8/6/2019 Making Sense of Windows Routing Tables

1/5

Making Sense of Windows Routing Tables

Its amazing the way that time can go by. People tend to think of computers as being high tech,

but the TCP/IP protocol has been around in one form or another for over three decades. As such,

TCP/IP has had time to really mature and be made stable and reliable. When it comes tocomputers, nothing is foolproof though. When routing packets across a network, things do

occasionally go wrong. In these situations, it is helpful to be familiar with the Windows routingtables. Routing tables dictate the flow of packets from the machine in question. In this article, I

will show you how to view the Windows routing tables and how to make sense of the data that is

contained within it.

Viewing the Routing Tables

The routing tables are an important part of Windows TCP/IP protocol stack, but they arentsomething that the operating system normally displays to the casual user. If you want to see the

routing tables, you will have to open a Command Prompt window and then enter the ROUTEPRINT command. Upon doing so, you will see a screen similar to the one thats shown in Figure

A.

Figure A: This is what the Windows routing tables look like

Before I delve into the routing tables, I recommend entering another command into theCommand Prompt window. The command is:

IPCONFIG /ALL

The reason why I am recommending that you use the IPCONFIG /ALL command is because itshows you how TCP/IP is really setup on the machine. Sure, you could look in the TCP/IP

section of the network adapters properties sheet, but the information is more reliable if you get it

8/6/2019 Making Sense of Windows Routing Tables

2/5

from IPCONFIG. I have seen a couple of instances over the years in which IPCONFIG reportedcompletely different information than what was entered into the machines TCP/IP configuration

screen. This doesnt happen often, but if the right type of error occurs you can experience this

type of mismatch. To put it bluntly, the information thats keyed into the TCP/IP properties sheetreflects how you would like Windows to set up the TCP/IP protocol for the choosen network.

The information presented by IPCONFIG shows how Windows has actually configured theprotocol.

Even if you havent had some bizarre Windows error, its still useful to get your configuration

information through IPCONFIG. If a machine has multiple network cards, it can be tough to

remember which configuration is bound to which card. IPCONFIG lists the various

configurations in an easy to read, per NIC basis, as shown in Figure B.

Figure B: The IPCONFIG /ALL displays the machines TCP/IP configuration on a per NIC

basis

Examining the Routing Tables

Right about now you might be wondering why I had you to do an IPCONFIG /ALL, when this

article is supposed to be discussing routing tables. The reason for this is that normally you never

even look at the routing tables unless you are having problems with your machine. If you arehaving problems, then the best place to start the troubleshooting process is to compare the

information provided by IPCONFIG to the information stored in the routing tables.

As you saw in Figure B, the IPCONFIG /ALL screen displayed some basic TCP/IP informationsuch as the IP address, the default gateway, etc. The routing tables arent quite as intuitive

though. Therefore, I want to take some time to discuss how to read the routing tables and what

the information in the tables mean.

8/6/2019 Making Sense of Windows Routing Tables

3/5

In order to understand what the information in these columns mean, you need to understand alittle bit about how a router works. A routers job is to facilitate moving traffic from one network

to another. As such, a router will contain multiple network interface cards, each connected to a

different network segment.

When a user sends a packet thats destined for a different network segment than the one that thePC is presently attached to, the packet is sent to the router. It is up to the router to figure out

which network segment the packet should be forwarded to. It doesnt matter if the router isconnected to two network segments or a dozen. The decision making process is the same, and

its all based on routing tables.

If you look at the Route Print screen, you will notice that the routing tables are divided into five

different columns. The first column is the network destination column. This column lists all ofthe network segments that the router is attached to. The Netmask column provides the subnet

mask not of the network interface thats attached to the segment, but of the segment itself. This

basically allows the router to determine the address class for the destination network.

The third column is the gateway column. Once the router has determined which destination

network it needs to send the packet to, it looks at the gateway listing. The gateway listing tellsthe router which IP address the packet should be forwarded through in order to reach the

destination network.

The Interface column tells the router which NIC is connected to the appropriate destinationnetwork. Technically, the interface column only tells the router the IP address that has been

assigned to the NIC that connects the router to the destination network. However, the router is

smart enough to know which physical interface the address has been bound to.

The final column in the routing table is the Metric column. Metrics are a science in themselves,but I will try to give you a brief explanation of what they do. The best way that I have ever heard

metrics explained is in terms of an airport. Imagine for a moment that I needed to fly from

Charlotte, NC (the closest major airport to my home in South Carolina) to Miami, Florida. Beingthat the Charlotte airport is pretty big, I have a lot of choices of how I could get to Miami Beach.

I could hop a North West Airlines flight. It would take me to Detroit Michigan and then down to

Miami (Detroit is a bit out of the way). Likewise, I could hop a Continental Airlines flight thatwould take me to Houston, TX, and then to Miami. Another option would be to just take a US

Airways flight nonstop to Miami. So which airline should I take?

In real life, there are a lot of factors to consider such as the price of the ticket and the departuretimes, but lets assume that everything was equal. If there were no differences between the

airlines other than the route, then I would fly the airline that makes the fewest stops. It would get

me to my destination more quickly, and since there are fewer stops, there would be less chance

of having a problem with my connection, lost luggage, and things like that.

Routing works the same way. Many times, there is more than one way that a router could send apacket. In such a case, it makes sense to send the packet along the shortest (or most reliable)

path. This is where the metrics come into play. Windows does not even look at metrics unless

8/6/2019 Making Sense of Windows Routing Tables

4/5

there are multiple paths to a destination. If there are multiple paths though, Windows checks themetrics to determine the shortest route. This is an over simplified explanation, but it gets the

point across.

Additional Routing Options

Earlier, I showed you the Route Print command, but there are actually a lot of other things that

you can do with the ROUTE command. The ROUTE commands syntax is as follows:

ROUTE [-f] [-p] [command [destination] []

The f switch is optional. This switch tells Windows to clear the routing table of all gateway

entries. If the f switch is used in conjunction with other commands then all gateway entries will

be cleared prior to executing other instructions within the command.

The p switch makes a specified route persistent. Normally, when a server is rebooted then any

routes that you specify via the ROUTE command are removed. The p switch tells Windows tokeep the route even if the system is rebooted.

The command portion of the ROUTE commands syntax is relatively simple. The command setconsists of four options PRINT, ADD, DELETE, and CHANGE. Ive already shown you the

ROUTE PRINT command, but even the ROUTE PRINT command has other options. For

example, you can use wild cards with this command. For instance, if you only wanted to print

routes pertaining to the 192.x.x.x subnet, you could use the command ROUTE PRINT 192*.

The ROUTE DELETE command works very similarly to the ROUTE Print command. Simply

enter the ROUTE DELETE command followed by the destination or the gateway that you want

to delete from the routing table. For example, if you wanted to remove the 192.0.0.0 gateway,you could enter the command ROUTE DELETE 192.0.0.0.

The ROUTE CHANGE and the ROUTE ADD commands have the same basic syntax as each

other. When you enter this command, you must usually specify the destination, subnet mask, andgateway. You might also specify a metric and an interface, but thats optional. For example, if

you wanted to add a destination using the bare minimal syntax, you could do so as follows:

ROUTE ADD 147.0.0.0 255.0.0.0 148.100.100.100

In this command, 147.0.0.0 is the new destination that you are adding. 255.0.0.0 would be the

subnet mask for the destination, and 148.100.100.100 would be the gateway address. You canextend the command with the METRIC and IF parameters. Doing so would look something like

this:

ROUTE ADD 147.0.0.0 255.0.0.0 148.100.100.100 METRIC 1 IF 1

The metric parameter is optional, but it specifies the metric or number of hops for the route. The

IF parameter tells Windows which NIC to use. In this particular case, Windows would use the

8/6/2019 Making Sense of Windows Routing Tables

5/5