Networking Fundamentals · intermediate · ~12 min
Read CIDR prefixes, compute network/broadcast addresses, and size a subnet.
CIDR writes a network as address/prefix. The prefix = network bits; 32 − prefix = host bits. /24 = 256 addresses, 254 usable. Membership test: (ip & mask) == (network & mask).
Scope is almost always handed to you as CIDR blocks. You must know how many hosts a block holds (to plan scans) and whether a given IP falls inside it (to stay in scope). Going outside the CIDR you were authorised for is going out of scope.
Prefix length. Leading network bits; the rest are host bits. Mask. prefix 1-bits followed by 0-bits. Network & broadcast. First and last address of the block, both unusable for hosts. Membership. (ip & mask) == (network & mask) — the bitwise test behind every "is this in scope?" check.
Subnetting splits an address space into smaller networks. CIDR (Classless Inter-Domain Routing) notation writes a network as address/prefix, where the prefix is how many leading bits are the network part.
192.168.1.0/24 means the first 24 bits are the network; the last 8 identify hosts.
255.255.255.0| CIDR | Mask | Addresses |
|---|---|---|
| /30 | 255.255.255.252 | 4 (2 usable) |
| /24 | 255.255.255.0 | 256 |
| /16 | 255.255.0.0 | 65,536 |
| /8 | 255.0.0.0 | 16,777,216 |
For 10.0.0.0/24: network address 10.0.0.0, broadcast 10.0.0.255, hosts 10.0.0.1–10.0.0.254.
A scope of 10.10.0.0/16 is 65k hosts — you plan a scan very differently than for a /29. "Is this IP inside that CIDR?" is the single most common scoping check, and it's pure bit masking: (ip & mask) == (network & mask).
CIDR /N means N network bits. Host count = 2^(32−N); usable = that minus 2. Network = first address, broadcast = last. Membership is a mask-and-compare — the bread-and-butter scoping computation.