How devices on the internet find each other, and how we divide networks into useful zones โ the "moles" of networking.
An IP address = 4 numbers (IPv4) identifying a device on a network. Public IPs are unique globally; private IPs (10.x, 172.16โ31.x, 192.168.x) are reused inside every home/office. NAT translates between them. Subnet mask (or CIDR like /24) says which part of the address is the network and which is the host. Subnetting divides one network into smaller networks โ essential for security segmentation, which links directly to Chapter 14's network defence strategies.
5.1 What an IP Address Actually Is
An IPv4 address is four numbers separated by dots: 192.168.1.42. Each number is 0โ255 (because it's 8 bits = 2โธ = 256 possible values). So an IPv4 address is 32 bits total โ 4 bytes.
When you connect a device to a network, it gets an IP. This address has two jobs:
Identify the network โ which network the device is on
Identify the host โ which specific device within that network
Think of it like a street address: "42 Parker Lane" has a street (the network) and a house number (the host). The postal service uses the street first to get the mail to the right suburb, then the house number to find the specific property. Routers do exactly the same thing with IP addresses.
CONNECTION TO CHAPTER 4: Remember that IP addresses live at Layer 3 (the Internet/Network layer)? Subnetting is how that layer works efficiently. Without subnets, every router would need to know where every single device on Earth lives. With subnets, routers only need to know where networks live โ they hand the last-mile delivery to local routers. This is how the internet scales to billions of devices.
5.2 Public vs Private IPs
Not every IP address is reachable from the internet. Some ranges are reserved for private use โ they only work inside a local network and are re-used by millions of homes and offices.
Range
CIDR
Where you'll see it
10.0.0.0 โ 10.255.255.255
10.0.0.0/8
Large corporate networks, schools, ISPs
172.16.0.0 โ 172.31.255.255
172.16.0.0/12
Medium corporate networks
192.168.0.0 โ 192.168.255.255
192.168.0.0/16
Home routers, small offices (most common one you'll see)
Check your phone's IP right now on your home Wi-Fi โ it'll almost certainly be something like 192.168.0.x or 192.168.1.x. That's private. Your neighbour's phone has the same private IP range too โ and that's fine, because private IPs don't travel outside your local network.
Why we have private addresses at all
IPv4 only has about 4.3 billion possible addresses (2ยณยฒ). That sounds like a lot, but it's not enough for every phone, laptop, smart TV, and fridge on Earth. Private addressing + NAT was invented to stretch the IPv4 pool by letting millions of homes share one public IP.
# Find your device's IP address ipconfig# Windows ifconfig# Mac/Linux (or use: ip addr)
# Look for "IPv4 Address" โ it'll almost certainly start with 192.168, 10., or 172.16-31. # That's your PRIVATE IP (inside your home/school network). # Now visit whatismyipaddress.com โ that shows your PUBLIC IP (what the internet sees). # Different addresses! The gap is filled by NAT.
5.3 NAT โ How Private IPs Reach the Internet
Network Address Translation (NAT) is a feature of your home router that lets many devices with private IPs share one public IP.
All 4 home devices appear to the internet as a single IP. The router keeps a translation table to route responses back to the right device.
HOW NAT USES PORTS: When your laptop (192.168.1.5) asks for google.com, the router rewrites the "from" address to its public IP and picks an unused port number. When Google replies, the router sees the port and knows "oh, that was the laptop's request" and forwards the reply back. The combination of IP + port (a socket โ remember from Chapter 4) is what makes this work.
TRAP: Students sometimes say "NAT makes me anonymous on the internet." It doesn't. Your ISP still knows which public IP is yours, and can correlate that with your account. NAT just means other websites can't directly see individual devices inside your home. It's about address sharing, not privacy.
SECURITY SIDE-EFFECT OF NAT: Because devices behind NAT have no public IP, they're not directly reachable from the internet. An attacker can't just scan your phone's private IP and exploit it. This is an incidental security benefit โ NAT wasn't designed as a firewall, but it behaves somewhat like one. Don't rely on it as your only defence; a real firewall does this job properly and is explained in Chapter 14.
5.4 IPv4 vs IPv6
IPv4 is running out of addresses. The global pool was officially exhausted in 2011, though ISPs have been stretching supply with tricks like carrier-grade NAT. The permanent fix is IPv6.
IPv4
IPv6
Address size
32 bits
128 bits
Total addresses
~4.3 billion
~340 undecillion (3.4 ร 10ยณโธ)
Example
192.168.1.42
2001:0db8:85a3::8a2e:0370:7334
Notation
Decimal, dots
Hexadecimal, colons
NAT commonly needed?
