Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

How to display the routing table in Windows and Linux - fixedByVonnie

How to display the routing table in Windows and Linux

What exactly is the routing table in Windows and Linux, why is it useful and how can we make sense of it?

I’ll answer all these questions today by showing you how to display the routing table on your computer and then showing you what it all means.

You’ll also get a little primer on how basic network communication works.  Also, if the differences between IP addresses and MAC addresses ever confused you then you need to read this.

First I just want to mention that routers aren’t the only devices with routing tables.  Almost every network connected device that relies on TCP/IP has a routing table because every device needs to know where to send packets.

Here’s how to view the routing table on your Windows or Linux box.

In Linux, you can conjur the routing table with this command:

netstat -rn

View routing table in Linux

If you’re on a PC, open the command prompt (press Windows Key + r and enter the word “cmd“) then type the following phrase into the black abyss:

route print

There’s a lot of messy data on the screen but if you pause for a moment you’ll see that it’s actually very organized and coherent.

Route Print Windows 8.1 Routing Table

There are five column of interest here:

  • Network Destination
  • Netmask
  • Gateway
  • Interface
  • Metric

I’m going to break it down but I want to do something different here.  Instead of giving you pedantic definition of each column I want you to really grasp what’s going on.

Talk to me

In order for a computer to communicate with another computer (or network device) a few things have to happen.

First, the host, which is another name for your computer, tries to figure out if the destination device (a web server, printer, file server etc..>) is on the same network as the host.

If it’s on the same network it just shoots the frame directly to the destination device; however, if it’s off network it sends out a broadcast message saying

Hey, everyone, what’s the MAC address of the default gateway!?

Everyone on the local network gets the message but only the default gateway replies with its MAC address.  Your host adds it as an entry inside its local record known as the ARP cache.  This is so the next time it needs to get off the network it doesn’t have to bother everyone by yelling for that MAC address.

So now your packet has found a way off the island out into the inhospitable waters of the interwebs but how does it actually make its way through the internet?

The network packet is like a little boat floating on a MAC address raft.

Every device on the web has both a MAC and IP address.  As the packet traverses the internet the IP address is static, it doesn’t change; however, each router replaces the source and destination MAC addresses with new ones.

In other words, the MAC address is like a little boat that transports the packet between router islands.  When the packet arrives at the shoreline of one router, the router removes the boat and gives it a new one with it’s MAC address as the source and the next nearest router as the destination MAC.

During packet transmission, both the source and destination IP address never change but the packet is constantly having its old source and destination MAC addresses stripped and added as it moves it’s way from router to router.  The MAC is just a temporary means of getting the packet to the next immediate point but the IP address is the big picture: it tells us how to get to the final destination.

Bombastic binary

Now we know how the packet traverses the web; however, did your computer know that the packet was destined off the local network?

It’s all about the Netmask (Subnet Mask) and Interface columns.

Look back at the ROUTE PRINT output.

Route Print Windows 8.1 Routing Table

The IP address under Interface is your local IP address.  It’s the IP address of your network adapter.

But an IP address is never naked. It’s always clothed with a Subnet Mask because without the mask the computer has no way of knowing which network the computer actually lives in.

So the computer compares the binary representations of both the Interface and corresponding Netmask to determine the destination Network.

Notice how some values under Gateway say On-link.

That’s because those destination networks are on the same subnet as my host:  In other words, they don’t need to go through a router because their on the same same link as my computer.

Let me show you how the PC knows if a destination network is on its link.

Ones and Zeros Oh yeah!

Let’s talk ones and zero’s for a second…

If we convert the local host IP address,, to binary we get:

  • 00001010
  • 11111111
  • 01001101
  • 10100111

The number 10 is 00001010 in binary because both 1’s in that binary number represent 8 and 2 respectively and sum to 10.

8 + 2 = 10.

In the same way, the number 255 is all 1’s in binary: 11111111.

Moving across the binary number 11111111 from right to left the first number, the one furthest to the right, represents 2 to the zeroth power which is 1.

The second number is 2 to the 1st power which is 2.


The third number is 2 to the second power with is 4.


The fourth number is 2 to the 3rd power which is 8.


And this keeps going.

So by the time you get to the last number (remember moving from right-to-left) it’s 2 to the 7th power which is 128.


So in the IP address,, we get 255 by adding up all those powers of 2.

We have eight 1’s so we have eight powers of two.


So 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255.

This is how binary works.

Let’s do the number 72 real fast which is 01001000 in binary.

Starting from right side moving toward the left we can skip those three zeros. We’ll stop when we hit the first 1.

So the first 1 in 01001000 is in the 2 to the third power place which is 8.

The other 1 is in the 2 to the 6th place which is 64.

64 + 8 is 72.

Okay, enough of the math, I just wanted to show you how computers think of IP addresses because they don’t see decimal numbers like we do.  On the contrary, computers think, breath and live the monotonous life zeros and ones.

Finding the right network

Your computer determines if the destination is on the right network by comparing the binary representation of the destination address with the netmask.

We already know the IP address is actually:

00001010 11111111 01001101 10100111

And according to the ROUTE PRINT command the Netmask is showing up as

Here’s what that looks like in binary:

11111111 11111111 11111000 00000000

All the 1’s in the netmask reveals which bits belong to the network portion of the IP address and the zeros show the host portion.  The Netmask divides the IP address into two parts: network and host.

If we stack both bits on top of each other we can figure out which network belongs to:

00001010 11111111 01001101 10100111 (
11111111 11111111 11111000 00000000 (

Starting from the left side and moving right we can do a binary AND operation across each bit to produce the subnetwork.

  • 1 AND 1 = 1
  • 1 AND 0 = 0.

Looking at the first group of 8 bits:


00001010 which is 10.

The next group of 8 bits is just all 1’s so it’s 255.

Let’s see the third group of 8 bits:


01001000 = 72

The last octet (group of 8 bits) is all zeros so it’s just 0.

The Bottom Line

So we see that our IP address belongs in the network which is our network.

When the host and destination IP are in the same network routing is pretty easy.  You can send the data packet directly to the destination IP via the MAC address; however, if it’s on a different network then you need to send the packet to a network device that can find your network resource.

This device is called the default gateway: think of it as your gateway to the internet, it’s the doorway to getting off your local home network to the world wide web.

Using ROUTE PRINT and netstat -rn is useful because occasionally you’ll try every troubleshooting technique under the sun only to realize that your routing table has a corrupt entry or a key entry is missing.  These two commands are essential when troubleshooting network communication problems.

Don’t leave home without it lol.


Connect with Vonnie on Twitter

Posted in Linux, Windows, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: ,
  • Headshot

    Great piece. You couldnt have explained it any better

  • Relacsincaféconleche

    Thank you very much, Vonnie.