Author:  Andy MacDonald

What the heck is TCP/IP?!

TCP/IP is a model for describing how communication across networks typically occurs from the application layer of a source machine (HTTP), through to the physical layer, through to the destination machine and an application layer on that machine receiving a packet.

















TCP/IP uses IP addresses to communicate between a source and destination host across a network.

A TCP packet walks into a bar and says, “I’d like a beer.”

The bartender replies, “You want a beer?”

The TCP packet replies, “Yes, I’d like a beer.” 


So… IP Addresses?

In simple terms, an IP address is a number identifying a device on a network.

There are two forms of IP address — IPv4 and IPv6.

IPv4 address usage is still the most commonly used — this is despite the creation of IPv6 in 1998 as a means to address the inevitable future shortfall of IPv4 addresses.

In this article, I won’t focus on it, but you can learn more about IPv6 below:

IPv4 addresses are divided into 4 octets of bits and represented in dot-decimal notation.

The four octets of bits have the following possible ranges:

[0 – 255].[0 – 255].[0 – 255].[0 – 255]

An example IP address can be found below (this one is for OpenDNS):

An IP address can be converted to a binary form, and this often happens when working with IP addresses. Here’s the above IP address in binary form:


The best thing about IPv4 jokes is that you can tell them 254 times before they’re exhausted.


Are some IP addresses special?

Yes. Across the 2³² possible IPv4 addresses, we have the following reserved ranges:

  • IP addresses: —
  • IP addresses: —
  • IP addresses:–

According to RFC-1918, each of these ranges (including the loopback address range — 127.X.X.X), are reserved for private use only — that means they can’t be allocated for public use over the public internet.

Trying to connect to an IP address in these ranges will not work unless you have a network interface on your private network which has routes defined for these ranges.

For example, many people’s home router management IP address falls somewhere in the range of:–

If I connect to, I’m not going to connect to your home router management interface, instead the connection will route through my wlo1 network interface — which you can see is responsible for the part of the range which contains

3: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000

   link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

   inet brd scope global dynamic noprefixroute wlo1

      valid_lft 860858sec preferred_lft 860858sec

Tell me about subnets!

Subnets are just subdivisions of a larger network. You can subnet both a private and a public network.

Congested Networks

Subnetting as a concept can serve many purposes, but one of the original purposes was to ease network congestion.


In the past, when a network became too monolithic, the traffic running across the network would run more slowly.

The sheer volume of traffic would overload network hubs and there would be an excess of “packet collision” incidence.

This is where packets sent at an identical time would collide and destroy one another, thus leading to a delay and packet ‘reset time’, before packets would be able to be resent.

Subnetting a network into chunks means that traffic always stays within a designated subnet unless it is destined for an alternate subnet — only at that point will a given transmission packet cross subnet boundaries via a router.

This concept ultimately means broadcasted packets are more distributed across nodes in a network, as opposed to overwhelming specific network communication hotspots and therefore causing congestion for the network as a whole.

This practice of subnetting for easing network congestion is still somewhat relevant today, however, due to the emergence of the practice of using physical “switch” based networks — which routes traffic directly from a source machine to a destination, as opposed to “hubs” networks of today generally do not suffer as much from the adverse effects of network congestion.

So why do we still subnet our networks?

Easing Administration

Another one of the most common purposes of subnetting is to facilitate the identification of machines on a network and for easing the burden of administration of them.

Let’s take an example — say we have a corporate network that spans the following private IP range:–

That range has 16,777,216 potential IP addresses – this really is an awful lot of addresses to keep track of for a network administrator who, for whatever reason, might need to perform patches, upgrades and other work on specific isolated groups of hosts.

To ease this burden, we could choose to subnet this network to make the best use of it — then with the subnets, allocate them for specific and different real-world purposes.

Subnetting by Geography

Let’s split our hypothetical — network into 2 subnets by geographical boundaries, and have the following address range for machines in our hypothetical US office branch:–

And the following address range for the machines in our UK branch:–

Subnet Identifier and Broadcast Address

You’ll notice that I’ve omitted the first and last IP addresses of each of the ranges I’ve described — i.e. , & and are all omitted in the above ranges.

