Solved

Routing Puzzler

Posted on 2002-04-10
14
209 Views
Last Modified: 2010-08-05
I ran into the following puzzle I can not duplicate.

I helped a friend with his network and noticed that his workstations were configured with 192.168.0.0/24 network block. All very standard. What was odd however was that he had an HP printer on a totally different network address. Something like 34.25.4.6 and it worked. I could even punch in the printer address in netscape and get the printer configuration screen.

I typed route and there was a persistant route:
34.25.4.6 255.255.255.255 192.168.0.100
Each workstation had a persistant route pointing to its own local IP address.

Unfortunatly I "fixed" it before really understanding how they got it to work.

Any ideas on what they did to make this work.
They have windows me workstations and an NT server.

I don't have a problem it is just bugging me that I don't understand how they make it work.





0
Comment
Question by:davidpm
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 4

Expert Comment

by:escheider
Comment Utility
My first thought would be that the Router <192.168.0.100> was allowing traffic to be routed between the two networks <192.168.0.100> and <34.25.4.5> as your route indicates.  It shows that you are adding a specific hosts to the routing table and using 192.168.0.100 as your gateway.
0
 
LVL 3

Expert Comment

by:cincin77
Comment Utility
I think it works as follows:

192.168.0.100 is machine that makes routing.
Think from the printer side:
printer would like to reach a computer in the subnet 192.168.0.0/24. it realizes that the target machine is on another subnet and looks for its default gateway which is 192.168.0.100. it prepares an arp packet for the mac address of the machine with IP 192.168.0.100 and broadcasts it. As the machine 192.168.0.100 gets this arp request it replys to the printer with its MAC address and printer can send its packets to its default gateway. And there must be a route on the machine stating:
Send the packets with a destination IP of 34.25.4.5 through the interface with the IP address of 192.168.0.100.
So the packets can go in two ways.

As you see from the point of IP, all of this can happen as  it is in your case.
0
 
LVL 8

Accepted Solution

by:
scraig84 earned 100 total points
Comment Utility
I am getting a different impression from your post than the last two guys...

My understanding of your post was that each workstation pointed to itself for the gateway - not that every device is pointing to 192.168.0.100 as a gateway.  This address was simply an example, right?

If so, then it is fairly simple.  You'll notice in a workstation's route table that any time a broadcast is used, the gateway is itself - for example 255.255.255.255 is likely in your table now with the gateway as your IP address.  Therefore rather than trying to route this over a router, or try to get the device's MAC through an ARP request (which it couldn't do since it would be considered remote), the route table told the workstation to send it out with a broadcast MAC.  This would definitely get the packet there.  The printer could respond in the same way or some IP clients (non-windows) can be told to arp for remote devices.

This is HIGHLY inefficient, as it forces all machines to process every packet going to the printer enough to see that the IP address is not theirs, but it should work.
0
 
LVL 55

Expert Comment

by:andyalder
Comment Utility
So maybe someone added jetadmin on each PC (which finds jetdirects on any network address) rather than just on one PC to configure it. 192.192.192.192.....
0
 
LVL 4

Expert Comment

by:escheider
Comment Utility
kinda sounds like we need more information, since everyone is coming up with different theories..
0
 
LVL 55

Expert Comment

by:andyalder
Comment Utility
Me speak nonsense, 192.0.0.192 was what I meant (guessing davidpm's "Something like 34.25.4.6" address to be jetdirect default address. Assumed that his predecessor had followed something similar to http://www.hp.com/cposupport/networking/support_doc/bpj06552.html but jetadmin discovery methods use similar tricks.
0
 

Author Comment

by:davidpm
Comment Utility
Scraig84 interpreted my scribbles correctly. Each workstation had the printer address routed to its local address.
As a further test I did the following on a different network.
Confirmed that the address of my workstation is 192.168.255.203/24
I plugged a Sonicwall router that has a web administration interface and an address of 192.168.168.168

On my 98 workstation I went to dos and typed
route add 192.168.168.168 mask 255.255.255.255 192.168.255.203

Then went to my browser and put in the 192.168.168.168 address.

