Subnet Masking and Addressing Quick Intro
=========================================
(c) 1999 Mixter		members.xoom.com/i0wnu

Ok, this file explains subnet addressing which is useful
if you run a scanner, a firewall, a router or anything
else that is bound to IP subnet addressing. Note that
this only describes IPv4 subnets.

Reading binary values
=====================

Normally, you read binary numbers bytewise (8 bit wise).
Start at the last bit, bit 0.
If it is 1, add 2^0 to your number, else add 0.
Then the next bit, bit 1,
If it is 1, add 2^1 (2) to your number,
If bit 3 is 1 add 2^2 (4) to your number,
if bit 4 is 1 add 2^3 (8) to your number ...
if bit 8 is 1 add 2^7 (128) to your number.
You see, the base is always 2 because it can be either 0 or 1.
Example 1: 10100100 = 2^7+0+2^5+0+0+0+2^2+0+0 = 164
Example 2: 11111111 = 2^7+2^6+2^5+2^4+2^3+2^2+2^1+2^0 = 255
Thats it! Now to subnet addressing.

-----------------------------------

When you state a host including a subnet (example: nmap),
you do it like this: 1.2.3.4/24,
where /24 is the subnet. Lets have a look at what this means:
an IP address is a 32 bit address. It is divided into
4 bytes (each 8 bits meaning they can be 0 to 255) in general
notation:
00000001 00000010 00000011 00000100  =  "1.2.3.4"
now, IP uses one part of this address to specify which Net it is
on. Most of the time, this is a physical Net like an ethernet
LAN that is linked to the internet. Nets that link to the internet
get dedicated IPs for each of their hosts from the IANA.org.
/24 means that the first 24 bits are the Net address and
the remaining 8 bits are the Host address. This looks like this:
Net: 000000010000001000000011 Host: 00000100
Meaning, we are on the net 1.2.3.0 (0 used as a wildcard here) and
on the host 4 of 256.
SUBNET MASK: In this case, the subnet mask would be 255.255.255.0.
A subnet mask is created simply by filling all NET address bits with 1
and the HOST bits with 0. (11111111 = 255). There are 4 "Classes" on the
Internet, which are the standard Subnets.
Class A: "0" + 7 net bits + 24 host bits, hosts 0.0.0.0 to 126.255.255.255
Net IDs: 0 0000000 to 0 1111111 (which is 127 => 127.0.0.0 reserved for local loopback)
Class B: "10" + 14 net bits + 14 host bits, hosts 128.1.0.0 to 191.254.0.0
Net IDs: 10 00000000000000 to 10 11111111111111
Class C: "110" + 21 net bits(=24) + 8 host bits, hosts 192.0.1.0 to 223.255.254
Class D: "1110" + 28 bits for multicast addresses (reserved), hosts 224.0.0.0 to 239.255.255.254
Class E: "1111" + 28 bits for unused addresses ("martians"), hosts 240.0.0.1 to 255.255.255.254
0.0.0.0/255.255.255.255 = broadcast packets (0 and 255 are used for "all hosts")


One more example:

If you address a subnet with the mask:
255.255.192.0 (which is 111111111111111111 00000000000000), you
can specify a subnet with: 190.136.64.0/18 (18 net id bits)
which would address 190.136.64.0 to 190.136.127.255 or:
101111101000100001 00000000000000 to 101111101000100001 11111111111111.
Other nets on that subnet would be:
          Subnet mask 190.136.0.0/18  Net ID  Host ID
190.136.0.0    1011111010001000 00 00000000000000
190.136.64.0   1011111010001000 01 00000000000000
190.136.128.0  1011111010001000 10 00000000000000
190.136.192.0  1011111010001000 11 00000000000000

Note: The first and the last subnet could not be used because Net ID 00 and 11
would be interpreted as broadcasts (like broadcast ids 0 (00000000) and 255 (11111111)).

For further info check the RFC 791 (www.internic.net/rfcs).

Mixter