Yes โ addresses are scarce
No โ every device gets its own public address
Built-in encryption
No (optional IPsec)
Designed with IPsec support (but not always enabled)
For your exam, you mostly work with IPv4 because that's what the subnetting questions use. Know that IPv6 exists, it's coming, and it solves the exhaustion problem.
TRAP: "IPv6 is more secure than IPv4" โ be careful with this claim. IPv6 has some improvements (mandatory IPsec support, no NAT confusion), but it also has its own attack surface. Poorly-configured IPv6 can actually reduce security because admins may not realise it's enabled. The right answer is: "IPv6 has stronger security design, but real-world security depends more on configuration than on protocol version."
5.5 Subnet Masks and CIDR Notation
An IP address alone doesn't tell you which part is the network and which is the host. You need a subnet mask for that.
The subnet mask is another 32-bit number that says "everything covered by a 1 is network, everything covered by a 0 is host."
Subnet mask
CIDR notation
Network bits
Host bits
Usable hosts
255.0.0.0
/8
8
24
16,777,214
255.255.0.0
/16
16
16
65,534
255.255.255.0
/24
24
8
254 (most common!)
255.255.255.128
/25
25
7
126
255.255.255.192
/26
26
6
62
255.255.255.224
/27
27
5
30
255.255.255.240
/28
28
4
14
255.255.255.252
/30
30
2
2 (point-to-point)
CIDR SHORTHAND:192.168.1.0/24 means "the network starting at 192.168.1.0 where the first 24 bits are the network part." It's equivalent to saying "subnet mask 255.255.255.0" but shorter. Always prefer CIDR notation in exam answers โ it's what industry uses and what examiners expect.
Why "usable hosts" is total โ 2
Every subnet reserves two addresses that can't be assigned to devices:
Broadcast address (all host bits = 1) โ used to send to every device in the subnet, e.g., 192.168.1.255
So a /24 has 2โธ = 256 total addresses, but 256 โ 2 = 254 usable. A /26 has 2โถ = 64 total, 62 usable. Usable hosts = 2^(host bits) โ 2. Drill this formula.
5.6 Worked Examples โ The Core Subnetting Skill
For an ATAR exam, you need to be able to do four things from an IP + mask:
Identify the network address
Identify the broadcast address
Identify the range of usable host addresses
Calculate the number of usable hosts
Example 1: IP = 192.168.1.42, Mask = /24 (255.255.255.0)
Host bits: 32 โ 24 = 8 bits
Total addresses: 2โธ = 256
Usable hosts: 256 โ 2 = 254
Network address (host bits = 0): 192.168.1.0
Broadcast address (host bits = all 1s, so last octet = 255): 192.168.1.255
Usable range: 192.168.1.1 to 192.168.1.254
Example 2: IP = 192.168.1.200, Mask = /26
Host bits: 32 โ 26 = 6 bits
Total addresses per subnet: 2โถ = 64
Usable hosts: 64 โ 2 = 62
Subnets increment by 64 in the last octet: 0, 64, 128, 192
IP 192.168.1.200 falls in the subnet starting at 192.168.1.192 (because 192 โค 200 < 256)
Network address: 192.168.1.192
Broadcast address: 192.168.1.255 (192 + 64 โ 1)
Usable range: 192.168.1.193 to 192.168.1.254
Example 3: IP = 10.0.5.77, Mask = /20
Host bits: 32 โ 20 = 12 bits
Total per subnet: 2ยนยฒ = 4,096
Usable hosts: 4,096 โ 2 = 4,094
With /20, the mask has 4 bits into the third octet (24 โ 20 = 4), so the third octet increments by 16 (2โด): subnets at 10.0.0.0, 10.0.16.0, 10.0.32.0, etc.
10.0.5.77 falls in the 10.0.0.0 subnet (because 0 โค 5 < 16)
Network address: 10.0.0.0
Broadcast: 10.0.15.255
Usable range: 10.0.0.1 to 10.0.15.254
THE MAGIC NUMBER METHOD: For masks like /26, /27, /28 etc., find the "magic number" = 256 โ last-octet-of-mask. For /26 (mask ends .192), magic = 256 โ 192 = 64. Subnets start at multiples of the magic number (0, 64, 128, 192). Find which multiple the IP falls into, and that's your network. This is the fastest subnetting method for exams.
5.7 Designing Subnets โ Going the Other Way
The other exam-style question: "You need to split a /24 network into 4 equal subnets. Design them."
