# Calculate IP Subnets

> IPv4 subnets from CIDR or dotted-decimal masks — network, broadcast, host range, binary/hex/integer IDs, reverse DNS, AWS/Azure/GCP usable host counts.

Live tool: https://lofttools.com/tools/dev-tools/ip-subnet-calculator

Category: Dev Tools

## How it works

1. **Enter IP and mask** — Paste an IPv4 address (network or host) and the subnet mask in CIDR (/24) or dotted-decimal (255.255.255.0) form.
2. **Read the core results** — Network, broadcast, subnet mask, wildcard, host range, class, and type appear instantly.
3. **Expand technical or cloud panels** — Open the Technical details panel for binary / hex / integer / reverse DNS values, or the Cloud panel for AWS / Azure / GCP usable host counts.

## FAQ

### What input formats does the mask field accept?

CIDR in either /24 or plain 24 form, the dotted-decimal subnet mask (255.255.255.0), and the inverse / wildcard mask (0.0.0.255) all resolve to the same prefix.

### How are /31 and /32 networks handled?

A /31 is treated as a point-to-point link per RFC 3021 — both addresses are usable, there is no dedicated broadcast. A /32 is a single host. Usable-host counts reflect these rules.

### Why do AWS, Azure, and GCP show fewer usable hosts than the raw total?

AWS and Azure reserve 5 addresses per subnet (network, gateway, one or two DNS/future, broadcast). GCP reserves 4 (network, gateway, second-to-last, broadcast). The Cloud panel subtracts these and flags subnets that are too small for each provider.

### What is the difference between subnet mask and wildcard mask?

The wildcard mask is the bitwise inverse of the subnet mask. Cisco ACLs and some routing protocols use wildcard form (e.g. 0.0.0.255) where the subnet mask would be 255.255.255.0.

### Can I paste a host address like 192.168.1.100/24?

Yes. Enter the host IP in the address field and /24 in the mask field — the tool derives the network (192.168.1.0), broadcast, and host range automatically and notes that a host address was detected.

## Privacy — what we do not do

This tool runs entirely in the browser via WebAssembly. Your file never reaches a Loft Tools server. Specifically:

- **No upload.** The file bytes load into the browser tab's memory and process on your own CPU. Open DevTools → Network and observe zero outbound requests carrying file data while Calculate IP Subnets runs.
- **No AI training on your file.** Loft does not train models. We could not train on a file we cannot see.
- **No content scanning.** No virus, copyright, or content-moderation pass against your file. The bytes are not accessible to us.
- **No server-side log of file contents, filenames, or EXIF metadata.** Cloudflare edge captures URL and truncated IP for abuse defense (standard CDN behaviour). Cloudflare Web Analytics records anonymous page hits, no cookies, no PII. Nothing about your file content reaches any log.
- **No retention.** Close the tab and the file leaves browser memory. No backups exist on our side because no copy ever existed on our side.
- **No account.** No email, no signup, no auth, no telemetry tied to you.
- **Offline-capable after first visit** (PWA). Once you've loaded a tool, it caches; later sessions work without internet. For high-sensitivity files, run the tool once online to warm the cache, then disconnect before processing.

Compare with upload-based services: each transmits your file to a processing server. Even over HTTPS, each has logs, retention windows, and subpoena exposure. Loft has none of these because the server architecture does not include your file.

## More

- All tools: https://lofttools.com/tools
- Category: https://lofttools.com/tools/dev-tools
- LLM index: https://lofttools.com/llms.txt