logo
background
 Home and Links
 Your PC and Security
 Server NAS
 Wargames
 Astronomy
 PhotoStory
 DVD making
 Raspberry Pi
 PIC projects
 Other projects
 Next >>

Understanding your Router

Router basics
Note that not all Routers operate in the same way. The main differences are how much control the user has over the DHCP settings and how the WiFi <> Ethernet (wired) 'routing' works (or doesn't)

If you have a BT Home Hub you might want to 'look away now to avoid disappointment'. Your Router is a 'customised' version of a standard** commercial unit. BT install their own firmware for 'FON' / 'Open Zone' Hot Spot network service (as well as allowing 'live updates' to your Router firmware) and to prevent 'uniformed' users changing any of the 'vital' settings (and thus generating high volumes of support calls).

This 'broke' the 'normal' IP address / sub-net network WiFi <> wired routing operation. As a result, Home Hub users will discover that one thing their Router does NOT do is work anything like 'as described below' (they usually find this out after wasting hours trying to print from their desktop wired PC to their WiFi connected Printer - or the reverse).

**Various ex-BT customers became so annoyed that their Home Hubs were 'locked' to BT (and refused to operate with any other ISP) that they tracked down the original commercial firmware (at least for the Home Hub Ver 2A = Thompson TG587n (see here, as opposed to the Ver 2B Gigaset (now Sagem Communications) unit, however see here) and worked out how to 'unlock' the hub and restore full functionality to the router.

How do networked computers communicate ?

Computers communicate with each other using data 'packets' that are sent from one (the 'source') to the other (the 'destination').

Every network interface card (NIC) that is manufactured has a serial number called a 'MAC Address'. These can be used by computers that are wired together to identify one another. To avoid the need for computers to maintain lists of MAC addresses, a more efficient system, known as IP Addressing, is used when local computers need to communicate to those that are 'off site' (i.e. on the Internet).

MAC addresses are used by 'DOS networking' (NetBEUI/NetBIOS) which allows 'mapped' drives and file transfers (but not much else). Since you need IP for Internet / WiFi communication, DOS networking is just an extra vulnerability which is why I recommend you disable it (in TCP/IP Properties, Advanced, WINS tab, select "Disable NetBIOS over TCP/IP") - see my How to secure your Home network page.

If you wanted to really hide your Server/NAS, you could disable TCP/IP, remove it's IP Address and use 'DOS networking' (NetBEUI/NetBIOS) for all your back-ups and file archiving, especially as today's average 'script kiddie' won't have a clue = however, even for me that's just a step too far :-)

How does a computer obtain an IP Address ?

You can enter one manually, however, more usually, each time a computer is turned on, it obtains an IP address using a process called 'DHCP' (Dynamic Host Control Protocol) from a 'DHCP server'.

Whilst another computer can act as a DHCP 'server', handing out IP addresses, this job is usually done by your ADSL WiFi Router.

How does a computer 'reach' the Internet ?

At the same time as getting an IP address, a computer is also given a 'Default Gateway' address. It uses this when it wants to reach other computers that are not in it's own local 'group'. It's local group is defined by the 'Subnet Mask' (which it also gets at the same time as it's IP and Gateway addresses).

Your Router is typically your 'path' to the Internet - so when it hands out an IP address (so your computer can be identified), it hands out it's own IP address as the 'Default Gateway'.

Your Router will have at least 2 IP addresses, a 'private' and a 'public' address. The private one is the one your local computers can 'see' (i.e. the 'Default Gateway'). The one that the Router uses on the Internet is it's 'Public' address

Where does the Router get it's 'Public' IP Address form ?

After booting up & connecting to ADSL (phone / cable), your Router gets an IP address from your Internet Service Provider (ISP)

This is the Routers PUBLIC address i.e. the address the Router will use on the ADSL (phone) to 'talk' to the Internet. This address is where web site servers will send all the web pages that your computer asks for (the Router them passes the web page onto the computer that asked for it using a process known as Network Address Translation or 'NAT', of which more later). Your own computers will never 'see' the Public address since they are all on the 'private' side of the Router.

There was a time when ISP's would 'issue' any old IP address that happened to be available when your Router 'logged on'. These days your ISP 'assigns' you an IP address and will always issue that address to your Router. This is known as a 'static IP' and allows you to be 'identified' to the ISP local town 'exchange' by web sites (this is how sites such as BBC iPlayer enforce their 'UK only' policy and how Forums can 'ban' you by IP address)

What's your Router's Public Address Subnet Mask ?

