Solved

Why can two machine not on the same subnet ping each other without a router ?

Posted on 2007-03-27
25
630 Views
Last Modified: 2012-06-22
I have 2 linux machines connected via crossover cable

Host A - 192.168.1.1/24
Host B - 192.168.2.1/24

From what i understand of tcp these two machines shouldnt be able to ping each other and when trying i find they dont.

I also know that when any packet is sent from a host to its own ip address its sent to loopback and never shows up on the wire.

Now for the strange part

If I add a gateway for host A  (gen-cs49) as itself
[root@gen-cs49 ~]# route add -net 192.168.2.0/24 gw 192.168.1.1  eth1

AND

If I add a gateway for host B (sup-cs2)  as itself
[root@sup-cs2 ~]# route add -net 192.168.1.0/24 gw 192.168.2.1  eth1


Now if i try to ping Host A --> B or Host B--->A...ping works fine !!!!! is this expected ???

Host A --> B
[root@gen-cs49 ~]# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=0.239 ms
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.181 ms
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.181/0.210/0.239/0.029 ms, pipe 2
[root@gen-cs49 ~]#


Host B --> A
[root@sup-cs2 ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.307 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.325 ms

--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.307/0.316/0.325/0.009 ms, pipe 2
[root@sup-cs2 ~]#



Other info about Host A
================================================================
[root@gen-cs49 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:48:75:F2:6E  
          inet addr:10.0.61.49  Bcast:10.0.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7535685 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54101 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2076386588 (1.9 GiB)  TX bytes:10674564 (10.1 MiB)
          Base address:0xb400 Memory:f2000000-f2020000

eth1      Link encap:Ethernet  HWaddr 00:30:48:75:F2:6F  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:67219 errors:0 dropped:0 overruns:0 frame:0
          TX packets:67169 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6744162 (6.4 MiB)  TX bytes:6846585 (6.5 MiB)
          Base address:0xb800 Memory:f2020000-f2040000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:241 errors:0 dropped:0 overruns:0 frame:0
          TX packets:241 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:27630 (26.9 KiB)  TX bytes:27630 (26.9 KiB)

[root@gen-cs49 ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     192.168.1.1     255.255.255.0   UG    0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
10.0.0.0        *               255.255.0.0     U     0      0        0 eth0
default         gw1.nbttech.com 0.0.0.0         UG    0      0        0 eth0
[root@gen-cs49 ~]#




Host A - 192.168.1.1/24
Host B - 192.168.2.1/24

From what i understand of tcp these two machines shouldnt be able to ping each other and when trying i find they dont.

I also know that when any packet is sent from a host to its own ip address its sent to loopback and never shows up on the wire.

Now for the strange part

If I add a gateway for host A  (gen-cs49) as itself
[root@gen-cs49 ~]# route add -net 192.168.2.0/24 gw 192.168.1.1  eth1

AND

If I add a gateway for host B (sup-cs2)  as itself
[root@sup-cs2 ~]# route add -net 192.168.1.0/24 gw 192.168.2.1  eth1


Now if i try to ping Host A --> B or Host B--->A...ping works fine !!!!! is this expected ???

Host A --> B
[root@gen-cs49 ~]# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=0.239 ms
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.181 ms
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.181/0.210/0.239/0.029 ms, pipe 2
[root@gen-cs49 ~]#


Host B --> A
[root@sup-cs2 ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.307 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.325 ms

--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.307/0.316/0.325/0.009 ms, pipe 2
[root@sup-cs2 ~]#



Other info about Host B
================================================================
[root@sup-cs2 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:48:76:02:9E  
          inet addr:10.0.111.2  Bcast:10.0.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:145589050 errors:52100 dropped:52100 overruns:0 frame:0
          TX packets:805398 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:840780503 (801.8 MiB)  TX bytes:159919208 (152.5 MiB)
          Base address:0xb400 Memory:f2000000-f2020000

eth1      Link encap:Ethernet  HWaddr 00:30:48:76:02:9F  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:320146839 errors:2614 dropped:2614 overruns:2614 frame:0
          TX packets:79241386 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2408033305 (2.2 GiB)  TX bytes:2994376752 (2.7 GiB)
          Base address:0xb800 Memory:f2020000-f2040000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3059 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3059 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:395923 (386.6 KiB)  TX bytes:395923 (386.6 KiB)

[root@sup-cs2 ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     192.168.2.1     255.255.255.0   UG    0      0        0 eth1
10.0.0.0        *               255.255.0.0     U     0      0        0 eth0
default         gw1.nbttech.com 0.0.0.0         UG    0      0        0 eth0
[root@sup-cs2 ~]#
0
Comment
Question by:vikky999
  • 6
  • 4
  • 4
  • +6
25 Comments
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18803414
Hosts on different subnets will not talk to each other without traversing a gateway, this is by design. The subnet mask combined with the ip address defines the local network. If the destination address is not within that local network the packet will be forwarded to a gateway.
0
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18803449
I appologize I misread your post. It does look strange now that I look at it. Let me see if I can try it from here.
0
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18803641
Unfortunatly I don't have a linux machine I can test it on but the routes you added would force the packet out the ethernet interface and since they are both on the same physical segment they can do an arp and get the appropriate mac to talk to. It might be interesting to try it on a different os as well and see what happens. Maybe do a traceroute or sniff of the traffic on the wire too just to see.
0
 

Author Comment

by:vikky999
ID: 18804778
well...to the best of my knowledge the same thing happens on a windows machine also.
And you are quite right, if they can ping each other...there is definitely arping happening on the wire.

