Skip to main content

netstat -r command interpretation

More
16 years 7 months ago #25967 by kogula14
Hi,

Anyone know how to interpret netstat -r command?
I know it basically use for viewing list of routing protocols ((remote router IP addresses)).

The "Interface List' shows list of users wired/wireless network adapter.

How about the "Active Routes"?? How to interpret it?

Thanks.
More
16 years 7 months ago #25973 by KiLLaBeE
What you are looking at is the routing table (since XP/2K/2K3 have built-in "routers"). I'm still learning how to fully read it, but I'll give it my best shot.

I'll define the different columns of the Active Routes section and then describe how to read them.

The Network Destination section tells the computer the IP networks that can be reached. The networks that can be reached are determined by the networks that your NICs are connected to.

The Netmask kinda goes hand-in-hand with the Network Destination section...I'll describe a little more of how this works in a bit.

The Gateway specifies the gateway that a packet must go through to reach the listed Network Destination.

The Interface tells the computer the NIC that a packet must go through to reach the gateway.

The Metric tells the computer the cost of the route. The cost is generally used when there are more than one route to a network. The route with the lowest cost is chosen. In a small network with no redundant routes, you don't have to pay much attention to this.

Lets say that your computer has three NICs with IP addresses of 192.168.1.100/24 (with a gateway of 192.168.1.1), 172.16.80.80/16, and 10.50.50.20/8, and the default gateway (which is listed as 0.0.0.0)...when you tell your computer to ping Google.com, after the computer determines the IP address of Google.com (72.14.207.99), the computer will look at the routing table to see if there is a route to that network. The routing table will already list the routes to the networks that your NICs are connected to, so in this case, there will already be routes in the routin table to the 10.0.0.0 network, 172.16.0.0 network, and the 192.168.1.0 network. Because there will be no direct route to the 72.0.0.0 network, the computer will have no choice but to send the packet out the default gateway, which is the 0.0.0.0 network. After the packet reaches the default gateway (generally a router), the gateway will then have to look at its routing table to figure out how to route the packet to Google.

Let say that you tell your computer to ping a node on the 10.0.0.0 network. Your computer will look at the routing table and see somethin like this:

Network Destination: 10.0.0.0
Netmask: 255.0.0.0
Gateway: 10.50.50.20
Interface: 10.50.50.20

The computer will then know that to deliver the packet to the 10.0.0.0 Network Destination (with a mask of 255.0.0.0), it'll have to push the packet out of the 10.50.50.20 interface to the 10.50.50.20 gateway. The packet will then be delievered to that network, where that networks' router will determine how to push the packet to the specific node.

The same procedure is followed when you tell your computer to ping a node on the 192.168.1.0 network.

I had to read several articles on how to read the routing table to understand it, so my explaination may not be sufficient. This was very helpful: www.windowsnetworking.com/articles_tutor...-Routing-Tables.html
More
16 years 7 months ago #25976 by kogula14
Hi, thank you very very very much for your kind and helpful explanation. I'll continue with the link u have given .

thanks
Time to create page: 0.117 seconds