1.0.0.0 – 126.255.255.255
Tier-1 ISPs, very large enterprises, legacy U.S. government allocations. Includes RFC 1918 10.0.0.0/8 inside.
Field Guide · Networking · Interactive Tool
IPv4 Address Analyzer & Class Reference for Infrastructure Engineers
A production-grade interactive utility for classifying any IPv4 address — public, private, loopback, APIPA, multicast, reserved, CGNAT, broadcast, TEST-NET, and benchmarking ranges — with historical Class A–E mapping, default subnet masks, operational context, and visual reference diagrams. Built for the engineers who actually have to make networks work, and explained in plain English for everyone who has to talk to them.
Classify an IPv4 Address
Paste or type any IPv4 address. Results compute locally and announce via screen reader. Press Enter to analyze, Esc to clear.
Examples
Subnet calculator
Type any IPv4 address with a CIDR prefix into the analyzer above
(e.g. 192.168.1.42/24). The calculator activates the moment
your input contains a /; without one, the analyzer runs as
it always did. Edge cases honored: /31 point-to-point per
RFC 3021
(two usable hosts, no broadcast), /32 host route (one
address, zero usable), /0 default route (the full IPv4
space).
CIDR reference table
Every prefix from /8 through /32 with its
subnet mask, wildcard mask, total addresses, usable host count, and a
real-world example. The row matching your current calculator input is
highlighted automatically.
| Prefix | Subnet mask | Wildcard mask | Total addresses | Usable hosts | Real-world example |
|---|---|---|---|---|---|
/8 | 255.0.0.0 | 0.255.255.255 | 16,777,216 | 16,777,214 | Class A allocation; legacy /8 |
/9 | 255.128.0.0 | 0.127.255.255 | 8,388,608 | 8,388,606 | Half of a /8 |
/10 | 255.192.0.0 | 0.63.255.255 | 4,194,304 | 4,194,302 | CGNAT (100.64.0.0/10) |
/11 | 255.224.0.0 | 0.31.255.255 | 2,097,152 | 2,097,150 | Large carrier aggregation |
/12 | 255.240.0.0 | 0.15.255.255 | 1,048,576 | 1,048,574 | RFC 1918 172.16.0.0/12 |
/13 | 255.248.0.0 | 0.7.255.255 | 524,288 | 524,286 | Mid-tier ISP block |
/14 | 255.252.0.0 | 0.3.255.255 | 262,144 | 262,142 | Regional ISP allocation |
/15 | 255.254.0.0 | 0.1.255.255 | 131,072 | 131,070 | Mid-large enterprise |
/16 | 255.255.0.0 | 0.0.255.255 | 65,536 | 65,534 | Class B; campus net (192.168.0.0/16) |
/17 | 255.255.128.0 | 0.0.127.255 | 32,768 | 32,766 | Subdivided /16 |
/18 | 255.255.192.0 | 0.0.63.255 | 16,384 | 16,382 | Large data center pod |
/19 | 255.255.224.0 | 0.0.31.255 | 8,192 | 8,190 | Office building / VLAN parent |
/20 | 255.255.240.0 | 0.0.15.255 | 4,096 | 4,094 | Office / campus VLAN parent |
/21 | 255.255.248.0 | 0.0.7.255 | 2,048 | 2,046 | VLAN parent / branch office |
/22 | 255.255.252.0 | 0.0.3.255 | 1,024 | 1,022 | ~1k host VLAN |
/23 | 255.255.254.0 | 0.0.1.255 | 512 | 510 | ~512 host VLAN; double-/24 |
/24 | 255.255.255.0 | 0.0.0.255 | 256 | 254 | Typical LAN (Class C; default subnet) |
/25 | 255.255.255.128 | 0.0.0.127 | 128 | 126 | Half LAN (~126 hosts) |
/26 | 255.255.255.192 | 0.0.0.63 | 64 | 62 | Quarter LAN (~62 hosts) |
/27 | 255.255.255.224 | 0.0.0.31 | 32 | 30 | Small VLAN (~30 hosts) |
/28 | 255.255.255.240 | 0.0.0.15 | 16 | 14 | Mini VLAN (~14 hosts) |
/29 | 255.255.255.248 | 0.0.0.7 | 8 | 6 | Server cluster (~6 hosts) |
/30 | 255.255.255.252 | 0.0.0.3 | 4 | 2 | Point-to-point WAN (~2 hosts) |
/31 | 255.255.255.254 | 0.0.0.1 | 2 | 2† | P2P link, RFC 3021 (2 hosts) |
/32 | 255.255.255.255 | 0.0.0.0 | 1 | 0‡ | Host route (single address) |
† RFC 3021:
on a /31 point-to-point link both addresses are usable; there is no broadcast.
