This article originally appeared on WindowsNetworking.com.
It's amazing the way that time can go by. People tend to think of computers as being high tech, but the TCP/IP protocol has been around in one form or another for over three decades. As such, TCP/IP has had time to really mature and be made stable and reliable. When it comes to computers, nothing is foolproof though. When routing packets across a network, things do occasionally go wrong. In these situations, it is helpful to be familiar with the Windows routing tables. Routing tables dictate the flow of packets from the machine in question. In this article, I will show you how to view the Windows routing tables and how to make sense of the data that is contained within it.
Viewing the Routing Tables
The routing tables are an important part of Windows' TCP/IP protocol stack, but they aren't something that the operating system normally displays to the casual user. If you want to see the routing tables, you will have to open a Command Prompt window and then enter the ROUTE PRINT command. Upon doing so, you will see a screen similar to the one that's shown in Figure A.
Figure A: This is what the Windows routing tables look like
Before I delve into the routing tables, I recommend entering another command into the Command Prompt window. The command is:
IPCONFIG /ALL
The reason why I am recommending that you use the IPCONFIG /ALL command is because it shows you how TCP/IP is really setup on the machine. Sure, you could look in the TCP/IP section of the network adapter's properties sheet, but the information is more reliable if you get it from IPCONFIG. I have seen a couple of instances over the years in which IPCONFIG reported completely different information than what was entered into the machine's TCP/IP configuration screen. This doesn't happen often, but if the right type of error occurs you can experience this type of mismatch. To put it bluntly, the information that's keyed into the TCP/IP properties sheet reflects how you would like Windows to set up the TCP/IP protocol for the chosen network. The information presented by IPCONFIG shows how Windows has actually configured the protocol.
Even if you haven't had some bizarre Windows error, it's still useful to get your configuration information through IPCONFIG. If a machine has multiple network cards, it can be tough to remember which configuration is bound to which card. IPCONFIG lists the various configurations in an easy to read, per NIC basis, as shown in Figure B.
Figure B: The IPCONFIG /ALL displays the machine's TCP/IP configuration on a per NIC basis
Examining the Routing Tables
Right about now you might be wondering why I had you to do an IPCONFIG /ALL, when this article is supposed to be discussing routing tables. The reason for this is that normally you never even look at the routing tables unless you are having problems with your machine. If you are having problems, then the best place to start the troubleshooting process is to compare the information provided by IPCONFIG to the information stored in the routing tables.
As you saw in Figure B, the IPCONFIG /ALL screen displayed some basic TCP/IP information such as the IP address, the default gateway, etc. The routing tables aren't quite as intuitive though. Therefore, I want to take some time to discuss how to read the routing tables and what the information in the tables mean.
In order to understand what the information in these columns mean, you need to understand a little bit about how a router works. A router's job is to facilitate moving traffic from one network to another. As such, a router will contain multiple network interface cards, each connected to a different network segment.
When a user sends a packet that's destined for a different network segment than the one that the PC is presently attached to, the packet is sent to the router. It is up to the router to figure out which network segment the packet should be forwarded to. It doesn't matter if the router is connected to two network segments or a dozen. The decision making process is the same, and it's all based on routing tables.
If you look at the Route Print screen, you will notice that the routing tables are divided into five different columns. The first column is the network destination column. This column lists all of the network segments that the router is attached to. The Netmask column provides the subnet mask not of the network interface that's attached to the segment, but of the segment itself. This basically allows the router to determine the address class for the destination network.
The third column is the gateway column. Once the router has determined which destination network it needs to send the packet to, it looks at the gateway listing. The gateway listing tells the router which IP address the packet should be forwarded through in order to reach the destination network.
The Interface column tells the router which NIC is connected to the appropriate destination network. Technically, the interface column only tells the router the IP address that has been assigned to the NIC that connects the router to the destination network. However, the router is smart enough to know which physical interface the address has been bound to.
The final column in the routing table is the Metric column. Metrics are a science in themselves, but I will try to give you a brief explanation of what they do. The best way that I have ever heard metrics explained is in terms of an airport. Imagine for a moment that I needed to fly from Charlotte, NC (the closest major airport to my home in South Carolina) to Miami, Florida. Being that the Charlotte airport is pretty big, I have a lot of choices of how I could get to Miami Beach. I could hop a North West Airlines flight. It would take me to Detroit Michigan and then down to Miami (Detroit is a bit out of the way). Likewise, I could hop a Continental Airlines flight that would take me to Houston, TX, and then to Miami. Another option would be to just take a US Airways flight nonstop to Miami. So which airline should I take?
In real life, there are a lot of factors to consider such as the price of the ticket and the departure times, but let's assume that everything was equal. If there were no differences between the airlines other than the route, then I would fly the airline that makes the fewest stops. It would get me to my destination more quickly, and since there are fewer stops, there would be less chance of having a problem with my connection, lost luggage, and things like that.
Routing works the same way. Many times, there is more than one way that a router could send a packet. In such a case, it makes sense to send the packet along the shortest (or most reliable) path. This is where the metrics come into play. Windows does not even look at metrics unless there are multiple paths to a destination. If there are multiple paths though, Windows checks the metrics to determine the shortest route. This is an over simplified explanation, but it gets the point across.
Additional Routing Options
Earlier, I showed you the Route Print command, but there are actually a lot of other things that you can do with the ROUTE command. The ROUTE command's syntax is as follows:
ROUTE [-f] [-p] [command [destination] []
The –f switch is optional. This switch tells Windows to clear the routing table of all gateway entries. If the –f switch is used in conjunction with other commands then all gateway entries will be cleared prior to executing other instructions within the command.
The –p switch makes a specified route persistent. Normally, when a server is rebooted then any routes that you specify via the ROUTE command are removed. The –p switch tells Windows to keep the route even if the system is rebooted.
The command portion of the ROUTE command's syntax is relatively simple. The command set consists of four options PRINT, ADD, DELETE, and CHANGE. I've already shown you the ROUTE PRINT command, but even the ROUTE PRINT command has other options. For example, you can use wild cards with this command. For instance, if you only wanted to print routes pertaining to the 192.x.x.x subnet, you could use the command ROUTE PRINT 192*.
The ROUTE DELETE command works very similarly to the ROUTE Print command. Simply enter the ROUTE DELETE command followed by the destination or the gateway that you want to delete from the routing table. For example, if you wanted to remove the 192.0.0.0 gateway, you could enter the command ROUTE DELETE 192.0.0.0.
The ROUTE CHANGE and the ROUTE ADD commands have the same basic syntax as each other. When you enter this command, you must usually specify the destination, subnet mask, and gateway. You might also specify a metric and an interface, but that's optional. For example, if you wanted to add a destination using the bare minimal syntax, you could do so as follows:
ROUTE ADD 147.0.0.0 255.0.0.0 148.100.100.100
In this command, 147.0.0.0 is the new destination that you are adding. 255.0.0.0 would be the subnet mask for the destination, and 148.100.100.100 would be the gateway address. You can extend the command with the METRIC and IF parameters. Doing so would look something like this:
ROUTE ADD 147.0.0.0 255.0.0.0 148.100.100.100 METRIC 1 IF 1
The metric parameter is optional, but it specifies the metric or number of hops for the route. The IF parameter tells Windows which NIC to use. In this particular case, Windows would use the NIC that's bound to Windows as interface 1. If you don't use the IF parameter then Windows will automatically search for the best interface to use.
Conclusion
In this article, I have explained how to use the ROUTE command to display the Windows routing tables and make changes to those tables if necessary. If you need a little extra help, you can get more syntax examples by entering the ROUTE /? Command.
About Brien M. Posey:
Brien Posey is an award winning author who has written over 3,000 articles and written or contributed to 27 books. You can visit Brien's personal Web site at www.brienposey.com.
WindowsNetworking.com contains a wealth of networking information for administrators: Featuring information on how to setup and troubleshoot various networks of any size. Also includes a comprehensive archive of hundreds of reviewed networking software and hardware solutions. Frequently updated with articles & tips by a team of leading authors, it remains a favorite within the networking community.
