What I Learned Today: Subnetting and CIDR — Finally Makes Sense Now!

Muhammad Bilal AkhtarMuhammad Bilal Akhtar
3 min read

Today I want to talk about a topic that sounded scary at first, but turned out to be really satisfying once I understood the concept — Subnetting and CIDR Notation.

When I first heard the word subnetting, I thought it was going to be a math-heavy nightmare. But now, after breaking it down step by step, I realized that it’s actually more about organization and network efficiency than anything else.

What Is Subnetting (And Why Do We Use It)?

So, here’s how I understand it:

Subnetting is basically the art of dividing a big network into smaller parts. Why do that? Because when networks grow big, it becomes hard to manage traffic, security, and communication. Subnetting helps keep things neat, controlled, and secure.

It’s like having a huge group chat and then creating smaller topic-based groups inside it. Now things are easier to find and manage.

Understanding Subnet Mask (e.g., 255.255.255.0)

This mask tells the network, “Here’s where the network part ends and the host part begins.”

The most common subnet mask is 255.255.255.0, which means:

  • The first 3 octets (24 bits) are the network portion.

  • The last octet (8 bits) is used for hosts in that subnet.

This setup allows 256 IP addresses in total (0–255), where:

  • 1 is used for network address

  • 1 is used for broadcast address

  • Remaining 254 are usable for hosts

CIDR Notation (e.g., /24, /16, /8)

CIDR (Classless Inter-Domain Routing) is just a cleaner way to show the subnet mask.

Example:

  • 192.168.1.0/24 → Same as 255.255.255.0

  • /24 = 24 bits are for network, rest for host

So:

  • /24 = 256 addresses (common in homes/offices)

  • /16 = 65,536 addresses (big internal network)

  • /8 = Over 16 million addresses (used by ISPs, large corps)

This notation is now used everywhere instead of the old class-based system.

Network Portion vs Host Portion

When you look at an IP like 192.168.1.0/24, the /24 part tells you:

  • The first 24 bits = network portion

  • The last 8 bits = host portion

The host portion is what gets distributed to devices inside the subnet.

So if your subnet is 192.168.1.0/24, possible usable host IPs range from:
192.168.1.1 to 192.168.1.254

Why This Matters in Real Life

This concept is not just theory. When you’re analyzing logs in a SOC (Security Operations Center), you’ll often need to know:

  • Is this IP from the same subnet?

  • Is this internal or external traffic?

  • Are we seeing connections from unknown subnets?

Knowing how subnetting works helps you spot suspicious patterns faster.

My Daily Study Routine (if you're curious)

I try to stay consistent and organized every day with this study schedule:

  • 1 hour – Revision of what I learned the previous day

  • 2 to 2.5 hours – Deep dive into the current topic (like Subnetting today)

  • 30 minutes – Take a test to check what I’ve really understood

  • 30 minutes – Light preview of the next topic (so my brain is ready for tomorrow)

This routine helps me stay on track without burning out.

10
Subscribe to my newsletter

Read articles from Muhammad Bilal Akhtar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

subnettingsubnetmask#cybersecuritySOCAnalystlearningLearning Journey#learning-in-public

Written by

Muhammad Bilal Akhtar
Muhammad Bilal Akhtar