TCP/IP netmasks explained

Talks about most anything... No SPAM! No advertising! No lingo, ebonics, or street talk! Period! End of story...

Moderator: Forum Moderators

TCP/IP netmasks explained

Postby wkitty42 » Tue Mar 29, 2005 12:48 am

the following is posted here with full permission of the author. this conversation took place in the Fidonet WIN95 echo.

----[ WIN95 ]-----------------------------------------------------------------
On: Sat 26 Mar 2005 16:47 (Sent: Sat 26 Mar 2005 16:49)
By: mark lewis
Re: lan
St: Local Sent

[CHOMP to get to the meat]

ML>> yeah, that can be a problem... on the netmask stuff, that's
ML>> TCP/IP related and would be located in areas that
ML>> specialize in teaching about TCP/IP basics...

CA> Maybe so but do people really want to _study_ TCP/IP or do
CA> they just want a direct/simple answer?

i dunno that there is a simple answer...

a netmask is, as it says, a mask... actually, you and i can consider it an AND mask... ya gotta go to the BIT level, too... the easy thing to remember is that lets everything in where the first three octets are the same...

Code: Select all
 ie: 192.168.5.x   with  allows 192.168.5.*
    192.168.45.x  with  allows 192.168.45.*

   but neither will allow the other without some assistance

here's another

Code: Select all
 ie: 192.168.5.x   with  allows 192.168.*.*
    192.168.45.x  with  allows 192.168.*.*

   so both networks can talk to each other...

one problem, too, is that some rules are enforced by some setups... since 192.168.x.y is classified as a Class C network, many times, only is allowed...

ok, here's the bit level stuff... let's take a connection between and

Code: Select all     ==  11000000 10101000 00000101 00000101    ==  11000000 10101000 00000101 00001010       11111111 11111111 11111111 00000000

the netmask gives us   11000000 10101000 00000101 00000000

the first three octets in the masked ANDed address match with the first three octets of each of the addresses... the last octet we don't care what address it is... so the data flows...

in the above, there are 24 "mask" bits and 8 "host" bits...

Code: Select all

the "fun" part comes when you want to subnet a network... lets play with taking the 192.168.4 network (256 addresses) and split it down into various subnets...

a netmask of gives us two subnets with 126 addresses each... the first and last address in each block is reserved (256 / 2 = 128 - 2 = 126 usable) ... the first is the network's address and the last is the broadcast address... this gives us 25 "mask" bits and 7 "host" bits...

Code: Select all
'n' = "mask" bits       'h' = "host" bits

 2 subnets   nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh  126 addresses
               255      255      255      128
 4 subnets   nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh   62 addresses
               255      255      255      192
 8 subnets   nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh   30 addresses
               255      255      255      224
16 subnets   nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh   14 addresses
               255      255      255      240
32 subnets   nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh    6 addresses
               255      255      255      248
64 subnets   nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh    2 addresses
               255      255      255      252

so... taking our example from up above...

Code: Select all     ==  11000000 10101000 00000101 00000101    ==  11000000 10101000 00000101 00001010     11111111 11111111 11111111 11110000

the netmask gives us   11000000 10101000 00000101 00000000

so these two can talk directly... however, using a 6 address subnet...

Code: Select all     ==  11000000 10101000 00000101 00000101    ==  11000000 10101000 00000101 00001010     11111111 11111111 11111111 11111000

the netmask gives us   11000000 10101000 00000101 00001000

and they can't talk because the .5 address doesn't fit into the ANDed mask with the .10 (ie: in the same network)... here's the break down...

Code: Select all
Subnet         Netmask          Host Range           Broadcast - 6 - 14 - 22 - 30 - 38 - 46 - 54 - 62 - 70 - 78 - 86 - 94 - 102 - 110 - 118 - 126 - 134 - 142 - 150 - 158 - 166 - 174 - 182 - 190 - 198 - 206 - 214 - 222 - 230 - 238 - 246 - 254

you can see that the .5 address is in the first network whereas the .10 is in the second network... they can't talk to each other directly thru a hub or switch so they need a router between them...

this is all the "easy" stuff... "easy" because its only working with the last octect... but it is basically the same thing up thru the other octects... from what i've seen, if one wants to really learn all about netmasks and subnets and such, one is better off to take a networking class like a cisco certification class or similar... its either that or, like me, you keep plugging away at it until it really starts to fit and make sense ;)

ML>> netbeui is used because that's what m$ designed their
ML>> networking (network neighborhood) stuffs around... the big
ML>> question is whether or not to use netbeui wrapped within
ML>> tcp/ip packets... netbeui is not routable and thus cannot
ML>> travel between different wiring networks... it needs a
ML>> routable protocol like tcp/ip to carry it into different
ML>> wiring networks...

CA> Define "wiring networks" please.

my phrasing... used to signify a network of machines physically connected by
wires to one hub or stack of chained hubs... think of an office building where
each floor may be its own network block...

Code: Select all
  1st == - 255
  2nd == - 255
  3rd == - 255
  4th == - 255

all the machines on each floor can talk to each other (with a netmask of but can't talk to other machines on other floors... there would have to be a router connection connecting the floors together for them to be able to communicate across the network boundaries...

ML>> i know that last part sounds confusing and that's where the
ML>> use of a hub or switch comes in to play verses using a
ML>> router... in most cases...

CA> Sounds like NetBEUI is a leftover from the "network wars" when
CA> IBM was pushing token ring and others Novell or Lantastic. :-)

lantastic was a netbios network as was personal netware ;) there were others, too, but i can't think of them at the moment...

ML>> m$ has also gone so far, in recent releases, as to not use
ML>> netbeui stuffs... they are still using that method but now
ML>> they are building the netbeui packets directly without
ML>> using the netbeui protocol to do it for them... they are
ML>> then taking these self-built packets and transporting them
ML>> via tcp/ip... the overall effect is the same but the under
ML>> the hood methods are much different...

CA> Sounds as though they are 'hiding' NetBEUI to me which doesn't
CA> surprise me in the least. This nonstandard methodology being
CA> forced onto users has gone _way_ past the point of being
CA> competitive into the realm of egos and arrogance IMO.

i can agree to a point... i can't say that they are "hiding" netbeui but i think they see the greater benefits of using tcp/ip since it is routable... i think part of the problem is that they still need some way to keep their stuff encapsulated to make it somewhat harder to snoop on... then again, it may be as simple as not wanting to rewrite all the guts of the networking stuff that's built around netbios when they only need to remove one network layer and fake that layer in one driver...

it may also be part of their propietary stuffness trying to keep things not working with other OS' so that folk will stay in the m$ henhouse...

i wonder what'll happen to m$ when billyboy passes on...


* Origin: (1:3634/12)
User avatar
solar system
Posts: 3733
Joined: Fri Mar 26, 2004 5:06 pm
Location: Central North Carolina, USA

Return to General Chat

Who is online

Users browsing this forum: CommonCrawl [Bot] and 0 guests