Using the 'route print' Command in Windows 7 - Detailed Screen Captures
The 'route print' Command from an Administrative Command Prompt in Windows 7 provides a variety of useful information. Let's take a look at the output of a 'route print' Command to examine how the output data is grouped and to understand its logic.
Let's begin by simply issuing the following command:
route print
An Administrative Command Prompt output shows the following the following sections of the Command Output:
Figure 1 - Issuing the 'route print' Command from an Administrative Command Prompt in Windows 7
Observing the output of the Command indicates there are 5 Major Sections. The Sections include:
Interface List
IPv4 Route Table
IPv4 Persistent Routes
IPv6 Route Table
IPv6 Persistent Routes
On this Workstation a single Physical Network Interface is visible and has been assigned a DHCP Address of '10.1.1.36'.
The IP Stack for this Workstation is as follows:
IP Address: 10.1.1.36
Subnet Mask: 255.255.255.0
Default Gateway: 10.1.1.1
DNS Server: 10.1.1.1
DHCP Server: 10.1.1.1
DNS Suffix: YYY.YYY.isp-provider.net
Most of the time our focus is upon the IPv4 Routing Table output. Here are the sections of the IPv4 Routing Table output for reference.
Figure 2 - The IPv4 Route Table output listing the 'all networks' route through the Default Gateway.
The next IPv4 Routing Table entry indicates '10.1.1.36' (the Host Workstation' is a member of the '10.1.1.1/24' Network and would route packets out the '10.1.1.36' Interface.
Figure 3 - The Workstation Host at '10.1.1.36' is a member of the '10.1.1.0/24' Network Subnet.
The next IPv4 Routing Table entry indicates '10.1.1.36' may receive a Broadcast from the '10.1.1.0/24' Network (as noted by the Subnet Mask of '255.255.255.255').
Figure 4 - The Workstation Host at '10.1.1.36' can offer a Broadcast on the '10.1.1.0/24 Network' (as noted by the 255.255.255.255 Subnet Mask).
Another IPv4 Routing Table entry focused on Broadcast Addresses is the following. The Host Workstation at '10.1.1.36' may offer Network Broadcasts to the '10.1.1.0/24' Network.
Figure 5 - The Workstation Host at '10.1.1.36' can receive Network Broadcasts from the '10.1.1.0/24' Network (as noted by the '10.1.1.255' Network Destination).
The next IPv4 Routing Table entries (3 of them) are focused on the Loopback Network Values of '127.0.0.0/8', '127.0.0.1/32' and the Loopback Network Address of '127.255.255.255/32' respectively. These Addresses provide Services to the Local Host (or Loopback Adapter). The Loopback Network Destination of '127.0.0.0' provides access to the Loopback Network through '127.0.0.1' the Loopback IP Address. The Loopback IP Address of '127.0.0.1/32' receives Limited Local Broadcast to the Loopback Network while the Loopback IP Address of '127.255.255.255/32' provides Limited Broadcast to the Loopback Network.
Figure 6 - The Workstation Host at '10.1.1.36' uses 3 Addresses for Services to the 'Local Host'. All 3 Addresses incorporate the '127.x.x.x' format.
Next the Routing Table includes 2 specific entries for the Multicast Network (224.0.0.0/4) for both the 'Local Host' or Loopback Address of '127.0.0.1' and the Host IP Address of '10.1.1.36' that are '224.0.0.0/4' . These are used for Multicast Network functions.
Figure 7 - The Workstation Host at '10.1.1.36' includes 2 Multicast Addresses (starting with '240.0.0.0') reserved for use through either the Loopback Address '127.0.0.1' or the Host IP Address '10.1.1.36'.
The last 2 Routing Table entries provides Services through Limited Broadcast Addresses. The Network Destination of '255.255.255.255/32' are the Limited Broadcast Address Ranges for both the Loopback Adapter '127.0.0.1' and the Host IP Address '10.1.1.36'.
Figure 8 - The Workstation Host at '10.1.1.36' includes 2 Limited Broadcast IP Address Values to Service both the Loopback Network '127.0.0.1' and the Host IP Network '10.1.1.36'.
Finally, upon understanding the sections of the Windows 7 Routing Table there are additional functions available when using the 'route' Command. This Blog entry is focused solely on output from the 'route print' Command.
Summary: In this Blog entry focused on using the 'route print' Command from an Administrative Command Prompt in Windows 7. Each of the defined routes for a Workstation running Windows 7 Enterprise were reviewed for reference.
Lynn LunikChief Security ArchitectIT Pro Secure Corporationand exchangesummit.netblog <at> itprosecure.com
March 10th, 2010 4:52am