Intermediate ⏱ 60 Minutes Prereq: Subnetting

Routing & Network Flow

Routing is the brain of the network. While a switch moves data inside a local office, a router decides how to move data across the world from one network to another.

1. What is a Router?

Launch Routing Sim

A router is a Layer 3 (Network) device that connects two or more different networks. It acts as the "Traffic Controller" of the internet, reading IP addresses to decide where to send a packet next.

βš–οΈ Routing vs Switching

Switches connect devices inside a network (using MAC addresses).
Routers connect different networks together (using IP addresses).

2. The Default Gateway

Think of the Default Gateway as the Exit Door of your network. If your computer wants to send data to an IP that is not on your local subnet, it sends it to the Default Gateway.

C:\> ipconfig
IPv4 Address. . . . . : 192.168.1.15
Subnet Mask . . . . . : 255.255.255.0
Default Gateway . . . : 192.168.1.1

πŸ›‘οΈ Attack Relevance

If an attacker can impersonate the Default Gateway (via ARP Spoofing), they can intercept and modify all outbound internet traffic from a target machine.

3. The Routing Table

Every router (and even your PC) maintains a routing tableβ€”a map of where to send data based on the destination IP address.

root@kali:~# route -n
Destination Gateway Genmask Flags Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG eth0
192.168.1.0 0.0.0.0 255.255.255.0 U eth0

The entry 0.0.0.0 is the Default Route. It basically says: "If the destination isn't local, send it to the gateway."

4. Static vs Dynamic Routing

How do routing tables get populated? There are two main methods:

  • Static Routing: An administrator manually types the routes. Secure and simple, but doesn't scale for the whole internet.
  • Dynamic Routing: Routers talk to each other using protocols (like OSPF, BGP, or RIP) to automatically find the fastest paths.

⚠️ BGP Hijacking

The entire internet runs on BGP (Border Gateway Protocol). If a malicious entity announces fake routes, they can "hijack" traffic meant for services like Google, redirecting it to their own servers.

5. Understanding NAT

Launch NAT Visualizer

Network Address Translation (NAT) allows thousands of devices on a private network (like 192.168.x.x) to share a single public IP address provided by an ISP.

192.168.1.5 Private IP (Internal)
⟢ [NAT GATEWAY] ⟢
203.0.113.42 Public IP (External)

πŸ’€ Attacker Perspective: The NAT Shield

NAT acts as a basic one-way firewall. It's easy for internal devices to connect "out," but very hard for an internet attacker to connect "in" unless Port Forwarding is specifically configured.

πŸ“Œ Module Recap

  • Routers are the traffic directors of the internet (Layer 3).
  • The Default Gateway is your route to the internet.
  • Routing Tables map IP destinations to physical interfaces.
  • NAT saves IPv4 space by translating private IPs to one public IP.
← Previous Module
Next: Network Devices
Next Module β†’