
function ConvertToNetwork {
        Converts IP address formats to a set a known styles.
        ConvertToNetwork ensures consistent values are recorded from parameters which must handle differing addressing formats. This Cmdlet allows all other the other functions in this module to offload parameter handling.
        Change log:
            05/03/2016 - Chris Dent - Refactored and simplified.
            14/01/2014 - Chris Dent - Created.

    param (
        # Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
        [Parameter(Mandatory = $true, Position = 1)]

        # A subnet mask as an IP address.
        [Parameter(Position = 2)]

    $validSubnetMaskValues =
        "", "", "",
        "", "", "", "",
        "", "", "", "",
        "", "", "", "",
        "", "", "", "",
        "", "", "", "",
        "", "", "", "",
        "", "", "", "",
        "", ""

    $network = [PSCustomObject]@{
        IPAddress  = $null
        SubnetMask = $null
        MaskLength = 0
        PSTypeName = 'Indented.Net.IP.Network'

    # Override ToString
    $network | Add-Member ToString -MemberType ScriptMethod -Force -Value {
        '{0}/{1}' -f $this.IPAddress, $this.MaskLength

    if (-not $psboundparameters.ContainsKey('SubnetMask') -or $SubnetMask -eq '') {
        $IPAddress, $SubnetMask = $IPAddress.Split([Char[]]'\/ ', [StringSplitOptions]::RemoveEmptyEntries)

    # IPAddress

    while ($IPAddress.Split('.').Count -lt 4) {
        $IPAddress += '.0'

    if ([IPAddress]::TryParse($IPAddress, [Ref]$null)) {
        $network.IPAddress = [IPAddress]$IPAddress
    } else {
        $errorRecord = [System.Management.Automation.ErrorRecord]::new(
            [ArgumentException]'Invalid IP address.',

    # SubnetMask

    if ($null -eq $SubnetMask -or $SubnetMask -eq '') {
        $network.SubnetMask = [IPAddress]$validSubnetMaskValues[32]
        $network.MaskLength = 32
    } else {
        $maskLength = 0
        if ([Int32]::TryParse($SubnetMask, [Ref]$maskLength)) {
            if ($MaskLength -ge 0 -and $maskLength -le 32) {
                $network.SubnetMask = [IPAddress]$validSubnetMaskValues[$maskLength]
                $network.MaskLength = $maskLength
            } else {
                $errorRecord = [System.Management.Automation.ErrorRecord]::new(
                    [ArgumentException]'Mask length out of range (expecting 0 to 32).',
        } else {
            while ($SubnetMask.Split('.').Count -lt 4) {
                $SubnetMask += '.0'
            $maskLength = $validSubnetMaskValues.IndexOf($SubnetMask)

            if ($maskLength -ge 0) {
                $Network.SubnetMask = [IPAddress]$SubnetMask
                $Network.MaskLength = $maskLength
            } else {
                $errorRecord = [System.Management.Automation.ErrorRecord]::new(
                    [ArgumentException]'Invalid subnet mask.',


function ConvertFrom-HexIP {
        Converts a hexadecimal IP address into a dotted decimal string.
        ConvertFrom-HexIP takes a hexadecimal string and returns a dotted decimal IP address. An intermediate call is made to ConvertTo-DottedDecimalIP.
        ConvertFrom-HexIP c0a80001
        Returns the IP address

    param (
        # An IP Address to convert.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

    process {
        [IPAddress][UInt64][Convert]::ToUInt32($IPAddress, 16)

function ConvertTo-BinaryIP {
        Converts a Decimal IP address into a binary format.
        ConvertTo-BinaryIP uses System.Convert to switch between decimal and binary format. The output from this function is dotted binary.
        Convert an IP address to a binary format.

    param (
        # An IP Address to convert.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

    process {
        $binary = foreach ($byte in $IPAddress.GetAddressBytes()) {
            [Convert]::ToString($byte, 2).PadLeft(8, '0')
        $binary -join '.'

