No announcement yet.

Detecting which router is handling WAN traffic

  • Filter
  • Time
  • Show
Clear All
new posts

  • Detecting which router is handling WAN traffic

    For the purpose of minimizing the impact of an internet service outage (a too-often occurrence), a small business has internet accounts with two different service providers and runs a separate modem/router for each. Each router connects to the one firewall box, and the firewall box connects to the server.

    In case one of the internet services goes out, the server is (usually) able to access the internet through the other router...

    As best I can tell, the primary router has a static IP address, and the backup/alternative is on DHCP. I'm not sure why this was done this way or its technical significance, but I do know that as a user, I can ask to report the IP it sees from the requesting program. And I know that depending on which router passed the request, I can get the one static IP address, or one of several others.

    I also know that most of the business software continues to run without trouble even if the server switches from one router to the other; BUT two critical software programs seem to just stop working after such a switch. So in troubleshooting, it is important to know if a router switch has taken place so that it can be handled, or can be eliminated (and then the next possible cause examined).

    SOooo: The goal is to create a small PB utility that will interrogate either or both of the routers to see which one is handling the traffic from the server to the internet.

    While I am reasonably sure this task is possible, I do not know if it makes sense to do this using an external call to a service like or using a more direct API call... (I wouldn't even know which API call to try.)

    So, any guidance and/or direction would be appreciated! Where should I start looking for info on this topic?


  • #2
    TraceRoute to something out on the net. Does not have to be far. Windows version is called tracert, and when run manually is from Command Prompt. When called from a PB program redirect tracert's output to STDIN.

    I would usually think there is a third router using a protocol like "Open Shortest Path First". But in this case I don't. The 1st or 2nd IPs reported by tracert should be one of the two on site routers depending what is plugged into what.


    Last edited by Dale Yarker; 19 Apr 2017, 05:43 PM.


    • #3
      Thanks Dale,

      I've been playing with TraceRt, but it returns IPs that I know are not correct... probably another piece of equipment in the chain that I haven't identified (eg, firewall box?)...

      I'm learning that there are many ways for this information to be obscured or difficult to recognize, let alone verify.

      In fact, at this early stage of my reading, it would seem that the most reliable method would be to send a page request to a known server and parse the results - that my router's external IP address is embedded somewhere in the data returned. I'm not sure yet if this is true, so that's my next avenue of exploration.

      I will continue to experiment, and will post my findings when I am sure I have something reliable.

      Thanks for the suggestion!



      • #4
        ...but it returns IPs that I know are not correct...
        not what you think you want, but not incorrect either. You're seeing the LAN side IP of a MODEM/Router, then the IP of the ISP's router. Not the IP on the WAN side of the MODEM/Router The LAN side of the two MODEM/Routers will be defferent from each other, but on the same network. Maybe something like 192.168.x.y and 192.168.x.z Which path is carrying the data can be determined. If LAN and ISP are using 10.?.?.? IPs, the the netmasks are needed to help figure it out. And a block diagram of which hardware connected to which would be a BIG help.



        • #5
          Thanks for the further explanation Dale, that confirms what I've been theorizing.

          But a diagram! LOL! The "small" in "small business" often means "by the seat of the pants" or "hand to mouth"...
          Fortunately in this situation, "small" means "only a few pieces of hardware"...

          internet/ServiceA ==> RouterA ==> firewall box <== RouterB <== ServiceB/internet
                                           24-port switch
                                           |            |
                                           |            |
                                           V            V
                                         server    thin clients, printers
          I want to check and see what tools SysInternals and NirSoft may have to offer, but I haven't had time to do further experimenting today. May not be able to get back to it till Monday.

          Too much fun and not enough work!



          • #6
            Just another thought. I had NetGear routers that had this availability. The routers had 2 wan ports and you could set the router to have a main wan port then a failover port or you could have the router use both wan ports.
            I want to say it was a netgear 325 pro.
            p purvis


            • #7
              @Paul: that should be the setup on the firewall, as that is the internet outbreak.

              @John: from the PoV of any application, the internet outbreak (gateway) is the firewall. The IP of it should be what's in the machines Gateway TCP/IP settings. The firewall has one of the lines configured as the failover line. If the firewall switches lines - due to whatever reason, it should be visible in it logs. So rather trying to figure out what happens on the router/lines side, I'd take a look at the firewall and figure out what kind of logs it provides and how to access them programmatically.

