| 12.22.24 | Subnets For Less Threats

Splitting My Network.

Keeping today’s post short & sweet. For the past few weeks, I’ve been meaning to transfer the server I run to a separate subnetwork. The hope was to make it harder for any future hacker to laterally move across my network, should they ever get in. Now given that it is a home network, it was fairly simple to split my Class C into 4 subnets. By changing my subnet mask from 255.255.255.0 to 255.255.255.192, I borrowed 2 bits from my host portion to allow roughly 64 (technically 63) hosts per network.

Why 255.255.255.192 As Opposed To Any Other Number?

Further in-depth explanation on how it came out to …192, instead of any number. You may or may not already know that computers understand binary far better than anything else. By converting a default Class C subnet mask into binary, you get 4 separate octets holding 8 bits of 1s & 0s per octet. Which makes 255.255.255.0 into 11111111.11111111.11111111.00000000. All of those 1s & 0s are classified as network bits. 255 is the max while 0 is the minimum. Using the standard 8-Bit Octet Chart or 8-B.O.C, we can convert the subnet mask into binary.

As you may infer, from right to left, the numbers double until they reach 128. Added all up, it equals 255. However, to properly read and convert with the chart, you must read it from left to right as if you’re reading a normal IP address or Subnet mask. To find the binary version of an IP address or Subnet mask, you must add up bits of our 8-Bit Octet until it matches the first octet of our IP address or Subnet mask. With binary, you place a 1 if you need that number to add with, and a 0 if you do not need it. For example, to get to 255, you simply add all the numbers together, making the first octet 11111111… Do that until you get to the last octet for now. Which will make it 11111111.11111111.11111111… Now since you have a 0 in the default Subnet mask of 255.255.255.0, nothing in our Octet chart adds up to 0. So we mark them “unused” by placing 0s for the subnet mask octet. Making our default Subnet mask in binary 11111111.11111111.11111111.00000000.

Finding How Many Bits We Need.

Now we need to find out how many bits we need to take from our host octet (the 0s) to split our network into 4 subnets. Here’s how:

The second chart on the bottom (which is just double the first chart) represents the number of networks we may need. Earlier I mentioned that I split mine into 4 subnetworks. Using the bottom network chart, to acquire 4 subnets, I need to borrow 2 bits from my host’s octet. Real quick, let’s say I needed 6 subnets. The 4 I took would not be enough to suffice. So I must move to a larger number to ensure I have enough. The next larger number in our network chart is 8, which happens to be enough for 6 subnets (+2 left over if I wanted to expand.). So instead of borrowing 2 bits, I’d be borrowing 3 bits. Back to our original plan though. Because borrowing 4 networks costs 2 bits from my host octet, from the beginning of my host octet (left to right), the 0s must turn into 1s. So 11111111.11111111.11111111.00000000 turns into 11111111.11111111.11111111.11000000. Now that we have our Subnet mask in binary, we can convert it back into our readable decimal format.

Converting Binary Back To Readable Decimal.

To do this, let’s refer back to our first 8-Bit Octet Chart (the top one). Because the host octet now looks like this ….11000000 due to us “bit-borrowing” for our 4 networks, we need to find out what number it equates to for our new subnet mask. Reading left to right of our first octet chart, the first two bits are 1 (which in this case means they are selected) & the rest are 0s (which means they are not selected). Since our first two bits of the chart 128 & 64 are selected, we need to add them up to get our new number for our host octet. With quick addition, we find that it equates to 192. Now our subnet mask which can allow 4 subnets looks this: 255.255.255.192. Hope this helps!

Thanks For Reading!

I know I said I’d keep this short & sweet, but I thought now was a great time to teach you how subnet masks are retrieved. It isn’t a random roulette of numbers. There are specific ways to do things in the networking world. Hope you learned a little about binary, subnet masks, & how to convert them. If you’d like a more in-depth and better tutorial, I’ll host a link to two great YouTube videos that helped me understand it perfectly when I was learning.

Tutorial Links: