The 'route print' Command from an Administrative Command Prompt in Windows 7 provides a variety of useful information. Let's take a look at the output of a 'route print' Command to examine how the output data is grouped and to understand its logic.
Let's begin by simply issuing the following command:
An Administrative Command Prompt output shows the following the following sections of the Command Output:
Observing the output of the Command indicates there are 5 Major Sections. The Sections include:
- Interface List
- IPv4 Route Table
- IPv4 Persistent Routes
- IPv6 Route Table
- IPv6 Persistent Routes
On this Workstation a single Physical Network Interface is visible and has been assigned a DHCP Address of '10.1.1.36'.
The IP Stack for this Workstation is as follows:
- IP Address: 10.1.1.36
- Subnet Mask: 255.255.255.0
- Default Gateway: 10.1.1.1
- DNS Server: 10.1.1.1
- DHCP Server: 10.1.1.1
- DNS Suffix: YYY.YYY.isp-provider.net
Most of the time our focus is upon the IPv4 Routing Table output. Here are the sections of the IPv4 Routing Table output for reference.
The next IPv4 Routing Table entry indicates '10.1.1.36' (the Host Workstation' is a member of the '10.1.1.1/24' Network and would route packets out the '10.1.1.36' Interface.
The next IPv4 Routing Table entry indicates '10.1.1.36' may receive a Broadcast from the '10.1.1.0/24' Network (as noted by the Subnet Mask of '255.255.255.255').
Another IPv4 Routing Table entry focused on Broadcast Addresses is the following. The Host Workstation at '10.1.1.36' may offer Network Broadcasts to the '10.1.1.0/24' Network.
The next IPv4 Routing Table entries (3 of them) are focused on the Loopback Network Values of '127.0.0.0/8', '127.0.0.1/32' and the Loopback Network Address of '127.255.255.255/32' respectively. These Addresses provide Services to the Local Host (or Loopback Adapter). The Loopback Network Destination of '127.0.0.0' provides access to the Loopback Network through '127.0.0.1' the Loopback IP Address. The Loopback IP Address of '127.0.0.1/32' receives Limited Local Broadcast to the Loopback Network while the Loopback IP Address of '127.255.255.255/32' provides Limited Broadcast to the Loopback Network.
Next the Routing Table includes 2 specific entries for the Multicast Network (220.127.116.11/4) for both the 'Local Host' or Loopback Address of '127.0.0.1' and the Host IP Address of '10.1.1.36' that are '18.104.22.168/4' . These are used for Multicast Network functions.
The last 2 Routing Table entries provides Services through Limited Broadcast Addresses. The Network Destination of '255.255.255.255/32' are the Limited Broadcast Address Ranges for both the Loopback Adapter '127.0.0.1' and the Host IP Address '10.1.1.36'.
Finally, upon understanding the sections of the Windows 7 Routing Table there are additional functions available when using the 'route' Command. This Blog entry is focused solely on output from the 'route print' Command.
Summary: In this Blog entry focused on using the 'route print' Command from an Administrative Command Prompt in Windows 7. Each of the defined routes for a Workstation running Windows 7 Enterprise were reviewed for reference.
Chief Security Architect
IT Pro Secure Corporation
blog <at> itprosecure.com