function ConvertTo-DecimalIP {
        Converts a Decimal IP address into a 32-bit unsigned integer.
        ConvertTo-DecimalIP takes a decimal IP, uses a shift operation on each octet and returns a single UInt32 value.
        Converts an IP address to an unsigned 32-bit integer value.

    param (
        # An IP Address to convert.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline )]

    process {
        [UInt32]([IPAddress]::HostToNetworkOrder($IPAddress.Address) -shr 32 -band [UInt32]::MaxValue)

function ConvertTo-DottedDecimalIP {
        Converts either an unsigned 32-bit integer or a dotted binary string to an IP Address.
         ConvertTo-DottedDecimalIP uses a regular expression match on the input string to convert to an IP address.
        ConvertTo-DottedDecimalIP 11000000.10101000.00000000.00000001
        Convert the binary form back to dotted decimal, resulting in
        ConvertTo-DottedDecimalIP 3232235521
        Convert the decimal form back to dotted decimal, resulting in

    param (
        # A string representation of an IP address from either UInt32 or dotted binary.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

    process {
        try {
            [Int64]$value = 0
            if ([Int64]::TryParse($IPAddress, [Ref]$value)) {
                return [IPAddress]([IPAddress]::NetworkToHostOrder([Int64]$value) -shr 32 -band [UInt32]::MaxValue)
            } else {
                [IPAddress][UInt64][Convert]::ToUInt32($IPAddress.Replace('.', ''), 2)
        } catch {
            $errorRecord = [System.Management.Automation.ErrorRecord]::new(
                [ArgumentException]'Cannot convert this format.',
            Write-Error -ErrorRecord $errorRecord

function ConvertTo-HexIP {
        Convert a dotted decimal IP address into a hexadecimal string.
        ConvertTo-HexIP takes a dotted decimal IP and returns a single hexadecimal string value.
    .PARAMETER IPAddress
        An IP Address to convert.
        Returns the hexadecimal string c0a80001.

    param (
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

    process {
        $bytes = $IPAddress.GetAddressBytes()
        '{0:x8}' -f [BitConverter]::ToUInt32($bytes, 0)

function ConvertTo-Mask {
        Convert a mask length to a dotted-decimal subnet mask.
        ConvertTo-Mask returns a subnet mask in dotted decimal format from an integer value ranging between 0 and 32.
        ConvertTo-Mask creates a binary string from the length, converts the string to an unsigned 32-bit integer then calls ConvertTo-DottedDecimalIP to complete the operation.
        ConvertTo-Mask 24
        Returns the dotted-decimal form of the mask,

    param (
        # The number of bits which must be masked.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]
        [ValidateRange(0, 32)]

    process {
        [IPAddress][UInt64][Convert]::ToUInt32(('1' * $MaskLength).PadRight(32, '0'), 2)

function ConvertTo-MaskLength {
        Convert a dotted-decimal subnet mask to a mask length.
        A count of the number of 1's in a binary string.
        Returns 24, the length of the mask in bits.

    param (
        # A subnet mask to convert into length.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

    process {
        [Convert]::ToString([IPAddress]::HostToNetworkOrder($SubnetMask.Address), 2).Replace('0', '').Length

function ConvertTo-Subnet {
        Convert a start and end IP address to the closest matching subnet.
        ConvertTo-Subnet attempts to convert a starting and ending IP address from a range to the closest subnet.
        ConvertTo-Subnet -Start -End
        ConvertTo-Subnet -Start -End

    [CmdletBinding(DefaultParameterSetName = 'FromIPAndMask')]
    param (
        # Any IP address in the subnet.
        [Parameter(Mandatory, Position = 1, ParameterSetName = 'FromIPAndMask')]