The first and last IP addresses of a subnet serve special functions on a network and the above ranges I’ve written are just the “usable” IP addresses of the subnet — i.e. the ones that can be assigned to a host.

  • The first IP address of a subnet range is known as the subnet identifier — this is an IP address which is effectively never assigned to a host and is instead just used as a signpost to a specific subnet.
  • The last IP address of a range serves as the broadcast address —this is a special IP address in a subnet, where whatever packets are transmitted to it will be broadcast to all hosts attached to the given subnet.

The worst thing about a broadcast joke is that you have to tell it to everyone in order to find the one person who gets it.


…Anyway, if we are trying to find the origin of an IP address on our hypothetical corporate network such as the one below:

Because we have subnetted our hypothetical network by real-world geography, at a glance, we can easily identify the IP address as originating from the US office building. Hooray! 🇺🇸

The above is a very contrived example, but this is a pretty handy thing to be able to do when your network is very large and responsibility for it is spread out across multiple different offices, countries or continents.

We don’t need to stop there, and we could further subnet our subnets, to break down this IP address range even further — perhaps we could have a subnet per department, room or floor of these office buildings?

There aren’t many hard and fast rules on what is good subnetting practice, but often real-world physical divisions and real-world geography can make perfect sense as network divisions too.

Classful IP Addressing

With 4 groups of 8 bits, an IPv4 address has a size of 32 bits, which means of the pool of possible IPv4 addresses in this address space, there are 4,294,967,296 (2³²) IPv4 addresses.

With this relatively large address space comes the problem of how do we most efficiently use it, how do we decide who owns what and what segments of this address space should be reserved for what specific purposes?

As a solution to this need to carve up the growing internet, IPv4 classful IP addressing was introduced. It essentially broke all IPv4 addresses into distinct classes which had specific purposes.

  • Class A IP addresses were to be used for huge networks, like those deployed by Internet Service Providers (ISPs).

Class A IP addresses support up to 16 million hosts — hosts are any device that connects to a network (computers, servers, switches, routers, printers…etc.) and a Class A network can be divided into 128 different networks. –*

*Any address starting with 127.X.X.X is considered a “loopback” address and therefore not allocated to by via public or private networks. A loopback address is an address which routes back to the originating machine.

  • Class B IP addresses were to be used for medium and large-sized networks in enterprises and organizations.

They support up to 65,000 hosts on 16,000 individual networks. –

  • Class C addresses were the most common class and were to be used in small business and home networks.

These support up to 256 hosts on each of 2 million networks. –

  • Class D and E addresses were not commonly used.

Class D was reserved and was only to be used for special cases such as for applications to stream audio and video to many subscribers at once. Class E addresses were reserved for research purposes by those responsible for Internet networking and IP address research, management, and development. –

Network Prefix and Host Identifier

IP addresses can be broken down into two portions:

  • The network prefix, the part of the IP address which is used by routers to determine where on the network a packet for a given IP address should be routed to.
  • The host identifier, the part of the IP address which provides specific information on the destination host once a packet has reached the correct locality of the network.

In classful networking, the rules for deriving these divisions of an IP address are specific to a given class:

Classless Inter-Domain Routing (CIDR)!

In 1993, the state of the Internet changed with the introduction of CIDR. CIDR was introduced to replace classful networking and to help slow down the depletion of usable IPv4 addresses.

IPv4 address space walks into a bar and shouts:

“One strong CIDR please, I’m exhausted!”


Unlike Classful IP addressing, the CIDR system uses non-fixed host and network portions of IP addresses. Instead of being fixed, with CIDR the network prefix and host portion of an IP address range was made to be derivable through a subnet mask.

Amongst many other things, this change resulted in the ability for organisations to more flexibly and efficiently size their corporate networks — where previously with classful IP addressing — large and medium-sized organisations were left to choose between networks composed of either 256 hosts or the next possible size up: 65,536.

Subnet Masks and CIDR Notation.

So we’ve learnt that subnets are just “chunks” of a larger network, where a network itself is just a range of IP addresses. We also have learnt about classful and classless IP addressing architecture.

I was going to tell you a joke about the CIDR block, but you’re all too classy for it…


…So the question you’ve all been wondering about…

How Does a Network Router Know Where to Send a Packet?