Always 255.255.255.255 = this means the Router only accepts data packets from the ISP (i.e. the Internet) that are addressed directly to it

As we will see later, a different Subnet Mask is used on the Private side to allow the Router to accept data intended for other computers and 'pass it on' (i.e. 'route' the data)

What are the DNS Address and Alternate DNS Address ?

A DNS Server is simply a 'trusted' computer that has a list of 'named' web sites and their known IP address (so it knows, for example, that "www.google.com" is 64.233.169.147). The addresses of two DNS Servers are given to your Router by your ISP so that the Router 'knows' where to find the addresses of 'named' web sites.

Typically the DNS Addresses your ISP issues will actually be that of the ISP's own DNS Servers, rather than some public DNS Servers. Should these computers ever get turned off (eg for maintenance etc.) you will get the dreaded '404 DNS Error'

If your ISP's DNS Servers are slow or unreliable, you may wish to 'override' the ISP's choice with your own (many people use 8.8.8.8 and 8.8.4.4 = Google's public DNS Servers)

Many Routers will 'pass on' the DNS addresses issued by the ISP to your 'local' computers via DHCP, although sometimes your compueters will be given a DNS Address equal to the Routers local address (i.e. the same as the Default Gateway address). This allows your router to act as a 'DNS Cache' i.e. keep a record of the sites you have visited in the past so you can reach then faster next time (without having to ask the ISP's DNS Servers every time). The disadvantage of this is that should criminals get access to your Router they can 're-direct' your attempt to access e.g. 'www.paypal.com' to their own 'fake' PayPal site which will then ask for your log-in details (see also 'phishing')

What are the Routers private/local IP settings ?

The private IP addresses used by the Router on your local network (or LAN) are typically configured by yourself

All Routers will have 'default' settings. If you wish to secure your local network, NEVER use the 'default' settings (the settings you choose will depend on the level of 'threat' you face from your kids & their 'wannabee hacker' friends)

What is the Routers own local IP address ?

You can choose this manually, however most people simply leave it set to the 'out of box default' (typically 192.168.0.1 or 192.168.1.1).

Note. By custom, a Gateway Address ends in '.1', so Gateway default is typically nnn.nnn.nnn.1. This is well known - so, to make your network more secure (see later), you should always use an address ending in something else :-)

What is the local Subnet Mask ?

This is another user setting. The 'mask' limits what is 'seen' by the Router. When a data packet arrives, the Router compares the 'source' computers IP address against the Routers own IP address whilst IGNORING those 'bits' of the address that are 'masked'. If the remaining bits 'match', the Router accepts the packet. This is explained in more detail below (How is traffic routed ?).

Note. This is typically also the Subnet Mask that the Router issues via DHCP (i.e. you don't get another choice for the DHCP). This is unfortunate because, by definition, it means every computer using DHCP will be able to 'see' every other computer that the Router can 'see'. This is NOT good for security - each computer should only be permitted to 'see' the Router (and perhaps your Server / NAS, of which more later)

How do you set-up the Router DHCP (Dynamic Host Control Protocol) ?

DHCP is a system that allows a 'server computer' to issue IP addresses to any other computer that 'asks' for one. If you 'Enable' the Routers DHCP Service, by default, it will send IP settings to any computer that asks.

In addition to 'Enable' and 'Disable', some Routers will have a 'Relay (Agent)' option. This means that instead of issuing IP addresses itself, it will relay (pass on) the request to some other computer which you specify (as a DHCP Server)

How does the DHCP Relay work ?
When you enable the DHCP Relay Agent option, you enter the IP address of your DHCP Server. This address does NOT have to be on the Local Subnet. The advantage is that you can make your network even more secure (or even create a DOMAIN, and thus control User Accounts and Passwords) BUT the computer you use as the 'DHCP Server' must always be running (since an IP address could be requested at any time)

What's the Gateway Address ?

This is the address that will be issued by the Routers DHCP service as the 'Default Gateway' i.e. the address that your computers will use to reach the Internet.

Many Routers do not allow you to set anything other than the Routers own private local LAN IP address (so computers using the Router for DHCP are forced to use it for Internet access as well)

What's the DHCP Start IP Address ?

