How does subnet masking work

Geek School: Learning Windows 7 - IP Addressing Basics

In this edition of Geek School, we're going to check out how IP addressing works. We'll also cover some more advanced topics, such as: B. How your PC determines whether the device you are communicating with is on the same network as you. We'll then deal with a quick look at two name resolution protocols: LLMNR and DNS.

Be sure to check out the previous articles in this Geek School series on Windows 7:

  • Introduction to the How-To Geek School
  • Upgrades and Migrations
  • Configure devices
  • Manage hard drives
  • Manage applications
  • Manage Internet Explorer

And stay tuned for the rest of the series throughout the week.

IP basics

When sending a letter by post, you must provide the address of the person who will receive the email. When a computer sends a message to another computer, it must provide the address to which the message should be sent. These addresses are known as IP addresses and they usually look like this:

These addresses are IPv4 (Internet Protocol) version 4) addressed and like most things nowadays, a simple abstraction of what the computer actually sees. IPv4 addresses are 32-bit addresses, which means they contain a combination of 32 ones and zeros. The computer would see the address listed above as follows:

11000000 10101000 00000000 00000001

Note: Each decimal octet has a maximum value of (2 ^ 8) - 1 (255). This is the maximum number of combinations that can be expressed with 8 bits.

If you wanted to convert an IP address to its binary equivalent you can make a simple table like below. Then take a section of the IP address (technically known as an octet), e.g. B. 192 and switch from left to right to see if you can subtract the number in the table header from your decimal number. There are two rules:

  • If the number is in the header of the table, mark the column with a 1 that is less than or equal to your number. Your new number will then become the number from which you subtracted the number in the header of the column. For example, 128 is less than 192, so I'll mark the 128s column with a 1. Then I'll leave 192 - 128, which is 64.
  • If the number is larger than the number you have, mark it with a 0 and continue.

This is how it would look with our example address


In the example above, I took our first octet of 192 and marked the 128s column with a 1. I was then left with 64, which is the same number as the second column, so I marked it with a 1 as well. I was left with 0 now, since 64 - 64 = 0. That meant the rest of the line was made up of zeros.

In the second row I took the second octet 168. 128 is smaller than 168, so I marked it with a 1 and left it with 40. 64 was then greater than 40, so I marked it with a 0. When I went to the third column, 32 was smaller than 40, so I marked it with a 1 and was left with an 8. 16 is greater than 8 so I marked it with 0. When I got to the 8's column, I marked it with 1, which left me with 0, so the rest of the columns were marked with 0.

The third octet was 0 and nothing can go into 0 so we marked all columns with a zero.

The last octet was 1 and nothing can go in 1 except 1, so I marked all the columns with 0 until we got to the 1s column where I marked it with 1.

Subnet masks

Note: Subnet masking can become very complex. Therefore, only classic subnet masks are dealt with in this article.

An IP address consists of two components: a network address and a host address. The subnet mask is used by your computer to separate your IP address into the network address and the host address. A subnet mask usually looks like this.

What looks like this in binary.


In a subnet mask, the network bits are marked with The ones and the host bits are marked with the zeros. You can see from the binary representation above that the first three octets of the IP address are used to identify the network to which the device belongs and the last octet is used for the host address.

Using an IP address and a subnet mask, our computers can tell whether the device is on the same network by performing a bitwise AND operation. For example say:

  • computerOne would like to send a message to computerTwo.
  • computerOne has an IP of with a subnet mask of
  • computerTwo has an IP of with a subnet mask of

computerOne first calculates the bitwise AND of its own IP and subnet mask.

Note: If you use a bitwise AND operation and the corresponding bits are both 1, the result is a 1, otherwise it is a 0.

11000000 10101000 00000000 00000001
11111111 11111111 11111111 00000000

11000000 10101000 00000000 00000000

The bitwise AND is then calculated for computerTwo.

11000000 10101000 00000000 00000010
11111111 11111111 11111111 00000000

11000000 10101000 00000000 00000000

As you can see, the results of the bitwise operations are the same, which means that the devices are on the same network.


As you have probably already guessed, the more networks (1s) there are in your subnet mask, the fewer hosts you can have. The number of hosts and networks you can have is divided into 3 classes.

NetworksSubnet maskNetworkshost
Class a1- 777 214
Class B128- 38465 534
Class C192- 097 152254

Reserved areas

You will notice that the area 127.x.x.x has been omitted. This is because the entire range is reserved for the loopback address. Your loopback address always points to your own PC.

The 169.254.0.x product line was also reserved for something called APIPA, which we'll discuss later in the series.

Private IP ranges

Until a few years ago, every device on the Internet had a unique IP address. When IP addresses became scarce, a concept called NAT was introduced which added another layer between our networks and the Internet. IANA has decided to reserve an address range for each IP class:

  • - from class A
  • - of class B
  • - from class C

Instead of then assigning each device in the to get an IP address, your ISP provides you with a device called a NAT router that has been assigned a single IP address. You can then assign IP addresses to your devices from the most suitable private IP range. The NAT router then manages a NAT table and transmits your connection to the Internet.

Note: The IP address of your NAT router is usually assigned dynamically via DHCP, so it usually changes depending on the restrictions of your ISP.

Name resolution

We find it much easier to remember human-readable names like FileServer1 than it is to remember an IP address like In small networks where there are no other name resolution solutions like DNS, the computer may send a multicast message (an original way of sending a message to any device on the network) when it tries to connect to FileServer1. Ask who FileServer1 is. This method of name resolution is known as LLMNR (Link-Lock Multicast Name Resolution) and while it is a perfect solution for a home network or a small business network, it does not scale well because it takes too long to send to thousands of clients and second will take time because broadcasts usually do not cross routers.

DNS (Domain Name System)

The most common method of solving the scalability problem is to use DNS. The Domain Name System is the phone book of any network. It maps human readable machine names to their underlying IP addresses using a huge database. When you try to connect to FileServer1, your PC asks your DNS server, which you specify who FileServer1 is. The DNS server then responds with an IP address that your PC can connect to. This is also the name resolution method used by the largest network in the world: the Internet.

Change your network settings

Right-click the network settings icon and select "Open Network and Sharing Center" from the context menu.

Now click on the Change adapter settings hyperlink on the left.

Then right click on your network adapter and select Properties from the context menu.

Now select Internet Protocol Version 4 and click the Properties button.

Here you can configure a static IP address by activating the radio button for "Use the following IP address". With the information above, you can enter an IP address and subnet mask. The default gateway in all respects is your router's IP address.

In the lower part of the dialog box you can find the address of your DNS server. You probably don't have a DNS server at home, but your router often has a small DNS cache and forwards requests to your ISP. Alternatively, you can use Google's public DNS server (


  • There's no homework for today, but it's been a long time, so read it over again. If you're still hungry for more information, there is an advanced networking topic called CIDR (Classless Interdomain Routing) to learn.

If you have any questions, feel free to tweet me @ taybgibb or just leave a comment.