‡ A /32 identifies a single host route — no usable host
count because there is no network/broadcast pair to subtract.
What an IPv4 Address Actually Is
Every IPv4 address you've ever seen — 192.168.1.10, 8.8.8.8, your home router's 192.168.0.1 — is the same thing underneath: a single 32-bit number, written for humans as four decimal numbers separated by dots. Each dot-separated number is called an octet because it's 8 bits. Four octets × 8 bits = 32 bits total. About 4.3 billion possible addresses, which sounded like infinity in 1981 and now feels claustrophobic.
192.168.1.10 in three notationsThe IPv4 address 192.168.1.10 broken into its four octets, each shown in decimal, binary, and hexadecimal. A bracket below shows the total 32-bit length.
Plain English
Think of an IPv4 address like a phone number written as (212) 555-1234 — humans use the dashes for readability, but the phone system stores it as a single 10-digit number. Same idea: 192.168.1.10 is just an easier way to write the 32-bit binary number 11000000.10101000.00000001.00001010. The dots are a courtesy to your eyes.
↑ Try any address in the analyzer above — the result panel shows the same three notations for whatever you type.
Historical IPv4 Address Classes
The IETF originally divided the IPv4 space into five classes (A–E) by the first octet. Although CIDR replaced this model for routing decisions in 1993, the classful boundaries still appear as default subnet masks, in legacy device configurations, and in the muscle memory of every network engineer. Each card below corresponds to a row in the engine above — analyze any address and the matching class is highlighted with a blue border.
128.0.0.0 – 191.255.255.255
Universities, mid-large enterprises, government agencies. Includes RFC 1918 172.16.0.0/12 and APIPA 169.254.0.0/16.
192.0.0.0 – 223.255.255.255
Small LANs, SMB networks, default home-router subnets. Includes RFC 1918 192.168.0.0/16 and the three TEST-NET ranges.
224.0.0.0 – 239.255.255.255
Multicast group addresses. Used for routing protocols (224.0.0.5/6 = OSPF), discovery (224.0.0.251 = mDNS), streaming, and replication.
240.0.0.0 – 254.255.255.255
Reserved for future use. Most production stacks refuse to bind, route, or accept these as source/destination.
The First-Octet Fingerprint
Classes A–E aren't arbitrary — they're defined by the leading bits of the first octet. The original RFC 791 designers used a clever trick: the first few bits of an address encode its class, so a router can determine the network/host split just by looking at the first 1–4 bits. Modern CIDR ignores this entirely, but the fingerprint is why 10.x.x.x is Class A and 192.x.x.x is Class C.
Five rows showing the 8-bit first-octet pattern for Class A, B, C, D, and E. Each row highlights the fixed leading bits in blue and the variable bits in gray.
↑ Try 8.8.8.8 — the binary breakdown row shows 00001000, leading 0 = Class A. Try 192.168.1.1 — leading 110 = Class C.
Why Classful Addressing Existed
When IPv4 was standardized in RFC 791 (1981), the internet was a research network of a few hundred hosts. The address space was carved into rigid classes so a single byte (the first octet) determined the prefix length. A Class A allocation gave one organization 16.7 million addresses. A Class B gave 65,534. A Class C gave 254. There was no in-between.