IT WORKED!


Should be easy for anyone to test, all you need is two computers. Just use ping instead of a web server/browser for proof.

So does this mean that Scraig84 is corrent?
>> the route table told the workstation to send it out with a broadcast MAC.  

If so what exactly does the above quote mean. IOW under what other circumstaces are packets sent with a broadcast MAC and why? In what way does this route statement make this happen? I know what a broadcast IP address is but what is a broadcast MAC?

I thought I knew IP. Guess I know nada. Sigh%%%







0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:davidpm
Comment Utility
This may be an answer to one part of the my question.

http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html

The revelent passage.
>>An Ethernet network uses two hardware addresses which identify the source and destination of each frame sent by the Ethernet. The destination address (all 1's) may also identify a broadcast packet (to be sent to all connected computers).
0
 
LVL 55

Expert Comment

by:andyalder
Comment Utility
>So does this mean that Scraig84 is corrent?
>>> the route table told the workstation to send it out >with a broadcast MAC.  

In a way. The routing table entry tells the workstation that the normally remote IP address is on the local broadcast domain, it broadcasts ARP for the mac address and then everything following is unicast, same as normal.

I was more suggesting a reason for those static routes being there in the first place.
0
 

Author Comment

by:davidpm
Comment Utility
Andy what you say makes a lot of sense. It seem highly unlikely that that it would have to broadcast for each packet. If I get a chance and set this up again make a connection and check my arp table and the mac of the remote device is there that should confirm your contention.
Do you agree?

0
 

Author Comment

by:davidpm
Comment Utility
Andy does this mean that you disagree with the "highly inefficent comment".

As to whey they did it that way it could be as simple as they not knowing how to change the IP of the printer. This is very likely because when I showed them the web interface they were amazed.

I'm still not clear as to exactly
>>>
The routing table entry tells the workstation that the normally remote IP address is on the
local broadcast domain,<<
this happens. When else does this happen. Is this an anomoly or artifact or a built-in concept used for other purposes.
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
I just did a test with it and traced what happens.  Andy is correct that rather than sending every packet to a broadcast MAC, it forces the workstation to arp locally for the address.  So, the "highly inefficient" comment would be incorrect on my part.  Since most OS's don't even need to have broadcast addresses in their routing tables, I made the assumption that if another route was placed in, that it would be treated the same as other broadcasts.

Anyway, at least you know why it works at this point.  Bizarre way of deciding to make something function though!
0
 
LVL 55

Expert Comment

by:andyalder
Comment Utility
>Bizarre way of deciding to make something function
though!
I certainly agree with that.

When else does it happen? look at the normal routing table, there's a static route to the local subnet through the local NIC, something like

10.0.0.0  255.255.0.0  10.0.10.101  10.0.10.101 1
which tells the machine that anything on 10.0.x.x on my PC belongs on the local cable and not to send it to the default gateway.

Also the case of 2 subnets on a single hub without a router to forward packets, say 192.168.0.0 and 192.168.1.0, you could adjust the subnet mask to /23(supernet) or you could add a static route like

192.168.1.0 255.255.255.0 192.168.0.1 192.168.0.1 1
except that you would have to add this route on every PC and the route would be different on each since the gateway to the other subnet is through it's own IP address which makes it almost un-maintainable except as a temporary workaround.
0
 

Author Comment

by:davidpm
Comment Utility
I wish this screen allowed split points. Scraig was first to get it even though he wasn't exactly right at first.

Andy thanks for your clarifications.
I have a related question I'm sure you will be able to help with. I'll post a referance to it here so you will get a notification when it apears.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here (http://www.handcraftedsoftware.org/index.php?page=download) 2. Ensure that you disable the windows fi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now