• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 161
  • Last Modified:

IP Confusion

I'm on a network with the following IP configuration:

Connection-specific DNS Suffix  . :
IPv4 Address. . . . . . . . . . . : 192.168.1.18
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

There is a host on the network at 192.168.10.10

To my surprise, I'm able to reach this host.  How can his be.  It's on a different subnet. Please help me understand how this is working.

Thank you,

John
0
JohnMan777
Asked:
JohnMan777
2 Solutions
 
rharland2009Commented:
The most basic answer that comes to mind would be that both your (the 192.16.1.x) subnet and this host's (the 192.168.10.x) subnet both terminate at a layer 3 switch that routes traffic between the two subnets. Do you have access to the host itself to examine the IP configuration? That will likely show you some information to reveal the reason you can access it.
0
 
JohnMan777Author Commented:
Thanks for the quick response.

When you say access to the host, would that mean something special setup in the Dell Switches or the Sonicwal router?

Thank you again,

John
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Either you're routed to that machine, or that machine has a second address (on the same NIC or a different one) that is on the 192.168.1.x network.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Don JohnstonInstructorCommented:
To my surprise, I'm able to reach this host.  How can his be.  It's on a different subnet. Please help me understand how this is working.
It shouldn't be that surprising. ;-)

I mean, Experts-Exchange is on a different network than you computer and you can reach that.

The fact that you have a default gateway defined is what allows you to reach hosts on non-local networks.

If you're saying that the 192.168.10.0 network isn't reachable by your default gateway, now that would be surprising.

Can you provide a diagram which shows where 192.168.10.10 device is (relative to the 192.168.1.18 device).
0
 
JohnMan777Author Commented:
Can you provide a diagram which shows where 192.168.10.10 device is (relative to the 192.168.1.18 device).

The 192.168.10.10 host and my PC (192.168.1.60) are a few feet away from each other. I'll check in the Sonicwall. I'll bet there is a rule in there routing traffic to a separate ethernet port on it. X0, X1, etc.

Although ridiculous I know, if I were to shut off the sonicwall, do you believe this connection would still work?

Thank you,

John
0
 
rharland2009Commented:
Yes, it might be VLANS set up in one of your dell switches that act to route traffic between the subnets. It could also be happening on the Sonicwall. What's happening is that somewhere on your network, there's a device that makes a routing decision and knows how to get to both subnets.
0
 
rharland2009Commented:
If the routing takes place on the Sonicwall, and you shut off the Sonicwall, it will not work.
0
 
Tony PittCommented:
Two things to look at that might help answer this:

1) Traceroute from each machine to the other - on Windows, that would be "tracert -d 192.168.10.10" from a Command Prompt on machine 192.168.1.18, and vice versa.

If the result is a single hop, then you've probably got a second interface, or second address on the interface, in your 192.168.1.* subnet on the .10.10 machine.  The output will look something like:
C:\>tracert -d 192.168.1.254

Tracing route to 192.168.1.254 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  192.168.1.254

Trace complete.

C:\>

Open in new window


If it's more than one line, then the lines/hops will identify the path that the packets are taking between the two machines.  (If the network has DNS fully configured, then omit the "-d" and it'll show you machine names instead of addresses.)

2) Have a look at the ARP table on both machines after you have ping'ed each from the other.  Again, on Windows, the command would be "arp -a".  For each machine in the list, you will see the MAC address of the machine that responded to the IP address.

If it's a second address on the interface, you'll see the same MAC address as you see when you do the same thing from a machine in the 192.168.10.* subnet.  Otherwise, you'll see a different MAC address, in which case you could check that against the SonicWall interface and other machines including the switches.

(The ARP table is responsible for telling the IP software what destination Ethernet (MAC) address to put in the packet that it send out onto the Ethernet; generally, interfaces are only listening to a small number of Ethernet addresses, thereby ignoring packets destined for other machines on the network.)

I hope this helps - perhaps you can tell us what you find out ...

/T
0
 
JohnMan777Author Commented:
A great help!  Thank you both!
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now