That model worked for a few years. By the late 1980s, allocations were being granted to organizations that needed maybe 3,000 hosts — far more than a Class C (254) but a tiny fraction of a Class B (65k). The IETF watched the IANA pool drain faster than usage actually demanded. The fix arrived as CIDR in 1993.
RFC 1918 and the Private Address Economy
RFC 1918 (1996) carved three ranges out of the global address space for unrestricted internal use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. These addresses are never advertised on the public internet. In exchange, every organization can reuse them inside their own network without coordination. The bargain that makes this work is NAT — the gateway box that translates internal private addresses into a public one when traffic crosses to the internet.
Three internal devices with private 192.168.1.x addresses on the left connect through a NAT router in the center, which translates their traffic to a single public IP on the right.
Plain English
Your home router is doing exactly this right now. Your ISP gave you one public IP address (something like 73.84.5.12). Inside your house you have a laptop, a phone, a streaming box, a smart fridge — each got a private address starting with 192.168.. When your phone loads a website, the router stamps the outgoing packet with the public IP, remembers which device asked for it, and reverses the stamp on the reply. The website never learns your phone exists; it only sees your router's public IP.
Engineer note · the M&A horror story
You acquire a company. Both networks use 192.168.1.0/24 for their main LAN. Both have a printer at 192.168.1.10, a file server at 192.168.1.50, and engineering on .100–.200. You try to merge via site-to-site VPN. Nothing reaches the right machine because the routing tables can't distinguish the two networks. Fix: renumber one side onto 10.x or 172.16.x. Why this keeps happening: consumer-router defaults plant 192.168.1.0/24 in every small office in the world. Avoid this prefix in any environment that might ever merge with another.
↑ Try 192.168.1.47 — the analyzer flags it as Private RFC 1918 (192.168/16), Not internet-routable. Then try 73.84.5.12 — flagged as Public, Internet-routable.
CGNAT — The Hidden Fourth Private Range
By 2010, the original RFC 1918 ranges weren't enough for the largest ISPs. The IETF responded with RFC 6598: a fourth private-style range, 100.64.0.0/10, reserved specifically for Carrier-Grade NAT. With CGNAT, multiple subscribers sit behind a single ISP-owned NAT, sharing one public IP between many homes.
Stacked horizontal bands show the path from a customer's device through their home NAT, then the ISP's CGNAT, to the public internet.
Why this matters at 3 a.m.
If your enterprise LAN happens to use 100.64.0.0/10 internally (because someone read “it's private” without reading the RFC), every connection to your own ISP-provided modem will collide. Outbound DNS will fail intermittently. Voice-over-IP will route to the wrong gateway. Diagnosing this takes hours because the symptoms don't point at addressing — they look like flaky DNS or carrier QoS. Never use 100.64/10 on a customer-facing network.
Special Ranges — Why They Matter at 3 a.m.
APIPA (169.254.0.0/16): A host self-assigns from this range when DHCP fails. If your monitoring sees a server with a 169.254 address, you have a DHCP outage, a missing relay, a VLAN misconfig, or a switchport in the wrong access VLAN.
Engineer note · the APIPA tell
3 a.m. page. PagerDuty says the secondary database is offline. You SSH to the host (somehow), and ip -4 addr show returns 169.254.83.12/16 on eth0. That's not a database problem — that's a DHCP problem. The server never got a real lease, so its app is bound to an unroutable address. Check the DHCP server, the relay agent on the upstream switch, and the VLAN access config on the switchport before you touch the database.
Loopback (127.0.0.0/8): Internal to the host. Useful for binding daemons that should never accept external connections. If your load balancer points at 127.0.0.1, your service is unreachable from elsewhere — either deliberate or a misconfig.
Multicast (224.0.0.0/4): Group communication. Routing protocols (OSPF at 224.0.0.5/6, EIGRP at 224.0.0.10), service discovery (mDNS at 224.0.0.251), replication traffic. Routers do not forward multicast by default — PIM, IGMP, and MSDP are required.
