A subnet is a group of IP addresses which are normally on one Ethernet network. The subnet is defined using a subnet mask. This is a mask of bits in the IP address which define the part of the address that two IP addresses must have in common to be considered in the same subnet. As such, all devices on a subnet must have different IP addresses and the same subnet mask in order to work together. You can have more than one subnet on the same actual Ethernet network, but machines on one subnet cannot normally communicate with machines on the other subnet without using an intermediate device (a router) just as if they were in fact on two different networks. This is not a secure way or separating machines though as they could change IP address to fit in with a different subnet. If communicating with a device on the same subnet, an ARP is used to talk to that device directly. If talking to a device on another subnet, then an ARP is used to locate a router which can talk to that other subnet. The first and last addresses in a subnet are special in that they are treated as network and broadcast address and so cannot be used for devices on the subnet. This makes very small subnets (e.g. 4 address blocks) very inefficient.