This allows you to define the first IP address issued by the DHCP service

Unless you use MAC / IP Address 'locking' / 'binding', IP addresses will usually be issued sequentially from the 'Start Address' on a 'first come first served' basis

What's the IP 'pool count' / DHCP IP 'range' ?

You can usually tell the Router how many IP addresses it is allowed to issue. The Router keeps track of the addresses it has issued and typically hands them out in ascending order (so the first computer to ask gets 'Start IP', the second gets 'Start IP+1' and so on).

What are the non-configurable DHCP 'options' ?

A1) The Subnet mask. Most Routers use the same Subnet Mask you specify for the Routers own private IP address (= see above)

This can be a real pain because it means you can't use the Router DHCP to limit computers to a range 'less than' the Routers own Subnet. i.e. all computers using Router DHCP can 'see' everything that the Router can see.

A2) The DNS Address and alternate DNS address. These are addresses that the Router gets from the ISP during it's own 'public' IP setup.

You can override the DNS Addresses by setting them manually in a computers TCP/IP settings, whilst continuing to use DHCP to fetch the IP/Subnet/Default Gateway address

How do you limit DHCP using "IP MAC Binding" ?

To improve security, most Routers allow you to use "IP MAC Binding". When obtaining an IP address, a computer is identified by it's 'MAC' (NIC hardware) address. You can enter the MAC address in a list on the Router and specify what IP address that computer will receive. You can also setup the Router so that computers not on the list are ignored.

This can be a reasonable security measure, since computers not on the list won't be able to use DHCP to get their TCP/IP settings. This will make life more difficult for your neighbours kids, but it's not too hard to 'monitor' the WiFi and discover what settings other computers are using and then enter these by hand. It's even possible to discover the MAC address of a 'permitted' computer, kick it off the WiFi and 'pretend' to be that computer by 'spoofing' its MAC addresses.

Since many Routers make it difficult to maintain the list, few home users bother to use this option, but see 'Next >>' below (Securing your Network).

How is traffic 'routed' ? (and what does the Subnet Mask do ?)

All TCP/IP (WiFi, Ethernet) traffic consists of data 'packets' sent by one computer (the 'source') to another (the 'destination').

When an application on YOUR computer wants to reach another computer (eg to fetch web pages) it sends a packet to that computer's IP address (if necessary, it first looks up the web computers IP by asking the DNS servers).

When the packet is passed to the Ethernet driver on your PC, it first checks the destination IP address by comparing the destination to it's own address using the Subnet mask. If this reveals that the destination is 'within' the local network (i.e. the masked address bits match) then the packet is simply sent straight out.

If the masked addresses do not match, then the destination IP is NOT within the local network. The packet is thus 'modified' before being sent out. The original destination address (call it X) is replaced with the Gateway Address and a 'please pass this onto address X' request is added to the front of the packet which is then sent out

OK, none of this (or anything below) is 'strictly' true, HOWEVER it does explain what's going on at the Router !

What happens when a packet arrives at the Router ?

The Router uses it's local LAN Subnet mask to make a comparison between it's own address and the destination IP.

a1) If the (masked) addresses don't match, the packet is simply ignored
a2) If the (masked) addresses match, the packet is accepted and the destination IP address checked further :-

1) If the destination is the Router itself (i.e. it was addressed to the Gateway), the Router will find the 'please pass this onto address X' and use a process known as 'NAT' (Network Address Translation) and 'pass on' the packet, as requested, to the Internet

NAT first makes a note of the Source computers address, then it swaps the Source in the packet to the Routers own (Public) IP address, changes the Destination to the X address (from the 'please pass this onto X' bit of the packet) and finally adds a 'tag' that allows it to route any response back to the original Source computer

2) All other packets are routed (or 'switched') onto the Routers own local ports. Which port the Router chooses depends on which port that destination IP was last 'seen' on. If the destination IP has not been seen previously, the Router will try 'all' the ports (possibly all at the same time) and make a note which one (if any) accepts the packet

Note that the Router typically does nothing if the packet is not delivered (the source computer will be waiting for a response from the destination computer to say 'packet accepted' .. if that does not arrive within some time-out period, the source computer will take further action eg. resend or report 'unreachable' etc).

Exactly how does a Subnet Mask 'work' ?

To work out if a destination IP address is 'in the subnet', the TCP/IP driver COMPARES the destination IP with it's own IP. The Subnet mask is used to select which parts (bits) of the IP address take place in the comparison.

The comparison is a 'binary' one (i.e. both the IP addresses and the Mask are reduced to binary). A '1' in the Mask means 'these bits must match', a '0' means 'these bits are ignored'.

A typical Subnet mask is 255.255.255.0. That means the first 3 parts of the IP must totally match, but the whole of the last part is ignored. So if the computers own IP is, say, 192.168.1.2, then ALL computers with an address of 192.168.1.x (i.e. up to 256 computers with addresses in the range 192.168.1.0 to 192.169.1.255) will be in that Subnet (and thus able to 'see' each other).

By using a 'mask' that differs from 255.255.255.0 you can restrict the 'range' of addresses that your computer can 'see'. Using 255.255.255.255 means your computer can only 'see itself' (and is thus unable to 'reach' any other computer, not even the Gateway). If you computer is 192.168.1.2 and the Gateway is 192.168.1.1 and you ONLY want that computer to 'see' it's own address and the Gateway, then set a mask of 255.255.255.252.

I go into this in more detail in 'Securing your Network' (see 'Next >>')

What's making my Internet so slow ?

For a good overview of how ADSL works and some tips on improving performance, see here

Your Router 'negotiates' with your ISP for the 'best possible' speed over the ancient BT phone wires. If the wires are a bit noisy when the router is turned on (eg it's raining or you are making a phone call on the same line) you may get a very low speed. Further, most modern Routers can 'respond' to 'noise' by 'blocking out' part of the frequency range in use and dropping the speed - so, as time goes on, your internet connection can 'deteriorate'.

It's thus a 'very good idea' to have your Router 'drop connection' and reconnect every day at say, 4am = (at that time the lines should be nice & quite thus allowing the Router to start at 'maximum' speed again)

At the same time, your ISP will be attempting to 'maximise' overall performance & minimise errors, so you may find your Router has it's connection 'dropped' by your ISP every night anyway

The result of all this negotiation means that SOMETIMES your Router / ISP gets 'upset' about 'noise' on the connection and drops your speed to a very low value

This can also happen if you keep turning off your Router (the ISP sees a 'dead' line so allocates minimal bandwidth to it) or if you leave your router 'on for ever' (it can get confused by the inevitable bit of random 'noise' on the line and, as all these occasional errors build up, it can start dropping it's speed in an effort to 'improve the average')

If your ADSL Router is operating in ADSL2+ mode, in theory you can get 'up to' 24mbs. If it's in 'basic' ADSL = G.DMT mode, the limit is 8mbs. However, you should be aware that ADSL2+ mode is more 'fragile' (as you will see from the 'noise margin') .. so if the expected speed in your postcode area is less than 8mbs, you are typically better off sticking to G.DMT mode

ADSL2+ is better at 'auto-correcting' errors. So you will have fewer 'uncorrected blocks', which, on a noisy line, can make a big difference to how long you have to wait for a web page to display (or file to download)

Finally, many Routers can quickly 'fill up' with dropped NAT & DNS cache etc. addresses - and searching these tables can also slow down your Internet connection 'latency' times

My recommendation is to power-cycle (or remotely 'reset') your router at least once a week - and check the manufacturers web site for new firmware every 6 months ..

What's all that 'crackling' on the phone line ?

If you pick up the phone and hear 'crackling' on the line (or your Internet keeps dropping out), chances are that there is a loose connection between you and the Exchange - or a 'broken' component in the Master Socket or in the 'ADSL Splitter' - or you still have the ancient 'Bell wire' connected :-)

Note in particular that the 'surge protector' in the BT 'Master' socket (a glass 'spark gap' device with metal end-caps, designed to protect your telephone equipment from voltage 'spikes' caused eg by engineers rewiring your line) can 'break down' at the higher frequencies used by ADSL, thus 'killing' your Internet bandwidth

The 'Bell wire' is required so that ancient 'pulse dial' phones can 'ring' and should be disconnected if you want a decent Internet speed. After disconnecting the bell wire (at the master socket), if your 'modern' phone refuses to ring, throw it away (or get a special '4 wire' ADSL filter)

If you are getting an Internet speed of 2 mbs (or even less) and the 'average' for your postcode is the typical 4-5 mbs, disconnecting the Bell wire can more than double your Internet speed (i.e. to the 5mbs average) !

How is my phone line 'wired' ?

ImageImage Your 'phone-line', from the Telephone Exchange, consists of two wires only ('A' @0v & 'B' @-50v). This pair arrives at your 'BT Master Socket' (pins 2 (B) & 5 (A)) where a 'surge protector' is wired across them. A 1uF-2uF capacitor is connected to the 'B' wire, and thence to the phone socket pin 3 (to create the 'bell wire'). In older systems a 470k 'test' resistor was connected between pins 3 & 5 of the Master socket

Your 6pin 'phone socket' thus has 3 used pins (pins 2 & 5 = the B & A 'line wires', plus pin 3 = the 'bell' wire). On some 6pin phone sockets / plugs only the central 4 pins are present (i.e. the actual connectors for pins 1 and 6 are left out altogether).

The Bell wire is responsible for killing your Internet connection by 'injecting' noise, picked up on the often unterminated (i.e. unused & left 'floating') bell wire pin 3, via the bell capacitor into the B (pin 2) line & via the test resistor into the A (pin 5) line wire

In more 'modern' BT Master sockets, an inductor is added in series with the capacitor in an effort to cut down on bell wire interference (& the resistor is removed). However, plainly the best way to eliminate the bell wire interference is to disconnect it (a 'bell wire' is only required for ancient 'pulse dial' telephones, where it's wired to the 'ring' solenoid).

You are 'not permitted' to modify your BT 'master' socket which remains their property and could result in prosecution for 'criminal damage'. I thus recommend that you purchase a 3rd party replacement 'master socket' faceplate (about £5 on eBay) and modify that by removing** the capacitor (and resistor, if present) & then replace the BT front plate with your own. On moving house, or in the event you have to arrange a 'BT Engineer' visit (unlikely, since your Internet will now be working just fine), you just swap the plates back again

** cutting the track to pin 3 may eliminate the 'injected noise' but your phone line will still have 2 components, the bell capacitor and the test resistor, wired directly across the wires. In addition to 'loading' the line, these can still reduce it's frequency response.

How does an ADSL 'splitter' / 'micro-filter' work ?

In a 'splitter', the 2 incoming 'line wires' (on pins 2 & 5) are connected directly to the 2 center pins of the 'ADSL' socket (the other ADSL pins, two on each side of center, are 'no connect' and often left out altogether). The incoming 'bell' wire on 3 is connected directly to the Phone socket pin 3, however a low pass (high block) filter isolates the Phone socket 2 & 5 from the incoming line wires.

The 'filter' typically consists of a series of in-line inductors & cross-line capacitors, although some 'active' filters are starting to appear (see, for example, ADSL Nation XTF-68 / XTF-85 full wall socket)

The line wires are thus wired direct to the ADSL Router which thus has access to the 'full bandwidth' available on the line. To achieve higher Internet speeds, the higher frequencies have to be used .. however these are the ones that are most 'attenuated' by the length of wire between you and the telephone exchange. Of course, an ADSL Router avoids using the low frequencies (below 3.4 kHz) which are 'reserved' for voice calls on your telephone.

One way to discover how 'efficient' your 'splitter' is (working or not) is to pick up the phone whilst you are using the Internet .. the more 'tweedle dweedle' tones you can hear, the less efficient your filter is. Of course, if your internet 'crashes' every time you use the phone, it's a good indication that the 'splitter' has failed completely !

Modern 'Master' sockets have a face-plate with a build-in 'splitter' = this is indicated by separate 'Phone' and 'ADSL' sockets. To test if this has failed, you unplug the faceplate from the 'wall' socket and plug a 'splitter' into the 'wall' socket instead. You then move your ADSL cable to the ADSL socket on the 'splitter' (if you want to keep your extension phones working, plug the faceplate with the extension telephone wires into the 'phone' socket of the splitter). If this makes a major improvement, get a new faceplate

What effect does a 'noisy' Internet connection have on Skype (video) communication ?

Your ADSL Router uses the 'low frequencies' for 'uploading' and the higher frequencies for 'downloading'. Your 'upload' speed is more or less fixed (typically 300kbs to 1mbs [1mbs is the ADSL2+ limit]) no matter what your 'download' speed. If your Internet connection is 'poor' i.e. subject to noisy interference, the higher frequencies will suffer most. So the person you are connected to may see you 'perfectly' (because your 'sending' is working just fine) whilst you see them 'all broken up' (as your 'receiving' suffers from noise)

Next page :- eMail security

[top]