Intermediate ⏱ 60 Minutes Prereq: Subnetting

Routing & Network Flow

Routing is the brain of the network. While a switch moves data inside a local office, a router decides how to move data across the world from one network to another.

1. What is a Router?

Launch Routing Sim

A router is a Layer 3 (Network) device that connects two or more different networks. It acts as the "Traffic Controller" of the internet, reading IP addresses to decide where to send a packet next.

βš–οΈ Routing vs Switching

Switches connect devices inside a network (using MAC addresses).
Routers connect different networks together (using IP addresses).

2. The Router Decision Engine

When a router receives a packet, it runs through a strict logic loop to decide what to do. It happens in milliseconds.

Step 1: Ingress
Packet arrives from Source: 192.168.1.5 β†’ Dest: 8.8.8.8
Step 2: Local Check
Is 8.8.8.8 in a directly connected network? ❌ No.
Step 3: Table Lookup
Scan Routing Table for best match...
Match Found: 0.0.0.0/0 β†’ via 192.168.1.1
Step 4: Forward (Egress)
Encapsulate and send to Next-Hop: 192.168.1.1

3. The Default Gateway

Think of the Default Gateway as the Exit Door of your network. If your computer wants to send data to an IP that is not on your local subnet, it sends it to the Default Gateway.

C:\> ipconfig
IPv4 Address. . . . . : 192.168.1.15
Subnet Mask . . . . . : 255.255.255.0
Default Gateway . . . : 192.168.1.1

πŸ›‘οΈ Attack Relevance

If an attacker can impersonate the Default Gateway (via ARP Spoofing), they can intercept and modify all outbound internet traffic from a target machine.

4. The Routing Table

Every router maintains a routing tableβ€”a map of where to send data based on the destination IP address.

The "Longest Prefix Match" Rule

If a packet matches multiple routes in the table, the router always picks the most specific one (the one with the longest subnet mask).

# Example Routing Table
Route A: 10.0.0.0/8
Route B: 10.1.0.0/16
Route C: 10.1.1.0/24

Packet Destination: 10.1.1.5
Result: Route C is chosen because /24 is more specific than /16 or /8.

The Default Route (0.0.0.0/0)

This is the "Gateway of Last Resort." If a packet does not match any specific route in the table, it is sent here. This usually points to the ISP.

5. Understanding NAT & PAT

Launch NAT Visualizer

NAT (Network Address Translation) allows private networks to talk to the public internet. However, most modern networks use PAT (Port Address Translation), which maps multiple private devices to a single public IP by using unique source ports.

192.168.1.5
:53124 Internal (Private)
⟢ PAT ⟢
203.0.113.42
:40001 External (Public)
⟢ Internet ⟢
142.250.190.46
:443 Google Server

πŸ’€ Attacker Perspective

NAT acts as a natural firewall. It is easy for internal devices to connect "out," but very hard for an attacker to connect "in" unless Port Forwarding is configured.

6. Real World Commands

Use these tools to map the network path.

Linux

# View Routing Table
root@kali:~# ip route
default via 192.168.1.1 dev eth0

# Trace the path to Google (Shows every router hop)
root@kali:~# traceroute 8.8.8.8

Windows

# View Routing Table
C:\> route print

# Trace path
C:\> tracert 8.8.8.8

πŸ“Œ Module Recap

  • Routers make decisions based on IP addresses using the Routing Table.
  • Longest Prefix Match ensures the most specific path is always chosen.
  • PAT allows an entire office to share one Public IP by using unique ports.
  • Traceroute allows you to see every router jump between you and the destination.
← Previous Module
Next: Network Devices
Next Module β†’