1

Router B (192.168.1.1) is plugged in to router A (192.168.0.1) via an Ethernet cable. Laptop A (192.168.1.101) is connected via wireless to B.

Now, if I ping a Windows VM (192.168.1.18) that is also connected to B, I understand that this will not go to the default gateway as they are on the same subnet. However, if I then ping a Raspberry Pi (192.168.0.11), this should then go to the default gateway (192.168.1.1)?

When I have Wireshark open, with the filter

ip.src == 192.168.1.101 && ip.dst == 192.168.1.1

Nothing shows up, and I obviously have some wrong thinking going on here, but why is the ICMP message not shown to me within Wireshark?

What I am expecting to happen, is I ping from 192.168.1.101 to 192.168.0.11, this is on a different subnet, so it is sent to the DG (192.168.1.1) and is then passed to router A (192.168.0.1) which will then pass it to the raspberry pi (192.168.0.11)...

Here is a simple diagram. enter image description here

Router B is a cheap TPLink router, with no special configuration connected by a single ethernet cable to router A (Virgin superhub). Router A goes to the internet. I suppose the question is, how does Laptop A communicate with with the raspberry pi, without appearing to go through the router 192.168.1.1 (nothing showing in Wireshark)

Improve this question
2
  • 1
    The destination address in the IP packet is not changed (except by NAT). The packet goes unchanged through the router, so change your Wireshark filter accordingly.
    – Johan Myréen
    Commented Mar 4, 2018 at 18:14
  • How are you physically connected to this topology? If you are using wireless to capture this traffic from router-b there should be no issue, because the media your capturing from will be a shared one (the air). If you have this plugged in via Ethernet, all modern consumer grade routers have a built in switch, which shouldn't be leaking unicast packets to any other port. To capture like that you would need a hub (layer 1) device in-between the end station and router, and you would plug in off of the hub port to capture.
    – Tim_Stewart
    Commented Mar 4, 2018 at 18:23

2 Answers 2

Reset to default
1

IP packets always (well, in an ideal world anyway) have the original sender and the actual recipient set. These values never change. So if the traffic is directed to 192.168.0.11, it will have ip.dst set to 192.168.0.11.

Traffic is directed to the next hop by setting the appropriate MAC address on packets.

Improve this answer
1
  • 1
    The orange link might be an exception to "original sender", if router B has SNAT enabled and OP forgot to disable it.
    – grawity_u1686
    Commented Mar 4, 2018 at 19:03
0

What you have here is basically an Ethernet/IP network (wifi is not ethernet, but is similar enough). Layer 2 is Ethernet, and layer 3 is IP.

On the wire, there are Ethernet packets with ethernet addresses (MACs) containing IP packets with IP addresses. Ethernet is typically used within a single subnet (e.g. 192.168.0.*) and multiple ethernet sub-networks are joined via routers into bigger IP networks.

When your computer sends an IP packet, it look into its routing table to choose where to send it. If it is in the local network (route without gateway), it will find the Ethernet (MAC) address of the destination (via ARP). The IP packet with the source IP address and destination IP address will be put in an Ethernet frame with source and destination Ethernet addresses of your computer and the destination.

If the routing table specifies a route with a gateway (either default or a subnet route), it will look for the Ethernet address of the gateway (not destination) and once again, the IP packet with its source and destination IPs will be sent inside an Ethernet frame with source Ethernet IP of your computer and destination Ethernet address not of destination computer, but of the gateway. The gateway will receive the Ethernet frame on one of its interfaces, look at the IPs in the IP packet and send it off on another interface, in a method similar to your computer.

A packet that is routed by a pure router will not have its IP information chaged. The router will select a route for the packet in a way similar to your computer, put it inside a new Ethernet frame, with source Ethernet address of the outgoing interface of the gateway and destination Ethernet address of either the destination, or another gateway depending on the route and send it off.

The reason to have ethernet addresses is because ethernet is not a point-to-point wire, but a network of elements joined together by switches, the simpler router equivalent of ethernet layer.

Now, not all networks are ethernet. Your internet uplink is probably not ethernet, and even wifi is not ethernet, but typical simple wifi acts mostly like ethernet, has ethernet-complatible addresses and it can even be bridged in a ethernet-wifi layer 2 hybrid network, e.g. when you use "dumb APs".

Also, your typical home router is not a router, but typically a switch (on the LAN side) mini-computer-like quasi-router that aside from trivial routing also does NAT rewriting of source/destination IP addresses and ports on packets it forwards between LAN and WAN.

It should be apparent by now, that when pinging, you will not see a packet with its destination IP set to that of the gateway, but if you look at ethernet addresses, it should be that of the gateway.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .