How does Windows Recover from “ROUTE /F”?

Posted on

QUESTION :

We all know about the ROUTE /F command in Windows which, according to its documentation:

“Clears the routing tables of all
gateway entries. If this is used in
conjunction with one of the commands,
the tables are cleared prior to
running the command.”

If you notice the careful phrasing, it doesn’t clear the routing table of all entries but rather all gateway entries. Tiny but significant distinction but this is not really what my question is about. My question is about what happens right after reboot:

You issue “ROUTE /F”, you verify via “ROUTE PRINT” that indeed all gateway entries were deleted from the routing table, but then after you reboot, the original routing table is magically restored, as if “ROUTE /F” were never issued.

My question is: How does Windows know where to take these values from? Are they stored somewhere in the registry? If so, where are they stored?

ANSWER :

Is the computer connected to a network with a router? Usually the computer will send out a DHCP query when it activates the network card which will request the Gateway, Subnet, and an IP from the router. Try disconnecting the computer from the network and then run route /F and reboot the machine.

Leave a Reply

Your email address will not be published.