What exactly is the routing table in Windows and Linux, why is it useful and how can we make sense of it?
I’ll answer all these questions today by showing you how to display the routing table on your computer and then showing you what it all means.
You’ll also get a little primer on how basic network communication works. Also, if the differences between IP addresses and MAC addresses ever confused you then you need to read this.
First I just want to mention that routers aren’t the only devices with routing tables. Almost every network connected device that relies on TCP/IP has a routing table because every device needs to know where to send packets.
Here’s how to view the routing table on your Windows or Linux box.
In Linux, you can conjur the routing table with this command:
If you’re on a PC, open the command prompt (press Windows Key + r and enter the word “cmd“) then type the following phrase into the black abyss:
There’s a lot of messy data on the screen but if you pause for a moment you’ll see that it’s actually very organized and coherent.
There are five column of interest here:
- Network Destination
I’m going to break it down but I want to do something different here. Instead of giving you pedantic definition of each column I want you to really grasp what’s going on.
Talk to me
In order for a computer to communicate with another computer (or network device) a few things have to happen.
First, the host, which is another name for your computer, tries to figure out if the destination device (a web server, printer, file server etc..>) is on the same network as the host.
If it’s on the same network it just shoots the frame directly to the destination device; however, if it’s off network it sends out a broadcast message saying
Hey, everyone, what’s the MAC address of the default gateway!?
Everyone on the local network gets the message but only the default gateway replies with its MAC address. Your host adds it as an entry inside its local record known as the ARP cache. This is so the next time it needs to get off the network it doesn’t have to bother everyone by yelling for that MAC address.
So now your packet has found a way off the island out into the inhospitable waters of the interwebs but how does it actually make its way through the internet?
The network packet is like a little boat floating on a MAC address raft.
Every device on the web has both a MAC and IP address. As the packet traverses the internet the IP address is static, it doesn’t change; however, each router replaces the source and destination MAC addresses with new ones.
In other words, the MAC address is like a little boat that transports the packet between router islands. When the packet arrives at the shoreline of one router, the router removes the boat and gives it a new one with it’s MAC address as the source and the next nearest router as the destination MAC.
During packet transmission, both the source and destination IP address never change but the packet is constantly having its old source and destination MAC addresses stripped and added as it moves it’s way from router to router. The MAC is just a temporary means of getting the packet to the next immediate point but the IP address is the big picture: it tells us how to get to the final destination.
Now we know how the packet traverses the web; however, did your computer know that the packet was destined off the local network?
It’s all about the Netmask (Subnet Mask) and Interface columns.
Look back at the ROUTE PRINT output.
The IP address under Interface is your local IP address. It’s the IP address of your network adapter.
But an IP address is never naked. It’s always clothed with a Subnet Mask because without the mask the computer has no way of knowing which network the computer actually lives in.
So the computer compares the binary representations of both the Interface and corresponding Netmask to determine the destination Network.
Notice how some values under Gateway say On-link.
That’s because those destination networks are on the same subnet as my host: In other words, they don’t need to go through a router because their on the same same link as my computer.
Let me show you how the PC knows if a destination network is on its link.
Ones and Zeros Oh yeah!
Let’s talk ones and zero’s for a second…
If we convert the local host IP address, 10.255.77.167, to binary we get:
The number 10 is 00001010 in binary because both 1’s in that binary number represent 8 and 2 respectively and sum to 10.
8 + 2 = 10.
In the same way, the number 255 is all 1’s in binary: 11111111.
Moving across the binary number 11111111 from right to left the first number, the one furthest to the right, represents 2 to the zeroth power which is 1.
The second number is 2 to the 1st power which is 2.
The third number is 2 to the second power with is 4.
The fourth number is 2 to the 3rd power which is 8.
And this keeps going.
So by the time you get to the last number (remember moving from right-to-left) it’s 2 to the 7th power which is 128.
So in the IP address, 10.255.77.167, we get 255 by adding up all those powers of 2.
We have eight 1’s so we have eight powers of two.
So 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255.
This is how binary works.
Let’s do the number 72 real fast which is 01001000 in binary.
Starting from right side moving toward the left we can skip those three zeros. We’ll stop when we hit the first 1.
So the first 1 in 01001000 is in the 2 to the third power place which is 8.
The other 1 is in the 2 to the 6th place which is 64.
64 + 8 is 72.
Okay, enough of the math, I just wanted to show you how computers think of IP addresses because they don’t see decimal numbers like we do. On the contrary, computers think, breath and live the monotonous life zeros and ones.
Finding the right network
Your computer determines if the destination is on the right network by comparing the binary representation of the destination address with the netmask.
We already know the IP address 10.255.77.167 is actually:
00001010 11111111 01001101 10100111
And according to the ROUTE PRINT command the Netmask is showing up as 255.255.248.0.
Here’s what that looks like in binary:
11111111 11111111 11111000 00000000
All the 1’s in the netmask reveals which bits belong to the network portion of the IP address and the zeros show the host portion. The Netmask divides the IP address into two parts: network and host.
If we stack both bits on top of each other we can figure out which network 10.255.77.167 belongs to:
00001010 11111111 01001101 10100111 (10.255.77.167) 11111111 11111111 11111000 00000000 (255.255.248.0)
Starting from the left side and moving right we can do a binary AND operation across each bit to produce the subnetwork.
- 1 AND 1 = 1
- 1 AND 0 = 0.
Looking at the first group of 8 bits:
00001010 which is 10.
The next group of 8 bits is just all 1’s so it’s 255.
Let’s see the third group of 8 bits:
01001000 = 72
The last octet (group of 8 bits) is all zeros so it’s just 0.
The Bottom Line
So we see that our IP address 10.255.77.167 belongs in the 10.255.72.0 network which is our network.
When the host and destination IP are in the same network routing is pretty easy. You can send the data packet directly to the destination IP via the MAC address; however, if it’s on a different network then you need to send the packet to a network device that can find your network resource.
This device is called the default gateway: think of it as your gateway to the internet, it’s the doorway to getting off your local home network to the world wide web.
Using ROUTE PRINT and netstat -rn is useful because occasionally you’ll try every troubleshooting technique under the sun only to realize that your routing table has a corrupt entry or a key entry is missing. These two commands are essential when troubleshooting network communication problems.
Don’t leave home without it lol.