        # A subnet mask.
        [Parameter(Position = 2, ParameterSetName = 'FromIPAndMask')]

        # The first IP address from a range.
        [Parameter(Mandatory, ParameterSetName = 'FromStartAndEnd')]

        # The last IP address from a range.
        [Parameter(Mandatory, ParameterSetName = 'FromStartAndEnd')]

    if ($pscmdlet.ParameterSetName -eq 'FromIPAndMask') {
        try {
            $network = ConvertToNetwork @psboundparameters
        } catch {
    } elseif ($pscmdlet.ParameterSetName -eq 'FromStartAndEnd') {
        if ($Start -eq $End) {
            $MaskLength = 32
        } else {
            $DecimalStart = ConvertTo-DecimalIP $Start
            $DecimalEnd = ConvertTo-DecimalIP $End

            if ($DecimalEnd -lt $DecimalStart) {
                $Start = $End

            # Find the point the binary representation of each IP address diverges
            $i = 32
            do {
            } until (($DecimalStart -band ([UInt32]1 -shl $i)) -ne ($DecimalEnd -band ([UInt32]1 -shl $i)))

            $MaskLength = 32 - $i - 1

        try {
            $network = ConvertToNetwork $Start $MaskLength
        } catch {

    $hostAddresses = [Math]::Pow(2, (32 - $network.MaskLength)) - 2
    if ($hostAddresses -lt 0) {
        $hostAddresses = 0

    $subnet = [PSCustomObject]@{
        NetworkAddress   = Get-NetworkAddress $network.ToString()
        BroadcastAddress = Get-BroadcastAddress $network.ToString()
        SubnetMask       = $network.SubnetMask
        MaskLength       = $network.MaskLength
        HostAddresses    = $hostAddresses
        PSTypeName       = 'Indented.Net.IP.Subnet'

    $subnet | Add-Member ToString -MemberType ScriptMethod -Force -Value {
        return '{0}/{1}' -f $this.NetworkAddress, $this.MaskLength


function Get-BroadcastAddress {
        Get the broadcast address for a network range.
        Get-BroadcastAddress returns the broadcast address for a subnet by performing a bitwise AND operation against the decimal forms of the IP address and inverted subnet mask.
        Returns the address
        Get-BroadcastAddress 10.0.9/22
        Returns the address
        Get-BroadcastAddress 0/0
        Returns the address
        Get-BroadcastAddress ""
        Input values are automatically split into IP address and subnet mask. Returns the address

    param (
        # Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

        # A subnet mask as an IP address.
        [Parameter(Position = 2)]

    process {
        try {
            $network = ConvertToNetwork @psboundparameters

            $networkAddress = [IPAddress]($network.IPAddress.Address -band $network.SubnetMask.Address)

            return [IPAddress](
                $networkAddress.Address -bor
                -bnot $network.SubnetMask.Address -band
                -bnot ([Int64][UInt32]::MaxValue -shl 32)
        } catch {
            Write-Error -ErrorRecord $_

function Get-NetworkAddress {
        Get the network address for a network range.
        Get-NetworkAddress returns the network address for a subnet by performing a bitwise AND operation against the decimal forms of the IP address and subnet mask.
    .PARAMETER IPAddress
        Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
    .PARAMETER SubnetMask
        A subnet mask as an IP address.
        Returns the address
        Get-NetworkAddress 10.0.9/22
        Returns the address
        Get-NetworkAddress ""
        Input values are automatically split into IP address and subnet mask. Returns the address

    param (
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

        [Parameter(Position = 2)]

    process {
        try {
            $network = ConvertToNetwork @psboundparameters

            return [IPAddress]($network.IPAddress.Address -band $network.SubnetMask.Address)
        } catch {
            Write-Error -ErrorRecord $_

function Get-NetworkRange {
        Get a list of IP addresses within the specified network.
        Get-NetworkRange finds the network and broadcast address as decimal values then starts a counter between the two, returning IPAddress for each.
        Returns all IP addresses in the range
        Returns all IP addresses in the range

    [CmdletBinding(DefaultParameterSetName = 'FromIPAndMask')]
    param (
        # Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline, ParameterSetName = 'FromIPAndMask')]

        # A subnet mask as an IP address.
        [Parameter(Position = 2, ParameterSetName = 'FromIPAndMask')]

        # Include the network and broadcast addresses when generating a network address range.
        [Parameter(ParameterSetName = 'FromIPAndMask')]

