What is a subnet mask? How to find, configure, and calculate it

A subnet mask is a number that sets the rules of how an IP address should be read. It helps systems identify the network and the devices (hosts) operating within it. You can usually find your subnet mask in your device’s network settings, or directly on your router. In this guide, we’ll explain what subnet masks are, how they work, and how to check or configure them on different devices.

Basics of IP addressing

Every device on a network needs an IP (Internet Protocol) address to identify itself. The IP is usually written in four numbers separated by dots, such as 192.168.1.10. Each number represents 8 bits, so the full address is 32 bits long (this applies to IPv4; IPv6 uses 64-bit prefix lengths instead of subnet masks — more on that later).

An IP address is divided into two parts:

• Network portion: identifies the larger network the device belongs to;
• Host portion: identifies the specific device within that network.

Subnet masks work alongside IP addresses to make this division clear.

What is a subnet mask?

A subnet mask is a 32-bit number that pairs with an IP address to show which part of the address identifies the network and which part identifies the host (device).

It works at the bit level:

• Network bits are represented by 1s;
• Host bits are represented by 0s.

In familiar dotted-decimal form, each group of 8 bits is written as a number:

• 255 = 11111111 (eight 1s → all network);
• 0 = 00000000 (eight 0s → all host).

For example:

• 255.255.255.0 → network.network.network.host (24 ones, 8 zeros);
• 255.255.0.0 → network.network.host.host;
• 255.0.0.0 → network.host.host.host.

When you combine the mask with an IP, you’re overlaying this rule onto the address. For example, with IP 192.168.1.10 and mask 255.255.255.0, the first three octets (192.168.1) mark the network, while the last octet (10) identifies the host. All devices with the same network portion of an address (here, 192.168.1.0) are on the same local subnet.

How do subnet masks work?

When a device wants to send data, it uses its subnet mask to check whether the destination IP is on the same local network. If yes, it sends the data directly. If not, the device passes the traffic to the router.

Subnet masks also define the broadcast address (the highest address in the subnet, used to send messages to all devices) and the range of usable host addresses. This makes subnetting essential for efficient communication, traffic control, and address management.

Masks aren’t limited to just 255s and 0s. They can also mix bits to create finer-grained subnets:

• 128 = 10000000;
• 192 = 11000000;
• 224 = 11100000;
• 240 = 11110000;
• 248 = 11111000;
• 252 = 11111100.

This flexibility is what makes subnetting practical: it lets administrators break up a large network into chunks that fit real needs, reducing wasted addresses and improving efficiency.

Commonly used subnet masks 

Some subnet masks appear frequently in home, office, and enterprise networks. Each defines how many devices (hosts) a network can support.

• 255.0.0.0 (/8): used in very large networks. Supports millions of hosts, but it’s rarely practical (having that many devices in one subnet can overwhelm the network and is difficult to manage);
• 255.255.0.0 (/16): used for medium to large networks. Allows up to 65,534 devices on a single network;
• 255.255.255.0 (/24): t he most common subnet mask, especially in home and small business networks. Supports up to 254 devices, which is more than enough for most local networks;
• 255.255.255.252 (/30): commonly used for point-to-point links between two devices, such as routers. It allows exactly two usable IP addresses.

What are the benefits and trade-offs of subnetting?

Subnetting with subnet masks (breaking up a large network) has several advantages over running a flat network — a single, undivided network where all devices share the same address space and broadcast domain.

Key benefits of subnetting include:

• Improved efficiency: instead of wasting large blocks of addresses, subnetting lets you divide them into smaller, usable networks;
• Reduced broadcast traffic: each subnet has its own broadcast domain, which helps cut down unnecessary traffic and improves performance;
• Better security and control: subnets can isolate sensitive devices (like servers or IoT equipment) from the rest of the network, making it harder for attackers to move around;
• Simplified management: smaller, well-defined networks are easier to troubleshoot, monitor, and organize.

The trade-offs are: 

• Increased complexity: planning and managing multiple subnets requires design and documentation;
• Risk of misconfiguration: overlapping subnets or wrong masks can lead to outages and connectivity issues;
• Inefficient in tiny address blocks: because two addresses are always reserved per subnet, very small ranges (like /30 or /29) leave you with only a couple of usable addresses;
• Heavier load on routers: more subnets mean more routes, which can increase processing load on routers.

