Subnetting

Subnetting divides an IP network into smaller logical sections called subnets. This structuring improves efficiency, isolates traffic, and defines boundaries between systems and functions.

A deep understanding of subnetting reveals how internal environments are organized, and how access and visibility are controlled across segments.

What Subnetting Enables

Subnetting assigns defined IP ranges to roles, departments, or zones. It introduces:

• Predictable address allocation
• Containment of broadcast traffic
• Segmentation between trust levels
• Flexible internal routing logic

Components of a Subnet

Each subnet includes addresses with distinct roles:

IP Addresses and Subnet Masks

An IPv4 address consists of 32 bits. A subnet mask determines how many bits define the network portion and how many are reserved for hosts.

Examples of subnet divisions:

• `/23` → 255.255.254.0 → 510 usable hosts
• `/26` → 255.255.255.192 → 62 usable hosts
• `/30` → 255.255.255.252 → 2 usable hosts

Smaller subnets reduce broadcast impact and expose fewer devices to lateral access. Each octet in a subnet mask ranges from 0 to 255, depending on how many bits are allocated to the network portion.

Operational Relevance

Subnets reveal the boundaries of where one can move, what is reachable, and how systems relate to each other. Recognizing subnet layout supports:

• Identifying target clusters
• Locating edge devices and chokepoints
• Planning internal traversal across routing paths
• Matching IP observations to physical or functional layout

Example Layout

A segmented internal network might include:

Each of these zones may route differently, log independently, or apply unique firewall rules.

Strategic Benefits

• Minimized exposure – Only devices within the same subnet share direct access
• Tactical segmentation – Movement between zones requires deliberate routing
• Logical clarity – IP ranges reflect organizational structure

See Also

• IP Addressing
• CIDR Notation
• Routing Basics
• NAT
• LAN Topologies