Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What is a "subnet mask"?

A subnet mask is a way of telling your computer or router what network addresses it can consider local and which are remote.

Well, to be blunt it’s something you probably never need to know
about. Sure, you may have to “get it right” when you enter one
into a router configuration, but as to what it means or why it
matters, why bother?

You want to know anyway, don’t you? Fair enough.

A subnet mask is just a nifty way to define sub-networks. And that of
course opens up a slightly larger can of worms.

Become a Patron of Ask Leo! and go ad-free!

I’m going to use phone numbers as an analogy here. Like any
it’s an imperfect analogy, but I think it’ll help make the
point.

In North America, phone numbers are 10 digits long and consist of three
parts:

• The area code of three digits. Originally an area
code defined exactly that – a geographical area. Area code 206 for
example was once all of western Washington state.

• The exchange of three digits. The exchange identified
the switching equipment that typically covered a sub-region with in the
area code. For example, 788 represents the “Duvall” exchange –
located near the city of Duvall in western Washington is a small utility
building that houses the equipment that is the 788 exchange.

• And finally, the four digit line number. It’s
this number that identifies each pair of wires the leave the exchange and
arrive at a real telephone set.

So what we take for granted as a 10 digit “phone number” is
really a construction of three distinct numbers, each with a specific
meaning. (And for the record, many of those meanings have become blurred
over the years, particularly with the advent of cellular phones.)

Now let’s look at the internet. You already know that each computer
connected to the internet has its own equivalent of a phone number, called
its “address”. Names, such as “www.microsoft.com”
actually map to these numeric addresses, such as
“207.46.156.220”. As you might already be thinking each internet
(or IP – for Internet Protocol) address breaks down into components not
unlike the 10 digit phone number. The difference is that the components are
not always the same size.

IP addresses broken down into what are called “classes”.
Classes are kind of like area codes; they define where, at the highest
level, an address lives. To grossly over-simplify, classes are
really just a contiguous block of internet addresses. Within each block
though it’s still desirable to “subdivide” that network into
smaller logical groups. For example a class-A network can have 16 million
addresses. It’s not a good idea to have traffic for 16 million
computers traveling across the entire network. That’s where
“subnetting” and the subnet mask comes in. The internet
protocol’s rough equivalent to the telephone’s exchange number.

The “problem”with subnets is that each network administrator
who’s been assigned a range of IP addresses is free to create their own
subnets and to define how large they are. It’s the subnet mask
that defines how big a part of the internet address is to be used as the
subnet number.