Splitting 192.168.10.0/24 into 4 equal subnets
Original network: /24 gives 256 addresses
Need 4 subnets โ borrow 2 host bits (2ยฒ = 4 subnets). New mask: /24 + 2 = /26
Each subnet gets: 64 addresses (62 usable hosts)
The four subnets, by network address:
Subnet 1: 192.168.10.0/26 โ range .1 to .62, broadcast .63
Subnet 2: 192.168.10.64/26 โ range .65 to .126, broadcast .127
Subnet 3: 192.168.10.128/26 โ range .129 to .190, broadcast .191
Subnet 4: 192.168.10.192/26 โ range .193 to .254, broadcast .255
The same logic works for other splits: 2 subnets = /25, 8 subnets = /27, 16 subnets = /28, etc. Every extra bit borrowed = doubles the subnet count and halves each subnet's size.
5.8 The Security Connection โ Why Subnetting Matters Beyond Routing
This is the part students often miss, but it's heavily examined: subnets are how you build security zones.
Remember the Medibank breach? The attacker got into one system and then moved laterally across the whole network. If the internal network had been segmented into subnets โ one for reception, one for clinical staff, one for the database server, one for IoT devices โ the attacker would have been stopped at a zone boundary where a firewall could enforce rules like "reception subnet cannot talk to database subnet."
This is called network segmentation, and it's one of the most powerful security controls you'll learn. It works because subnets are already a natural place for routers and firewalls to enforce rules.
TYING IT TO CIA: Subnetting strengthens all three CIA pillars. Confidentiality: sensitive data can be isolated to its own subnet. Integrity: only authorised subnets can modify critical data. Availability: a DDoS against one subnet doesn't take down others. This is why Chapter 16 (secure design) always starts by identifying which zones/subnets to create.
EXAM TEMPLATE for subnet-related design questions:
"The network will be divided into [N] subnets: [list]. Each subnet corresponds to a trust zone with different access requirements. Traffic between subnets is controlled by firewall rules enforcing the principle of least privilege โ for example, the guest Wi-Fi subnet cannot initiate connections to the server subnet. This reduces the blast radius of any compromise: if one subnet is breached, the attacker cannot freely reach other zones."
5.9 Special IP Addresses To Know
Address
Purpose
127.0.0.1
Loopback โ refers to the device itself. Also written as "localhost." Traffic sent here never leaves the machine.
0.0.0.0
"Any address" โ often used in firewall rules or when a device doesn't yet have an IP
169.254.x.x
Link-local / APIPA โ Windows assigns this when DHCP fails. If you see this, DHCP is broken.
255.255.255.255
Broadcast โ sends to everyone on the local network
192.0.2.x, 198.51.100.x, 203.0.113.x
Reserved for documentation/examples (that's why we use 203.0.113.x in our diagrams โ it's guaranteed not to be real)
5.10 Quiz Time
Given IP 172.16.25.100/20, what is the network address?
/20 means 12 host bits. 32 โ 20 = 12. The third octet has 4 host bits (24 โ 20 = 4), so subnets increment by 16 in the third octet. Subnets: 172.16.0.0, 172.16.16.0, 172.16.32.0, ...
25 falls between 16 and 32, so it's in the 172.16.16.0 subnet. Network address: 172.16.16.0/20
A school needs 3 subnets for Students, Staff, and Admin, each with at least 50 users. What CIDR mask is the smallest that works?
Each subnet needs 50 usable hosts, so 50 + 2 (network + broadcast) = 52 addresses minimum. The smallest power-of-2 that's โฅ 52 is 64 (2โถ). That means 6 host bits, so the mask is 32 โ 6 = /26. Each /26 subnet holds 62 usable hosts โ comfortably covers 50 users per zone with room to grow.
Explain why "just using NAT" is not a substitute for a firewall.
NAT prevents unsolicited inbound connections (the router has no mapping for incoming requests that weren't started from inside), but it doesn't inspect traffic contents, block malicious domains, or enforce policy. Attacks that initiate from inside (e.g., malware calling out to a command-and-control server, a phishing click that downloads a payload) pass through NAT freely. A proper stateful firewall adds rule-based filtering on top. NAT is an address-sharing mechanism that happens to block some inbound traffic as a side effect โ not a real security control.
If IP 192.168.50.200 is on a /28 network, what are the network address, broadcast, and usable range?
/28 = 4 host bits, 16 addresses per subnet, magic number 256 โ 240 = 16. Subnets: .192, .208, .224, .240. 200 falls in the .192 subnet (192 โค 200 < 208). Network: 192.168.50.192 Broadcast: 192.168.50.207 (192 + 16 โ 1) Usable: 192.168.50.193 to 192.168.50.206 (14 hosts)