But !!!! I dont get how that happens according to everything Ive read in Stevens about tcp/ip

I dont get it, even if a packet is forced out of the "eth1" interface, even then how would arp work here ?

Lets say Host A --> tries to ping Host B

It sees Host B is on a different subnet
It consults its routing table
Sees it needs to send the packet to the gateway (which is itself via interface eth1)

At this point 1 of the possible two things can happen
a. It sends the packet to itself which goes to itself via loopback
b. It sends the packet to itself which goes to itself via the wire

at this point im stuck...now what ??
0
 
LVL 2

Expert Comment

by:BMarden
ID: 18805557
tracert will tell you how it's getting there.  RIP may be running and building routing table
0
 
LVL 4

Accepted Solution

by:
freaky_NL earned 500 total points
ID: 18807277
This is called routing and yes it is what is expected.

Both machines are connected to the same switch if I understand correctly. Both machines appear to have a default gateway which is your ISP.

If you try to ping machine B from machine A, without any additional routes, it will not know the subnet machine B is in and therefore send it to the gateway of your ISP. That will probably block private subnets or not know about them and tell you there's no route to host or whatever.

When you added the routes, telling the machines the other subnet is behind their own networkcard, you told them where to find the other subnet. As you did a similar thing on both machines both now know where to find each other. Therefore it will work.

If you would add the route to only one machine, say A, it would know how to reach B (and would reach B), but B wouldn't know the way back and send any data to the gateway of the ISP (the default route)

What you are doing is very normal and well documented. Don't look for TCP, it's a higher level protocol. What you are doing is at the IP level. If you search google for 'IP routing' you will find a lot of documentation related to this.
0
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18807625
While it is normal routing there is one thing to note. In my experience a gateway usually has an address on each subnet it is directly connected to. The surprising bit - at least to me if not to the poster - is that neither gateway has an address on both subnets. Once the hosts decided to send the packet to the wire arp shouldn't care what subnet its talking to since it's job is just to resolve ip addresses into MAC addresses - its lower in the stack then ip. It is surprising that it dumps it to the wire at all without an address on the local subnet but remember you forced the route to the interface itself and not to an address bound to an interface. Perhaps that is the difference.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 18811071
freaky_NL is 100% right in what they wrote

this is expected behavior for the exact reasons specified
0
 

Author Comment

by:vikky999
ID: 18812537
hi freaky/cyclops...

well
1. My gateway on both of my hosts is NOT my ISP.
2. My gateway on both of my hosts are the respective hosts themselves.

Here is what i dont understand. As far as I know ip routing is conceptually quite simple.

Look for the destination host, if not look for destination subnet, look for default gateway and send packet accordingly.

In this case...Host A--> pinging Host B
a. Checks for detination host
b. Checks for detination subnet ...finds it !
c. Sends it to the gateway defined for that machine (Which happens to be itself), so it sends the packet to itself.

Even if it does send this packet to itself (after arping) and this packet appears on the wire.....at which point has host B entered the picture ??

0
 
LVL 4

Expert Comment

by:freaky_NL
ID: 18813903
AFAIK if the device knows the subnet is the next hop, what you are in fact telling it if you set the gateway to the local machine, it should do ARP, as it's in the same network (well on ethernet atleast).
0
 

Author Comment

by:vikky999
ID: 18814011
hi freaky

could you gimme a link to anywhere on the web where this is technically stated ? a cisco document or tcp ip rfc or something like that ?
0
 
LVL 4

Expert Comment

by:freaky_NL
ID: 18815124
http://en.wikipedia.org/wiki/Address_Resolution_Protocol

Pay special attention to this:

The first case is used when two hosts are on the same physical network (that is, they can directly communicate without going through a router). The last three cases are the most used over the Internet as two computers on the internet are typically separated by more than 3 hops.

Note that they are on the same network, because you told the computer by adding the route it's a next hop.

Also, just to make sure (and you can do this yourself), I've started a capture (using wireshark) just before I pinged the other host (do note that they hadn't spoken with each other yet, so they weren't already in the arp tables).

Below you will find a link to the capture. One computer was on 172.30.20.1/24 the other on 172.31.40.1/24.

http://img404.imageshack.us/my.php?image=arpsv7.png
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 4

Expert Comment

by:freaky_NL
ID: 18815138
Btw, in case you want RFC's, you should be able to find all of them here: http://www.ietf.org/rfc.html but not sure which ones you'd have to read... Probably atleast ARP and IP, maybe Ethernet as well.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 18815187
vikky999,

do this.  even for the network assigned to the interface.  look at the routing table for the client.  you'll notice that the interface is the gateway for the locally attached network (one assigned to that interfaced).  Those are usually referred to as connected routes because the system learns of them by being connected to the network directly.

