How to Search for Data from Specific Subnets
search cancel

How to Search for Data from Specific Subnets


Article ID: 166472


Updated On:


Reporter Reporter-VA


You can customize any report by adding a filter to it.  There are many filters that can be used including filtering on data from a specific subnet,  using the the "Matches mask" option:



Steps to use this feature:

  • Login to reporter using any valid login id.
  • Run a report.
  • Choose "Report Options"
  • Choose the same filter you used to use- Client-Ip, for example.
  • Choose "Matches Mask" on the next drop down.
  • Now type in the network number and mask you wish to search for.  
    • to search for all network numbers that start with
    • to search for all the network numbers that start with 10.1.*.*
    •   to search for all the network numbers that start with   10.*.*.*I
    • You always need to fill out all four numbers regardless of how long your last number is - /8  /16  or /24 .

NOTE:  Any other filtering criteria can be added to this report.  For example, you may wish to add in a specific username here, such as  User -> Is -> , or if you want it to be ANY authenticated user, select the negate filter of User -> Is Not -> -EMPTY-.

Detailed discussion of how CIDR notation works:

With this feature, Reporter allows for the user of CIDR notation.  So, instead of a wildcard such as  10.12.13.*, we now  use a this format - - to search for the same thing.  To search for all numbers in the subnet of 10 we'd use 

This filter allows you to use  C.I.D.R notation to filter for IP addresses in Reporter.  C.I.D.R notation stands for Classless, InterDomain Routing.  Standard IP addresses ( version 4) today  contain four base ten numbers separated by a dot ( .).   For example   In previous versions of Reporter,  to search for a IP address in the database you could only use a wild card search that was limited by the base ten numbering system,  such as 10.1.2.*.  This would give you all the IP addresses that start with 10.1.2. and simplistically speaking all the hosts that reside in the network number 10.1.2. X  

However, in todays routing infrastructure, network numbering rarely, if at all, contains itself to the "dot" boundary  in the IP address. The network number is almost always a number the crosses over this boundary and takes up part of the next number after the dot. Computers  to not "THINK" in terms of the numbers we see in the IP address, they think in terms of a binary number.  So while we see  the computer sees 00000001.00000010.00000011.00000100.   Using a binary number to mask out the network number can, as you can see, cross very over into  our human "dots'..  Each number we see in the IP address is 8 binary digits.  Today, with the use of CIDR notation, we can cross over this boundary by counting the number of binary digits from left to right to be our network mask.   In other words, a CIDR number of 12 would cross over the first number and be 4 binary digits into the second number., but a number of 24 would mask  the entire first three numbers we see in the IP address.

For more information on C.I.D.R see:

 Note 1: You can also use "Does not Match Mask" for addresses you want to exclude from your results.

Note 2: See your network administrator for what masks he/she may be using in their network.