Friday, May 27, 2011

Dissecting the Windows Routing Table


Windows IP Configuration

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :

C:\>route print or netstat –r
Network Destination        Netmask          Gateway       Interface  Metric
1       1
2       1
3       20
4       20
5       20
6       20
7       1
Default Gateway:

Gateway is the IP address of the next-hop router inbound interface.
Interface is the IP address of the local router outbound interface.
Metric is the distance to a remote (or destination) network. If there are multiple routes to a same network, the route with the lowest metric will be used to forward packets to the network.

Generally, gateway and interface reside in the same subnet.

Below describes all the routes displayed in the routing table above:
1) Default route or default gateway.
2) Loopback network – destine all packets to the network to itself (
3) Route to local network – the directly attached network.
4) Route to local host (, which is identified as a host route.
5) Route to directed broadcast, the broadcast which is sent to all hosts of a particular subnet or a group of subnets. It is identified as a host route. May be forwarded by a router (normally the default gateway) configured with the ip directed-broadcast interface subcommand.
6) Route to multicast networks.
7) Route to flooded / limited broadcast, the local broadcast within a subnet. It is identified as a host route. Normally sent by hosts that do not know their network numbers and addresses and are querying some servers for those information (eg: DHCP). May be forwarded by routers with the ip helper-address {ip-addr} interface subcommand.
Note: Host routes are destinations with the subnet mask of

Below shows the command syntax for adding a [persistent] route:
route [-p] add {dest-net-addr} mask {netmask} {gw-ip-addr} [metric {metric}]

Below shows the command syntax for deleting or removing an existing [persistent] route:
route delete {dest-net-addr} [mask {netmask} [gw-ip-addr]]

No comments:

Post a Comment