What are the essentials of a Subnet mask?
If you think of your IP address like a phone number:
- the subnet mask tells you how many digits are part of the area code
- the remaining digits are your individual number under that area code
Brief
You subnet mask is used to define your local network or subnetwork. You can access everything within the same subnet directly, but everything that is not on your subnet requires the request to go via a gateway.
So, for a home user your subnet will be your home network - your computers and wireless devices can all talk directly to one-another. But, the internet is outside your subnet, so all communication has to go via your gateway (usually a router) first.
Slightly Technical
A subnet is a 32-bit long bit mask (as touched upon by Manaf Abo.Rous), normally written as four 8-bit bytes. Note that 255
is 11111111
(8 ones) in binary.
The mask basically means "only those IP addresses that have the same numbers in the places, as defined by the subnet mask, are in my local network".
So a subnet of 255.255.255.0
means every IP address that matches the first three bytes is your local network, with your given numbers this is anything matching 192.168.001.###
. Alternatively a wider subnet of 255.255.0.0
would make your local network 192.168.###.###
.
More Technical
The byte values don't always have to be 255, you could have 255.255.255.240
, which is 28 one's and 4 zero's. This means the first 28 bits of another IP must match your's to be in the same subset. A subnet mask must always be a certain number of 1's followed by only zeros to make 32-bits, and this is why it can be represented as /28
as well (in this case anyway) with the value showing how many 1's the mask contains - this is normally used in the context of the IP, such as 192.168.1.2/28
So, if your IP is 192.168.1.2
with the subnet mask 255.255.255.240
, your subnet is the IP range of 192.168.1.0
to 192.168.1.15
(although the lowest and highest are generally not used for devices as they have special functions). If your IP was 192.168.1.53
your network would be the range 192.168.1.48
to 192.168.1.63
.
Notice how both these sets contain 16 unique addresses? The subnet also defined how large the subnet is because it defines how many IP addresses are available.
And now, with Binary
Finally, to paraphrase Manaf Abo.Rous's answer, let's look at the binary.
We'll start by using the mask 255.255.255.0
, here it is in binary:
11111111 11111111 11111111 00000000
So given your IP you know that every IP in local network matches those first 24 ones, so lets check your IP (192.168.1.2
) in binary:
11000000 10101000 00000001 00000010
Now, we only look where the 1's in the subnet are, to get your subnet number:
11000000 10101000 00000001 --------
And now we know every IP in your local network starts with your subnet number, and can have anything in the missing values at the end.
Finally, lets look at a second example, using IP 192.168.1.53
and subnet 255.255.255.240
:
11111111 11111111 11111111 11110000 [subnet]
11000000 10101000 00000001 00110101 [IP]
11000000 10101000 00000001 0011---- [subnet number]
And again, your local IP's would have anything in the last four binary values - which are 0000
,0001
,etc up to 1111
- or in decimal 0
to 15
- but remember they would have 0011
in front to make a full byte, so really the IP's available are 00110000
(48), 00110001
(49) and so on up to 00111111
, which is 63.
The subnet mask is used to identify your network IP.
Applying the logical AND operation on your IP Address and the Subnet Mask will output your network ip address.
in the example above
IP Address : 11000000 10101000 00000001 00000010 = 192.168.1.2
Subnet Mask : 11111111 11111111 11111111 00000000 = 255.255.255.0
AND Result : 11000000 10101000 00000001 00000000 = 192.168.1.0 = You Network Address
More info here
A subnet mask is used for routing IP packets.
Basically, you take your destination IP address, and
it with the mask and, it it matches a value, you use that route.
For example, here's one bit of my output from netstat -nrv
:
Destination Netmask Gateway Interface
192.168.182.0 255.255.255.0 192.168.182.1 192.168.182.1
That means that any IP address of the form 192.168.182.x
will route based on this rule, because any address of that format, when and
-ed with 255.255.255.0
(the netmask) will give 192.168.182.0
(the destination).
Similarly, a default route would be:
Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 9.185.149.1 9.185.149.52
since any address and
-ed with 0.0.0.0
gives 0.0.0.0
.