How-To 5 min read

How to Check If an IP Address Falls Within a CIDR Block

Determining whether a given IP address belongs to a specific CIDR range is a common task in security analysis, routing, and access control. Here are multiple approaches — manual math, tools, and code.

cidr ip-lookup how-to networking security

Checking whether an IP address falls within a CIDR block is a fundamental networking operation. Security analysts use it when investigating alerts. Firewall engineers use it when writing rules. Developers use it when building access control. There are several ways to perform the check depending on your context.

The Manual Method: Binary AND

To check if IP address A is in CIDR block N/prefix, apply the subnet mask to both addresses and compare the results:

  1. Convert the subnet mask to binary (or compute it from the prefix length)
  2. AND the IP address with the subnet mask
  3. AND the network address with the subnet mask
  4. If the results are equal, the IP is in the block

Example: Is 192.168.1.100 in 192.168.1.0/24?
Mask is 255.255.255.0.
192.168.1.100 AND 255.255.255.0 = 192.168.1.0
192.168.1.0 AND 255.255.255.0 = 192.168.1.0
Equal — yes, the IP is in the block.

Using the CIDR Calculator

The quickest way: enter the CIDR block into the CIDR calculator and compare the resulting network address and broadcast address against your IP. If the IP falls between those two values (inclusive), it is in the block. For the reverse question — "what CIDR blocks contain this IP?" — use the reverse lookup feature at /reverse/192.168.1.100.

Command Line: ipcalc

On Linux/macOS with ipcalc installed:

ipcalc 192.168.1.100 192.168.1.0/24

It reports whether the IP is within the network. The grepcidr tool is also useful for filtering a list of IP addresses against a CIDR block:

echo "192.168.1.100" | grepcidr 192.168.1.0/24

Python

Python's ipaddress module handles this cleanly:

import ipaddress

network = ipaddress.ip_network('192.168.1.0/24')
ip = ipaddress.ip_address('192.168.1.100')
print(ip in network)  # True

PHP

function ipInCidr(string $ip, string $cidr): bool {
    [$network, $bits] = explode('/', $cidr);
    $mask = -1 << (32 - (int)$bits);
    return (ip2long($ip) & $mask) === (ip2long($network) & $mask);
}

Checking Against Cloud Provider Ranges

To check if an IP belongs to AWS, Google Cloud, or Azure, compare it against the published CIDR lists. Our AWS IP ranges page and GCP IP ranges page list all current prefixes. Programmatically, download the provider's JSON feed and iterate through all prefixes using the Python or PHP approach above.