        # The start address of a range.
        [Parameter(Mandatory, ParameterSetName = 'FromStartAndEnd')]

        # The end address of a range.
        [Parameter(Mandatory, ParameterSetName = 'FromStartAndEnd')]

    process {
        try {
            $null = $psboundparameters.Remove('IncludeNetworkAndBroadcast')
            $network = ConvertToNetwork @psboundparameters
        } catch {

        if ($pscmdlet.ParameterSetName -eq 'FromIPAndMask') {
            $decimalIP = ConvertTo-DecimalIP $network.IPAddress
            $decimalMask = ConvertTo-DecimalIP $network.SubnetMask

            $startDecimal = $decimalIP -band $decimalMask
            $endDecimal = $decimalIP -bor (-bnot $decimalMask -band [UInt32]::MaxValue)

            if (-not $IncludeNetworkAndBroadcast) {
        } else {
            $startDecimal = ConvertTo-DecimalIP $Start
            $endDecimal = ConvertTo-DecimalIP $End

        for ($i = $startDecimal; $i -le $endDecimal; $i++) {
            [IPAddress]([IPAddress]::NetworkToHostOrder([Int64]$i) -shr 32 -band [UInt32]::MaxValue)

function Get-NetworkSummary {
        Generates a summary describing several properties of a network range
        Get-NetworkSummary uses many of the IP conversion commands to provide a summary of a network range from any IP address in the range and a subnet mask.
        Get-NetworkSummary 0/0

    param (
        # Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline)]

        # A subnet mask as an IP address.
        [Parameter(Position = 2)]

    process {
        try {
            $network = ConvertToNetwork @psboundparameters
        } catch {
            throw $_

        $decimalIP = ConvertTo-DecimalIP $Network.IPAddress
        $decimalMask = ConvertTo-DecimalIP $Network.SubnetMask
        $decimalNetwork =  $decimalIP -band $decimalMask
        $decimalBroadcast = $decimalIP -bor (-bnot $decimalMask -band [UInt32]::MaxValue)

        $networkSummary = [PSCustomObject]@{
            NetworkAddress    = $networkAddress = ConvertTo-DottedDecimalIP $decimalNetwork
            NetworkDecimal    = $decimalNetwork
            BroadcastAddress  = ConvertTo-DottedDecimalIP $decimalBroadcast
            BroadcastDecimal  = $decimalBroadcast
            Mask              = $network.SubnetMask
            MaskLength        = $maskLength = ConvertTo-MaskLength $network.SubnetMask
            MaskHexadecimal   = ConvertTo-HexIP $network.SubnetMask
            CIDRNotation      = '{0}/{1}' -f $networkAddress, $maskLength
            HostRange         = ''
            NumberOfAddresses = $decimalBroadcast - $decimalNetwork + 1
            NumberOfHosts     = $decimalBroadcast - $decimalNetwork - 1
            Class             = ''
            IsPrivate         = $false
            PSTypeName        = 'Indented.Net.IP.NetworkSummary'

        if ($networkSummary.NumberOfHosts -lt 0) {
            $networkSummary.NumberOfHosts = 0
        if ($networkSummary.MaskLength -lt 31) {
            $networkSummary.HostRange = '{0} - {1}' -f @(
                (ConvertTo-DottedDecimalIP ($decimalNetwork + 1))
                (ConvertTo-DottedDecimalIP ($decimalBroadcast - 1))

        $networkSummary.Class = switch -regex (ConvertTo-BinaryIP $network.IPAddress) {
            '^1111'               { 'E'; break }
            '^1110'               { 'D'; break }
            '^11000000\.10101000' { if ($networkSummary.MaskLength -ge 16) { $networkSummary.IsPrivate = $true } }
            '^110'                { 'C'; break }
            '^10101100\.0001'     { if ($networkSummary.MaskLength -ge 12) { $networkSummary.IsPrivate = $true } }
            '^10'                 { 'B'; break }
            '^00001010'           { if ($networkSummary.MaskLength -ge 8) { $networkSummary.IsPrivate = $true} }
            '^0'                  { 'A'; break }


function Get-Subnet {
        Get a list of subnets of a given size within a defined supernet.
        Generates a list of subnets for a given network range using either the address class or a user-specified value.
        Get-Subnet -NewSubnetMask
        Four /26 networks are returned.
        Get-Subnet 0/22 -NewSubnetMask 24
        64 /24 networks are returned.
        Change log:
            07/03/2016 - Chris Dent - Cleaned up code, added tests.
            12/12/2015 - Chris Dent - Redesigned.
            13/10/2011 - Chris Dent - Created.

