Solved

the default gateway

Posted on 2002-03-25
7
9,751 Views
Last Modified: 2010-04-11
Consider the following

Host a workstation
Host b default router

If host a wants to wants to surf the
web it need to route its packed through
host b ( am I right so far )
How does it do this?
Is host b listening to every port and
relaying the incoming packets?

Or does host a know that it need
to use the default host as it can
see it does not know the route by
examine its routing table and so
change the way it sends its requests?

Also how do you know why routing
Protocol your network is using
RIP, IGRP, OSPF, other?



0
Comment
Question by:thedogeater
  • 4
  • 2
7 Comments
 
LVL 16

Accepted Solution

by:
SteveJ earned 100 total points
ID: 6896244
You are essentially correct.

Your host knows how to get to other stations on the same logical network because it's internal routing table lists it's own interface as the route to other stations on the logical network. Assume your host IP address is 10.1.1.1, part of your routing table will look like:

(a) 10.1.1.0 (b) 255.255.255.0 (c) 10.1.1.1 (d) 10.1.1.1

Where
a = the logical network you are connected to
b = the network mask for the connected logical network
c = the gateway to the hosts on (a)
d = the interface to use to get to (c)

For routes that your workstation doesn't have in its routing table you use a default route. Assume your default router IP address is 10.1.1.254. The default routing entry looks like:

(a) 0.0.0.0 (b) 0.0.0.0 (c) 10.1.1.254 (d) 10.1.1.1

The only way to know what protocol the router is using (which has NOTHING to do with the workstations) is to either sniff the network using a packet sniffer or ask the network administrator. There's nothing inherent about routing protocols that you can deduce from your workstation.

To learn more about how hosts interact start by reading about address resolution protocol (ARP).

Good luck.
Steve
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 6896245
I should have added that the assumption is also that your default router (10.1.1.254 in my example) has a route to the internet.

Steve
0
 

Author Comment

by:thedogeater
ID: 6897770
Ok thanks for that

but why do you say logical network and not just IP?
is there something subtle I am missing.

And the middle part of my question, when you workstation has decided it needs to use the default gateway
does it just set one of the IP headers?
How does the router listen out for these packets is
there a service running listeing to everthing?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 16

Expert Comment

by:SteveJ
ID: 6899375
When you bind an ethernet driver to an interface card whether it's a router or a workstation, that driver "listens" for its own ethernet address on the network.

When you send a packet from 10.1.1.5 to 99.99.99.99, which is not on your network, then your workstation refers to its own routing table and sees that (a) it doesn't have a route to 99.99.99.99 but (b) it does have a default route through a gateway. Your workstation the creates an ethernet header WITH THE DESTINATION HARDWARE ADDRESS OF THE GATEWAY and a destination IP address of 99.99.99.99 . . .

You need to read about ARP to understand what's going on. Im too lazy to give you much more than the two paragraphs above. At least for now.

By the way: to me "IP network" can mean multiple segments or logical networks. And by "logical" I mean that they are physically connected but require the logic of firmware and software to enable communications among stations . . . or something like that.

Good luck.
Steve
0
 
LVL 2

Expert Comment

by:quietyakr3
ID: 6899960
Steve's explaination here is very good.  I would add one more thing.  There is a way that a host can operate with a router that it does not have programed as it's default gateway.  This is a very bad thing and should never be done unless you have a stupid device that can't handle a routing table/default gateway.  It's a feature called proxy arp.  

Basically when you do this, the router will arp in proxy for every host on the internet.  This allows the client to operate without a routing table because it keeps asking where is 1.2.3.4 or whatever and the router who address is actually say 5.3.87.323 or whatever says, yeah.... I'm 1.2.3.4 also.  It does this for every host on the internet that any of the devices on it's LAN ask for.  From the perspective of the hosts on the LAN, they think the entire internet is on the local LAN and it makes very big ARP tables and a lot of a ARP traffic on the LAN.  

Like I said, this is not a good thing and that is why you should almost always see something like "no ip proxy-arp" on the ethernet config of a router.
0
 

Author Comment

by:thedogeater
ID: 6904028
I am reading up on the Address Resolution stuff
can you suggest any good links?
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 6913178
I'd buy the Richard Stevens' book on TCP/IP. Here's a link:

http://www.amazon.com/exec/obidos/ASIN/0201633469/yosemitewebindex/102-8350974-4044122


Good luck.
Steve
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Link Aggregation 2 32
Route summarization 5 23
Cisco VSS or VCP on GNS3 or IOU 3 41
Firewall port opening 2 26
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now