As previously covered, IP addresses can be divided into two fields, the network prefix and the host ID/portion.

In classful networking, depending on whether an IP address is of class A, B, or C, the general rules of each specific class would determine what part of this IP address corresponds to a network prefix.

With the network prefix available, the router can know which route to send a packet to reach a destination host.

With the advent of CIDR, the parts of the IP address that are designated as the network prefix and host ID are no longer fixed, and therefore you cannot determine whether a given IP address is on a local or remote network from the IP address alone (although designated IP addresses such as the loopback address you can) — this is where subnet masks provide the missing piece of the puzzle.

Example Subnet Mask

The above subnet mask can be used in combination with an IP address to highlight the portions of an IP address that correspond to the network prefix and the portion that corresponds to the host ID.

This is through a conversion of both the subnet mask and IP address into a binary form and then a subsequent bitwise AND (&) operation on the bits:

11111111.11111111.11111111.00000000 (

And the IP address ( in binary form:

00001010.00000000.00000000.11100111 (

And the bitwise AND combination of the two:

11111111.11111111.11111111.00000000 (


00001010.00000000.00000000.11100111 (

Allowing us to derive (from the masked and unmasked portion of the IP address):

Network Prefix: 00001010.00000000.00000000.00000000 (10.0.0.x)

Host ID: 00000000.00000000.00000000.11100111 (x.x.x.231)

You can view the subnet mask as the answer to the question:

“…what are the significant bits for identifying the network prefix of this IP address?”

CIDR Notation

CIDR notation can be seen as a shorthand for communication of an IP address or range and a given subnet mask.

The CIDR notation works by combining a given IP address, followed by a number in a range of 0–32 that is prefixed by a slash, e.g.

The above CIDR block communicates quite a lot of information and it can be easy to interpret once you understand the derivation.

CIDR blocks can be used to communicate IP address ranges, all possible IP addresses in IPv4 space (, as well as representing a single IP address. For instance, a single IP address in CIDR notation is:


For example, if we take the Google DNS IP address:

In CIDR notation, this would be Where /32 corresponds to a subnet mask of: — which when applied to an IP address, gives no masked portion — therefore serving as a pointer to a single unique IP address in IPv4 space.

To calculate an IP address range from a CIDR block is relatively simple.

Worked Example:

For the CIDR block:

Take the number trailing after the slash (denoted here as n) and calculate 32-n .

The resultant value will give you the number of bits that corresponds to your subnet mask for the given subnet.

32-24 = 8

Convert into binary; starting from the right-hand side, set the value of each bit to 0, up until you’ve done this 32-n times.

This will give you a binary form of the subnet mask that you can apply against your IP address block.

11111111.11111111.11111111.11111111 (

Successive removal of bits from the above:


Convert the binary subnet mask block back to dot-decimal notation.

The value you are left with is the subnet mask which you can then apply over your IP address.

11111111.11111111.11111111.00000000 (

Apply the subnet mask over your IP address using a bit-wise AND operation.

You should then be able to derive the IP address range.

11111111.11111111.11111111.00000000 (


00001010.10001001.00000001.00000000 (

And from this you can derive:

Network Prefix: 00001010.10001001.00000001.xxxxxxxx (10.137.1.x)

Host Portion: xxxxxxxx.xxxxxxxx.xxxxxxxx.00000000 (x.x.x.[0-255])

Subnet Range: –

Thanks For Reading!

That’s it for now. I hope it’s been enjoyable, informative and given you a taster of some of the principals of networking. I leave you with:

What do they call a group of network engineers? An outage.



Sign up to our newsletter

To read more from Andy MacDonald and our other contributors, sign up to our monthly update.

Who contributed to this article

  • Andy MacDonald
    Senior Software & DevOps Engineer

    Andy MacDonald is a senior software and DevOps Engineer at BlackCat. He is passionate about all things technology and loves learning about new technologies and their application. Andy has extensive technical skills across product development, application architecture and agile/DevOps process improvement. In his spare time, he’s a volunteer mentor and coding coach and an active member of the Birmingham tech scene. He’s also a regular guest writer for a number of online technical journals as well as a regular contributor to BlackCat’s own technical blog.