    param (
        # Any address in the super-net range. Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
        [Parameter(Mandatory = $true, Position = 1)]

        # The subnet mask of the network to split. Mandatory if the subnet mask is not included in the IPAddress parameter.
        [Parameter(Position = 2)]

        # Split the existing network described by the IPAddress and subnet mask using this mask.
        [Parameter(Mandatory = $true)]

    $null = $psboundparameters.Remove('NewSubnetMask')
    try {
        $network = ConvertToNetwork @psboundparameters
        $newNetwork = ConvertToNetwork 0 $NewSubnetMask
    } catch {

    if ($network.MaskLength -gt $newNetwork.MaskLength) {
        $errorRecord = [System.Management.Automation.ErrorRecord]::new(
            [ArgumentException]'The subnet mask of the new network is shorter (masks fewer addresses) than the subnet mask of the existing network.',

    $numberOfNets = [Math]::Pow(2, ($newNetwork.MaskLength - $network.MaskLength))
    $numberOfAddresses = [Math]::Pow(2, (32 - $newNetwork.MaskLength))

    $decimalAddress = ConvertTo-DecimalIP (Get-NetworkAddress $network.ToString())
    for ($i = 0; $i -lt $numberOfNets; $i++) {
        $networkAddress = ConvertTo-DottedDecimalIP $decimalAddress

        ConvertTo-Subnet -IPAddress $networkAddress -SubnetMask $newNetwork.MaskLength

        $decimalAddress += $numberOfAddresses

function Test-SubnetMember {
        Tests an IP address to determine if it falls within IP address range.
        Test-SubnetMember attempts to determine whether or not an address or range falls within another range. The network and broadcast address are calculated the converted to decimal then compared to the decimal form of the submitted address.
        Test-SubnetMember -SubjectIPAddress -ObjectIPAddress
        Returns true as the subject network can be contained within the object network.
        Test-SubnetMember -SubjectIPAddress -ObjectIPAddress
        Returns false as the subject network is larger the object network.
        Test-SubnetMember -SubjectIPAddress -ObjectIPAddress
        Returns true as the subject IP address is within the object network.
        Test-SubnetMember -SubjectIPAddress -ObjectIPAddress 0/0
        Returns true as the subject IP address is the last in the object network range.

    param (
        # A representation of the subject, the network to be tested. Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
        [Parameter(Mandatory, Position = 1)]

        # A representation of the object, the network to test against. Either a literal IP address, a network range expressed as CIDR notation, or an IP address and subnet mask in a string.
        [Parameter(Mandatory, Position = 2)]

        # A subnet mask as an IP address.

        # A subnet mask as an IP address.

    try {
        $subjectNetwork = ConvertToNetwork $SubjectIPAddress $SubjectSubnetMask
        $objectNetwork = ConvertToNetwork $ObjectIPAddress $ObjectSubnetMask
    } catch {
        throw $_

    # A simple check, if the mask is shorter (larger network) then it won't be a subnet of the object anyway.
    if ($subjectNetwork.MaskLength -lt $objectNetwork.MaskLength) {
        return $false

    $subjectDecimalIP = ConvertTo-DecimalIP $subjectNetwork.IPAddress
    $objectDecimalNetwork = ConvertTo-DecimalIP (Get-NetworkAddress $objectNetwork)
    $objectDecimalBroadcast = ConvertTo-DecimalIP (Get-BroadcastAddress $objectNetwork)

    # If the mask is longer (smaller network), then the decimal form of the address must be between the
    # network and broadcast address of the object (the network we test against).
    if ($subjectDecimalIP -ge $objectDecimalNetwork -and $subjectDecimalIP -le $objectDecimalBroadcast) {
        return $true
    } else {
        return $false