Plain English
If a regular IP address is calling one person on the phone, a multicast address is hosting a conference call. Anyone who has “joined the group” gets the same packets at the same time. That's how IPTV, financial market data feeds, and some video conferencing systems deliver one stream to thousands of subscribers without sending it thousands of times separately.
TEST-NET (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24): Documentation-only ranges per RFC 5737. If you ever see one of these in production, someone copy-pasted a tutorial without changing the example values.
Benchmarking (198.18.0.0/15): Reserved per RFC 2544 for testing routing and switching hardware throughput and latency. Lab-only.
Broadcast (255.255.255.255): Limited-scope broadcast. Used by DHCP DISCOVER, BOOTP, and a handful of legacy auto-discovery protocols. Routers drop it by default.
Unspecified (0.0.0.0): Context-dependent. As a destination, it means "default route" (or "any" in some socket APIs). As a source, it usually means "I don't have an address yet" (DHCP DISCOVER source).
↑ Try each one in the analyzer — the operational-context callout in the result panel explains when you'll see this address in the wild.
CIDR — The Model That Actually Runs the Internet
CIDR (RFC 4632) replaced classful routing in 1993. The shift was conceptual: instead of the first octet implying the prefix length, the prefix length is explicit (/24, /16, /22) and can be any value from 0 to 32. This enabled route aggregation — an ISP can advertise 203.0.113.0/22 as a single BGP entry covering four contiguous /24s, instead of four separate routes.
Left side shows three large blocks representing the only available prefix sizes under classful. Right side shows many flexible blocks of arbitrary size representing CIDR.
Packet routing — NAT vs CGNAT
A packet from your laptop to a public endpoint traverses one NAT in a typical home or small office. When your ISP places you behind Carrier-Grade NAT, that becomes two NATs in series — and inbound port forwarding stops being possible from the customer side.
For the engineer
CGNAT was the IPv4 stopgap when RIRs ran out of free /8 allocations
around 2011–2015. The carrier reserves a /10 from
RFC 6598
(100.64.0.0/10) for the inside of the carrier NAT. If you are
diagnosing a customer who insists their port forward "isn't working
anymore" and they recently switched ISPs or moved to fiber, run
curl https://ifconfig.me on a host inside their network
and check whether the result is in 100.64.0.0/10 vs their public
provider block. If it is CGNAT, the only path to inbound is a VPN
or tunneling provider — the customer has no way to punch through
the carrier NAT.
This will bite you
Many ISPs do not disclose CGNAT in their marketing or onboarding. Customer-facing speed tests work fine, web browsing works fine, Netflix works fine. The breakage is asymmetric and only affects services the customer hosts. Confirm CGNAT status by comparing "what is my IP" output between an internal host and the ISP's customer portal — if they differ AND the host's IP is in 100.64.0.0/10, the customer is behind CGNAT.
Plain English
Classful addressing was like a clothing store that only sold small, medium, and extra-extra-large. If you wanted a 32 inch waist, you got the extra-extra-large and threw away most of the fabric. CIDR is the same store after they started cutting to exact measurements — you ask for the size you actually need, and the rest stays on the bolt for someone else.
The internet's routing tables are physically possible today because of CIDR. Under classful routing, the global table would have exhausted router memory years ago. For day-to-day engineering, CIDR means: think in prefix lengths, not in classes. A /27 is a /27 whether it sits in former Class A, B, or C space.
Operational reference: CLI cheat sheets
Plaintext quick references for each IPv4 category — covering
ip addr, tcpdump, nmap,
iptables, ip route, and ipcalc
commands scoped to each range. Released to the public domain (CC0 1.0).
Working in dual-stack?
Most modern enterprise networks run IPv4 and IPv6 in parallel — every interface holds both an IPv4 address and one or more IPv6 addresses. Firewall rules don’t auto-translate: a permit-list written for 10.0.0.0/8 has no IPv6 equivalent until you add one, and a host reachable on its IPv4 address may be unreachable on its fe80::/10 link-local. The IPv6 sibling analyzer covers the full IPv6 address landscape with the same engine pattern you see here.
Open the IPv6 Address Analyzer →