              You perhaps might need to enable some kind of logging/access to the logs first.


              • #8
                Thanks Knuth, that's an interesting idea, to access the firewall logs... I'll check it out.


                • #9
                  Wonders never cease! I think I'm about to post some code that others may actually find useful! Well, at least I think so, and I certainly hope so!

                  'GetMyExternalIPaddress.bas   by jhm and ajm
                  #Compile Exe
                  #Dim All
                  ' Declares from urlmon.h ======================================================
                  Declare Function URLDownloadToFile Lib "urlmon.dll" Alias "URLDownloadToFileA" (pCaller As Any, szURL As AsciiZ, szFileName As AsciiZ, ByVal dwReserved As Dword, ByVal lpfnCB As Dword) As Long
                  ' End of declares from urlmon.h ===============================================
                  %FALSE = 0 : %TRUE = Not %FALSE
                  Function PBMain () As Long
                     ? GetMyExternalIPaddress("")             ' the whole data set in json-formatted page
                     ? GetMyExternalIPaddress("ip")
                     ? GetMyExternalIPaddress("org")                   '  SOLVES MY ORIGINAL QUESTION!
                     ? GetMyExternalIPaddress("hostname")
                     ? "Done!"
                  End Function
                  Function GetMyExternalIPaddress(ByVal sWhat As String) As String
                     Local lRet, lOldMousePtr As Long
                     Local sPageURL, sDestFile, sTemp As String
                  #If 0
                  'several ways to try it:
                     'sPageURL = ""
                     'sPageURL = ""
                     'sPageURL = ""
                  '   'sPageURL = ""        ' has LOTs of options, requires lots of keyword syntax, requires subscription
                  '   'sPageURL = ""          ' free account allows up to 200 queries per day; didn't download the whole zipfile
                     'sPageURL = ""         ' return is json format, needs parsing:  ip, hostname, city, region, country, loc, org, phone
                     'sPageURL = ""
                     'sPageURL = ""
                     'sPageURL = ""          ' will give Comcast vs Verizon
                     If sWhat = "" Then
                        sPageURL = ""
                        sPageURL = "" & Trim$(sWhat)
                     End If
                     sDestFile = Exe.Path$ & "tempfile.txt"     ' wherever you prefer
                     If IsFile(sDestFile) Then Kill sDestFile
                     MousePtr 11 To lOldMousePtr
                     lRet  = URLDownloadToFile(ByVal 0, ByCopy sPageURL, ByCopy sDestFile, 0, 0)
                     MousePtr lOldMousePtr
                     If lRet <> 0 Then
                        ' handle error
                        Function = GrabFile(sDestFile)
                     End If
                  End Function
                  Function Grabfile(ByVal sFilName As String) As String
                  'quickly grabs the entire content of a file into one string
                     Local lInBuf As Long, qInpLen As Quad
                     Local sTemp As String
                     lInBuf = FreeFile
                     On Error Resume Next
                     Open sFilName For Binary As #lInBuf
                     If Err Then
                        Function = ""
                        Exit Function
                     End If
                     On Error GoTo 0
                     qInpLen = Lof(lInBuf)
                     Get$ #lInBuf, qInpLen, sTemp
                     Close #lInBuf
                     Function = sTemp
                  End Function
                  Have fun!



                  • #10
                    So, what make the above posted code work so nicely is the use of the interface at


                    Rate Limits
                    Free usage of our API is limited to 1,000 API requests per day. If you exceed 1,000 requests in a 24 hour period we'll return a 429 HTTP status code to you. If you need to make more requests or custom data, see our paid plans, which all have soft limits.
                    Terms of Use
                    This is all provided as-is, with no guarantees on availability or accuracy of the results. We'll certainly do our best to make the service highly-available though, and the results accurate. You can use it for any purpose. Attribution is not required, but is appreciated.
                    1000 times per day is way more than I need, so I'm all set.

                    I hope others find this of value!



                    • #11
                      Never tried what you are doing.
                      I have never tried this but most of our Internet systems allow us to access our own URL at the same location.
                      An example is accessing your from inside of the same LAN.
                      Sometimes it does not work and you have to use the hosts file for URL direction to your own ipaddress of the sever in your LAN.
                      You might be able to set up a echo server to return an ipaddress of the wan and just access the echo server.
                      p purvis