In this case you specified a second network that it should know about.  You specified the interface as the gateway that it should use (I know it seems weird that the interface can be considered a gateway, but it always is or normal routing can't take place to connected networks ever).  Now that it knows this second network is out that interface (and directly since the interface itself is the "next hop" which is also the interface), it then does an arp request to find the mac with the IP it is seeking.

The reason this all looks so weird is because unless its a test environment, no one runs two different networks within the same L2 hardware (if so their usually vlan'ed).
0
 
LVL 4

Expert Comment

by:freaky_NL
ID: 18816308
Cyclops3590, what you are saying isn't (exactly) correct. On windows you are correct. Windows shows it's own IP in the routing table. Linux however does not. It just enters 0.0.0.0 as gateway, it does specify the interface tho' :). Just a matter of symantics, both mean the same.

Example:

flaptoppy ~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.20.30.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         10.20.30.254    0.0.0.0         UG    0      0        0 eth0

You can clearly see the gateway for the 10.20.30.0/24 subnet (my local subnet) is 0.0.0.0.

Same thing on windows machine (same network 2003 server):

U:\>route print



IPv4 routetabel

===========================================================================

Interfacelijst

0x1 ........................... MS TCP Loopback interface

0x10003 ...00 ff 08 f0 f7 82 ...... Juniper Network Connect Virtual Adapter

0x10004 ...00 0c 29 1a 66 f5 ...... AMD PCNET Family PCI Ethernet-adapter

===========================================================================

===========================================================================

Actieve routes:

Netwerkadres             Netmasker          Gateway        Interface Metric

          0.0.0.0          0.0.0.0     10.20.30.254       10.20.30.2     30

       10.20.30.0    255.255.255.0       10.20.30.2       10.20.30.2     30

       10.20.30.2  255.255.255.255        127.0.0.1        127.0.0.1     30

   10.255.255.255  255.255.255.255       10.20.30.2       10.20.30.2     30

        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1

        224.0.0.0        240.0.0.0       10.20.30.2       10.20.30.2     30

  255.255.255.255  255.255.255.255       10.20.30.2       10.20.30.2      1

  255.255.255.255  255.255.255.255       10.20.30.2            10003      1

Standaard-gateway:      10.20.30.254

===========================================================================

Permanente routes:

  Geen

Here you can see you are correct. Windows does list it's own IP as the gateway.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 18816417
thanks for the clarification freaky, so many use windows as their clients in the Qs I participate in I had a brain fart that we're going after the routing table on a linux box this time.

btw, in the linux routing table.  The flag of U means the route is Up.  The G means use the gateway.  so the U by itself just means the route is directly outside that interface, not thru a router hop (meaning on the other side of the gateway specified)
0
 
LVL 1

Expert Comment

by:GoUdVisKe
ID: 18817682
Host A - 192.168.1.1/24
Host B - 192.168.2.1/24

If this is the case basically they're in a different network segment. Change Host B to 192.168.1.2 and put the correct subnet mask: 255.255.255.0 for class C on both PC's and it should work.

It should also work if you don't change IP addresses but change the subnet mask on both computers to 255.255.0.0

Steven
0
 
LVL 3

Expert Comment

by:miroofi75
ID: 18831363
Both of them have different subnets on the same segment. Add broad band router b/w them solve the issue.  or keep them on a same subnet.

regards,


imran
0
 
LVL 3

Expert Comment

by:miroofi75
ID: 18831376
i am sorry i didn't read the question completely. As I understand that based on the routing table systems can ping each other.

regards,


Imran
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18837394
Would you post the route information on one of the box ?

Cheers,
Rajesh
0
 
LVL 4

Expert Comment

by:infotactix
ID: 19002553
I don't understand why this is so confusing to everyone. The network is behaving exactly as you should expect.

In the initial setup, you had two NICs configured in different subnets connected by a crossover cable. They can't see each other because they aren't in the same subnet and have no routing information to tell them how to get there.

When you added the routes, you told them each specifically how to get to the other subnet and packets were routed exactly as you directed them.
0
 
LVL 4

Expert Comment

by:freaky_NL
ID: 19014072
I don't understand why people keep answering questions that have already been answered.

Is it really that hard to view other peoples comments before you go on a ramp?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 19014933
Agree, I'd say that freaky_NL's first comment summed things up pretty nicely.  Personally I'd just accept that one.
0
 
LVL 4

Expert Comment

by:infotactix
ID: 19017937
Sorry freaky,

Your original post was pretty much correct and should have settled it. As the discussion was still going on, it seemed to me that a simpler answer might be needed to resolve it.
0
 

Author Comment

by:vikky999
ID: 19021081
thanks freaky
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now