Crypto & Hashing · 1 min read

IP Address and CIDR Subnet Analysis

IP addresses and CIDR notation are the language of network security. Every firewall rule, every blocklist entry, and every network log uses them. Being able to quickly calculate whether an IP falls within a subnet, expand a CIDR range, or identify if an address is private vs. public is a fundamental skill for security work.

Try it now

IP/CIDR Calculator

Runs in your browser, nothing leaves your device.

CIDR notation combines an IP address with a prefix length: 192.168.1.0/24 means the first 24 bits are the network part, leaving 8 bits for host addresses (256 IPs, 254 usable). /32 is a single host. /16 is 65,536 addresses. /8 is 16.7 million. When reviewing firewall rules, understanding the scope of each CIDR block tells you exactly what traffic is being allowed or blocked.

10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are private (RFC 1918). 127.0.0.0/8 is loopback. 169.254.0.0/16 is link-local. If you see these in external-facing logs, it might indicate a misconfigured proxy, SSRF vulnerability, or spoofed header. In SSRF testing, knowing which ranges are internal helps identify what an attacker might target.

CIDR range expansion

Input
10.0.0.0/24
Result
Range: 10.0.0.0 - 10.0.0.255 (256 addresses, 254 usable hosts)

Security context

Overly broad CIDR ranges in firewall rules are a common misconfiguration. A /16 allow rule where a /28 would suffice exposes thousands of unnecessary IP addresses. When auditing network rules, always calculate the actual scope of each CIDR block.

Convert both the IP and the subnet to binary, apply the subnet mask, and compare the network portions. Or use a CIDR calculator tool: enter the IP and the CIDR range, and it will tell you whether the address falls within that network.

Related techniques

Comparing (/4):

Tool Comparison

Feature
Type
Pricing
Platforms
Description