Unfortunately this is also where we have to start thinking like
computers in binary. We’ll use these addresses:

```  1) 164.109.28.3   [binary: 10100100 01101101 00011100 00000011]   2) 164.109.27.233 [binary: 10100100 01101101 00011011 11101001]   3) 164.109.139.4  [binary: 10100100 01101101 10001011 00000100]```

And this subnet mask:

`  255.255.128.0 [binary: 11111111 11111111 10000000 00000000]`

The mask’s binary digits are set to 1 to indicate the positions of
an internet address that define the subnet. Conversely, it’s set to
zero for that portion of the address that defines the specific computer on
that subnet.

If we do the masking and converting and other what-have-you, we find
that of our example addresses #1 and #2 are on the same subnet:
164.109.0.0 while #3 is on a different subnet: 164.109.128.0.

Which after all this brings us to an even more important question:
why should we care?

It’s all about routing. When information flows across the internet,
it flows through equipment called “routers”. Routers look at the
IP address the information is destined for and decide on the best way to
get it there. A subnet is a quick way to know where the information
belongs. For example, a packet from our example #1 to example #2 is on the
same subnet so routers can take advantage of that information and not send
the packet anywhere else. A packet from #1 to our example #3 however is
destined for a computer on a different subnet and the routers handling
that packet will know to send it along a different path to get there.

To use our telephone analogy again, if I’m in Duvall making a call
on my 788-xxxx telephone to another 788-xxxx telephone then the phone equipment
knows that it doesn’t have to try anywhere else – it all happens within
the Duvall exchange. On the other hand, if I try to call a 483-xxxx number then
the 788 exchange needs to route my call to other equipment within my area
code that knows how to find the 483 exchange.

As you can imagine, I’ve only scratched the surface here. IP
addresses, subnets and supernets, routing, special purpose addresses,
network address translation; the internet’s a complicated world. If
you’re interested in reading further here are some resources:

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

58 comments on “What is a "subnet mask"?”

1. Best explanation I’ve ever seen on the subject!
I just now went from “what the heck is that all about, let’s just use 255.255.255.0” to “AHA.. Now I get it !!” (but will for now still use 255.255.255.0 🙂 )…
Thank you so much for clearing this up 😉

2. can u help, im tryin to set upmy xbox live and its askin me 4 my subnet mask .how do i find this

3. I’d need to know a lot more about your network setup, but 95% chance it’s 255.255.255.0.

4. Good. All the other places confused me

5. according to the tech guy at verizon my “ppp subnet mask’ has been changed to all 255’s by what he refered to as a fragment of some sort of spyware, now my computer apparently tries to log onto itself and after a few minutes my internet just crawls because of the lag. is there any way i can change that subnet mask back to another figure, the other two subnets are set to 255.255.0.0.
any help would be appreciated

6. i like this site

7. tell me how to devise subnet? thanks

8. What is a subnet mask. How we define it and whz it purpose in network.

9. Hi. I am supposedly on a two computer network in my home, but have a subnet mask address. Does this mean there is at least one other computer involved? I ask because I believe that there is another one involved in a situation where my internet activities are actually being monitored from a computer outside my home.

Your explanation was the only one of the ones on the internet that I could understand. Thank you for using the analogy.

10. There’s always a subnet mask, so seeing one doesn’t really tell you anyting about the presence of any other computers on the network.

11. This may be the wrong thread for this, but….

This is the analogy I use for people when I try and explain ip addys… Lets use the default ip for home networks, 192.168.1.1, and actual street addresses as an example.

192 = the country you live in
168 = the state you live in
1 = the city you live in
the second 1 = your actual street address

If you have an address of 192.168.1.1 and you send a letter to your neighbor, they would (theroiectily) have an ip address of 192.168.1.2
When the mail man picks up your letter to deliver it (acting like a router), he would look at the ip addy and see that the address is on the same street, so there would be no need to take it back to the office and send it to the recipient… He could simply walk next door and drop it off himself and it would get there very fast.

If you were sending a letter to the next city over, but they have the same street address as you… say 192.169.1.1 the mail man (router) would know to bring the letter back to the office and “route” it from there to the next city over and in turn, to the actual street address.

So on and so on up the line for country (192) and state (168).

That’s the best way I’ve found to explain it. Bringing dynamic ip’s (mobile homes) into the picture makes things a little more difficult.

12. hi i’m just getting into subnet masking, but i still don’t get it, is there any where which explain’s this in a more simple way
thanks

13. We have a dsl service that splits in our home and my husband uses one and myself the other on my computer for internet access. When I click on the icon it shows me surrounding area wireless users. Some with Secure Access and others with Unsecure access. In a discussion with neighbors, there is a concern that someone can get access into the computer by somehow overriding the subnet mask (router #’s). Is that even possible and should we be concerned or take any precautions to prevent it?

14. They don’t even have to play with the subnet mask. An unsecured wireless network can be used by anyone close enough to get a signal.

In cases like that, I strongly suggest enabling WEP, or “Wired Equivalent Privacy” on your wireless networks. It takes a little doing, and education.

15. hi mike. if what you said is true you live very close to me because my ip address is 192.168.0. not saying the rest. and my friend had 192.168.1. not telling rest but we live in the same town. i dont think that the third number means city.

16. 192.168 mean that you’re behind a router, and could be anywhere on the planet.

Mike was just using it as an example, he didn’t mean specificly that IP addresses implied physical location to that degree.

17. How do I find my subnet mask. I’m trying to ser up a router?

18. On the internet side, it’s something you should get from your ISP.

19. That tool will not tell you what your subnet should be. It’s simply a calculator that assists in determining the values to use. You still need to know, and enter, the details of your network configuration by hand … including what the subnet characteristics are.

20. hello,

i need know what is the meaning of subnet mask in the network standard.

21. i can prevent users accessing my computer using firewall settings for IP address and a subnet mask.
does that mean i can use the subnet mask to limit access to certain geographic areas ?

22. dear sir how can i calculat the subnet mask and what would be the subnet mask of the following Destination Addresses
182.220.10.4
121.10.3.4
140.10.34.30
164.9.2.1
220.64.32.4
92.1.3.8

waiting for your positive response.
best regards

23. what is the purpose of subnet masks?

24. Hi sir it is very nice but u can explen it. very esy way plz. how to we caluculet very esy way plz explen sir.

tanks

somu

25. Hi,
I need to find my IP-adress, Subnet Mask, Gateway, Primary DNS and Secondary DNS of my router to make a wireless connection. can you help me find em?

26. To find your IP-adress, Subnet Mask, Gateway, Primary DNS and Secondary DNS, do the following
click START -> RUN -> (type cmd in the text box on the RUN, click OK!) -> ipconfig /all (type it in the command prompt!)-> you got what you wanted!

27. how do i get my primary and my secondary dns

28. If you have a dynamic IP address, they should be set up automatically. Otherwise you get them from your ISP.

29. Leo, you ROCK!!!!

You just saved me a ton of headaches with the ipconfig /all tip!!

Thanks so much!!!

30. Thank you SO MUCH for the DOS help– It saved me HOURS of time on the phone with my ISP!

31. i still dont know how to find my subnet mask on my labtop after i did all of these

32. Leo, how will you determine the number of possible subnet masks available and the number of possible hosts available on the subnetwork?

33. How do i easily convert binary numbers to decimal, vice versa. I can do with my calculator, but have no clue how to manually. I googled it, but I just can’t understand it.

34. Subnet is broken down into 4 parts called octets (255.255.255.255) each 255 is an octet. Each octet is broken down into 8 bits which are either turned on (1) or off (0). Here is where 255 comes from: (8 bits) 1 1 1 1 1 1 1 1 <– 8 bits all turned on, still following? The bits break down like this 128 64 32 16 8 4 2 1 <– breakdown of what the bits stand for, still following? All bits turned on = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255 If the subnet mask was 255.255.255.248 the bits would look like this 11111111.11111111.11111111.11111000 (128 + 64 + 32 + 16 + 8 = 248) you don’t need the last three bits so they are turned off. Hope this helps, I’m not a teacher but this is the best I could do to try to explain it.

35. I just bought a router and its asking me for my IP address, Subnet mask, Gateway, and DNS1 and DNS2. Could you help me find those?

36. Normally that’s all information the router will get automatically from your ISP, OR your ISP will have to provide to you.

37. how do i find my subnet mask, gateway, and dns settings for my internet

38. —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFGES5vCMEe9B/8oqERAhTTAJ99A8kNbPIZTLJwlU2MuD1AVcpp8wCdHN8H
UuwQ3kTSohohCWprzH7OzPI=
=KWce
—–END PGP SIGNATURE—–

39. im compltely and thourly confused how do u get from having the 3 ip adress and the subnet mask to tell that their on the same subnet?
is it just b/c the the first number in the 3rd octet for #1 and 2 is 0 while on #it starts w/ 1?

Basicly what im asking is u said “If we do the masking and converting and other what-have-you, ” at one part. could u show what the “converting and other what-have-you,” b/c i basily have to be able to do a few wxample problems like this for my class and i have no clue what u did

40. I think it’s about using AND logic operator on every bit. 1*1=1, 0*1 = 0, 1*0=0, 0*0=0. Apply this on both ip#1 and ip#3 and see that results are different. In other words, the bits on 1 in the subnet mask says where the received packet address should be the same with the local address.

billy ray

42. how do i get to know what my subnet mask is and my gateway is

43. quit good info keep it up leo

44. Is the network mask the same as the subnet mask ?

45. Open a command prompt and type
ipconfig /all
this will tell you or IP settings, default gateway IP, etc…

46. where can i find the sub mask, gateway, the dns1 and dns2 at please help

Depends on the situation. It’s normally provided by whomever provides the network you are attempting to connect to.

– Leo
11-Oct-2008
47. im very confused with your explanation of subnet masks if i provide you my ip address could you please work out my subnet mask 78.145.35.16. thank you very much.

I can’t. That’s information that has to come from whomever provides your network connection.

– Leo
14-Oct-2008

48. Thank you for this! I’m in CCNA, and I’ve known how to subnet, and how to do the number crunching, but I just couldn’t figure out what the mask actually DID…Pretty bad, I know. Awesome tutorial though, pretty sure I understand now

49. good info indeed..but im pretty much confuzd on the binary numbers how do u convert into those?

50. how do i find my subnet mask number. i’m trying to log onto my router and i need my subnet mask number, gateway, dns 1 and dns 2 numbers

51. “The day you stop learning is the day you start becoming obsolete.”

Thank you Leo for taking the time to shed some Light on these,[Quote]…translation; the internet’s a complicated world. [/Quote]
So true.
And I also thank you for the links U provided 4 further reading on,,,

A+
Luc from Montreal, Qc, Canada

52. A man TQ i undustand this but i want how to claluc

53. Onbard a boat, I have multiple computers connected to the Lan side of a Router (192.168.133.241/ 255.255.255.240 DHCP on 242-250) and a wireless Bridge (DHCP off) connected to the WLAN side of the Router (DHCP client from whoever the Bridge connects with on land). I want the computers on the Lan side of the Router to have access to each other, to the internet (through the WAN port to the Bridge) and (HERE IS THE PROBLEM) to the BRIDGE itself (currently 192.168.133.192 on the router side. Except for the last step all of this works properly.Please help

54. I have one that says can’t find network location.

55. how do i find my subnet mask number. i’m trying to connect my sons x-box onto my router and i need my subnet mask number and gateway

56. Linda (“how do i find my subnet mask number”):

If using Windows VISTA just click once on the little circle in the lower left corner.
Then in ‘start search’ type RUN.
It will prompt “open” type CMD.
That will prompt a DOS window.
Type: IPCONFIG
Press Enter and all your info will appear.

In Windows XP
just click once on the little START button in the lower left corner.
Then click on RUN.
It will prompt a DOS window.
Type: IPCONFIG
Press Enter and all your info will appear.

Good Luck