses with a host part of all and all zeros are invalid. The null address is not valid because it is used to specify a network without specifying a host. The 255 address (a host address of everyone in binary notation) is used to send a message to every host on a network. Remember that the first and last addresses on a network or subnet cannot be assigned to a single host.

You should now be able to give IP addresses to 254 hosts. It works well when all 150 computers are on a single network. However, your 150 computers are on three separate physical networks. Rather than requesting more blocks of addresses for each network, divide your network into subnets that allow you to use one block of addresses on multiple physical networks.

In this case, you divide your network into four subnets using a subnet mask that makes the network address larger and the possible range of host addresses smaller. In other words, you are "borrowing" some of the bits used for the host address and using them for the network part of the address. The subnet mask offers four networks with 62 hosts each. It works because in binary notation is identical to 1111111.11111111.111111.1100000. The first two digits of the last octet become network addresses, so you get the additional networks 000000000 (0), 010000000 (64), 100000000 (128), and 110000000 (192). (Some administrators only use two of the subnets that use as the subnet mask. See RFC 1878 for more information.) These four networks can use the last six binary digits for host addresses.

Using a subnet mask of, your network will then become the four networks,, and These four networks would have valid host addresses:

Remember that binary host addresses with all one or all zeros are invalid, so you cannot use addresses with the last octet of 0, 63, 64, 127, 128, 191, 192, or 255.

Look at two host addresses, and If you used the default Class C subnet mask of, both addresses are on the network. However, if you use the subnet mask, they are on different networks. is on the network, is on the network.

Standard gateways

When a TCP / IP computer needs to communicate with a host on another network, it usually communicates through a device called a router. In TCP / IP terms, a router that is specified on a host and connects the host's subnet to other networks is called a default gateway. This section explains how TCP / IP determines whether packets are sent to the default gateway to reach another computer or device on the network.

When a host tries to communicate with another device using TCP / IP, it performs a process of comparing the defined subnet mask and destination IP address against the subnet mask and its own IP address. The result of this comparison tells the computer whether the target is a local or a remote host.

If the result of this process determines that the destination is a local host, the computer sends the packet on the local subnet. If the result of the comparison determines that the destination is a remote host, the computer forwards the packet to the default gateway defined in its TCP / IP properties. It is then the responsibility of the router to forward the packet to the correct subnet.


TCP / IP network problems are often caused by incorrectly configuring the three main entries in a computer's TCP / IP properties. Understanding how errors in TCP / IP configuration can affect network operations can solve many common TCP / IP problems.

Incorrect subnet mask: If a network uses a different subnet mask than the default mask for its address class and a client is still configured with the default subnet mask for the address class, communication will not be possible with some networks in the vicinity but not with remote networks. For example, if you create four subnets (for example, in the subnetting example) but use the wrong subnet mask in your TCP / IP configuration, hosts will not be able to determine that some computers are on different subnets than their own. In this situation, packets destined for hosts on different physical networks that are part of the same Class C address are not sent to a standard gateway for delivery. A common symptom of this problem is when a computer can communicate with hosts that are on the local network and can communicate with all remote networks except the networks that are nearby and have the same class A, B, or C address to have. To fix this problem, simply enter the correct subnet mask in the TCP / IP configuration for that host.

Wrong IP address: If you connect computers with IP addresses to be on separate subnets on a local network, they will not be able to communicate. You are trying to send packets through a router that cannot forward them properly. A symptom of this problem is a computer that can communicate with hosts on remote networks, but cannot communicate with some or all of the computers on the local network. To resolve this issue, make sure that all computers on the same physical network have IP addresses on the same IP subnet. When there are no longer any IP addresses on a single network segment, there are solutions that are beyond the scope of this article.

Wrong Default Gateway: A computer configured with an incorrect default gateway can communicate with hosts in its own network segment. However, it cannot communicate with hosts on some or all of the remote networks. A host can communicate with some remote networks but not others when the following conditions are true:

  • A single physical network has more than one router.
  • The wrong router is configured as the default gateway.

This problem is common when an organization has one router that has an internal TCP / IP network and another router that is connected to the Internet.

Sources of information

Two popular references to TCP / IP are:

  • "TCP / IP Illustrated, Volume 1: The Protocols," Richard Stevens, Addison Wesley, 1994
  • "Internetworking with TCP / IP, Volume 1: Principles, Protocols, and Architecture", Douglas E. Comer, Prentice Hall, 1995

It is recommended that a system administrator responsible for TCP / IP networks have at least one of these references available.


  • Broadcast Address - An IP address with a host part that is all.

  • Host– A computer or other device on a TCP / IP network.

  • Internet– The global collection of networks that are interconnected and share a common range of IP addresses.

  • InterNIC– The organization responsible for managing IP addresses on the Internet.

  • IP- The network protocol used to send network packets over a TCP / IP network or the Internet.

  • IP Address - A unique 32-bit address for a host on a TCP / IP network or internetwork.

  • Network- There are two uses of the term network in this article. One is a group of computers on a single physical network segment. The other is a range of IP network addresses assigned by a system administrator.

  • Network Address - An IP address with a host part that is all zeros.

  • Octet– An 8-bit number, 4 of which comprise a 32-bit IP address. They have a range from 000000000-1111111, which corresponds to the decimal values ​​0-255.

  • Packet– A unit of data passed over a TCP / IP network or a wide range network.

  • RFC (Request for Comment) - A document used to define standards on the Internet.

  • Router - A device that passes network traffic between different IP networks.

  • Subnet Mask - A 32-bit number used to distinguish the network and host portions of an IP address.

  • Subnet or Subnet - A smaller network created by dividing a larger network into equal parts.

  • TCP / IP - Commonly used are the protocols, standards, and utilities commonly used on the Internet and large networks.

  • WAN (Wide Area Network) - A large network that is a collection of smaller networks separated by routers. The Internet is an example of a large WAN.