Subnetting strikes a balance between performance, security, and scalability — but it introduces extra design and management overhead compared to leaving everything in a flat network.

How to find the subnet mask on different devices

Finding your subnet mask is usually just a matter of checking your device’s network settings. Here’s how to do it on common platforms:

On Windows

1. Press Win + R, type cmd, and press Enter.
2. In the Command Prompt, type ipconfig.
3. Look for your active network adapter. The subnet mask will appear next to Subnet Mask.

On macOS

1. Click the Apple menu → System Settings.
2. Go to Network and select your active connection (Wi-Fi or Ethernet).
3. Click Details.
4. Under the TCP/IP tab, you’ll see the subnet mask listed.

On iOS (iPhone/iPad)

1. Open Settings → Wi-Fi.
2. Tap the i (info) icon next to your connected network.
3. Scroll down — your subnet mask is listed under Subnet Mask.

On Android

Steps may vary slightly depending on device:

1. Open Settings → Network & internet → Wi-Fi.
2. Tap your connected network, then go to Advanced settings.
3. Look for IP settings — the subnet mask will be displayed there.

On a router

1. Log in to your router’s admin panel (usually by entering 192.168.1.1 or 192.168.0.1 in a web browser).
2. Enter your username and password.
3. Look for the LAN settings or Network settings page.
4. The subnet mask will usually appear alongside the router’s IP address.

What role do subnet masks play in network security?

Subnet masks aren’t just about organizing IP addresses — they also play a role in security. By dividing a large network into smaller subnets, you can limit how far traffic travels and better control communication between devices.

How subnetting improves security:

• Segmentation: sensitive devices — like servers, payment systems, or IoT (Internet of Things) devices — can be placed in their own subnet, making it harder for attackers to move laterally;
• Traffic control: firewalls and ACLs (Access Control Lists) can enforce rules between subnets, blocking unnecessary or risky traffic;
• Containment: if a device is compromised, subnetting helps contain the issue within that smaller network instead of affecting the entire system;
• Compliance and best practices: subnetting supports network segmentation required by security standards (e.g., PCI-DSS, HIPAA) and often goes hand-in-hand with VLANs in enterprise networks for layered protection.

However, subnetting also comes with risks: 

• Misconfigured masks: overlapping or incorrect subnet masks can accidentally expose systems to traffic they shouldn’t receive;
• Over-segmentation: too many small subnets can make security policies harder to manage consistently;
• Visibility: without proper monitoring, attackers inside a subnet may still move undetected within that local group.

Subnetting isn’t a complete security solution on its own, but when combined with firewalls, intrusion detection, and monitoring, it makes for a layered defense strategy.

Advanced topics and real-world considerations

Subnet masks are simple in concept, but in real-world networking, they tie into more advanced techniques and design choices.

Route summarization and supernetting

Instead of advertising dozens of small subnets individually, routers can group them into a single larger block (a process called route summarization or supernetting). This reduces the size of routing tables and makes networks more efficient.

IPv6 subnetting

IPv6 doesn’t technically use subnet masks in the same way as IPv4. Instead, it uses prefix lengths (e.g., /64). The idea is similar — prefix bits define the network, and the rest define hosts — but IPv6 has such a large address space that subnetting is focused more on logical organization than conserving addresses.

Cloud and virtualized environments

In modern cloud platforms — like AWS, Azure, and GCP — subnetting is essential for VPCs (Virtual Private Clouds) and isolating workloads. Subnets are used to separate public-facing resources (like web servers) from private internal systems (like databases).

Tools and automation

Network engineers often rely on IPAM (IP Address Management) tools and subnet calculators to plan, allocate, and document subnets. Automation is especially important in large or cloud-native networks where manual subnet management isn’t practical.

Conclusion: subnetting means smarter, more secure networks

A subnet mask works with an IP address to define the network and host portions, making communication and organization possible on any network. Knowing how subnet masks work — and how to find, configure, and calculate them — helps you manage devices more efficiently and securely. Whether at home, in the office, or in the cloud, subnetting is a core skill for keeping networks clear, scalable, and under control.

You’ve mastered IP organization — now it’s time for IP protection

Get reliable VPN protection and fast, stable connections with Surfshark 

See pricing