Code,FAQ,Linux,Perl,Scripting,Windows
How do I find out what IP address a user or client came from?
Some Unix/Linux utilities show this by default: Linux "w" displays the hostname that users logged in from, as does "who". Other systems may divulge this with a special flag: SCO uses "w -x" on more modern versions of its OS.
Parse the output with "sed" or whatever if you just need the address. For example:
That's a hostname, though, not an IP.
Or:
A more complicated script can use "who am i" and then grep the appropriate line from "last -i" to get the IP.
Check the Linux man and info pages to see if a command can be persuaded to give you what you want.
I could use a simple Perl script on my old BSD web
server (where I was the only logged in user):
I could have also fished it out of "w" and used gethostbyname .
But on that BSD box, "w" truncates the host name if it is long:
Fortunately, "who am i" is just what I wanted:
Also see Determining clients IP address by service and PID for some code that uses lsof to extract the ip of any client connected to a service.
Here's an example taken from a news post:
SCO Unix
In SCO OSR5, there are options to who, w, last, and finger which provide this information. In a program, you can fetch this information from /etc/utmpx for the appropriate definitions.
The farther
back you go through older versions, the less likely you are to find
this sort of information.
Current versions have these options as summarized by Bela
Lubkin:
Many OpenServer Release 5 utilities can show you the host name;
they just don't do so by default:
who -x (hostname truncated)
who -xu (full length)
who -mxu (full length; this tty)
w -x [user ...] (truncated)
w -X [user ...] (full length; 5.0.4 and later)
finger [-s user ...] (truncated)
finger -l [user ...] (full length)
last -W /etc/wtmpx [user] (truncated; login history)
last -W /etc/utmpx [user] (truncated; current)
last -H hostname [user] (history for "hostname", use full name
even though output will be truncated)
John Dubois has an "oanwho" script for OSR5 described more fully
at <36B97730.DE0F385F@ilion.nl>.
If the address can't be resolved with DNS, these utilities will
give you the ip address. There are times when you want the IP
address and not the FQDN. That can sometimes be difficult: you can
pass the name to "dig" and parse the output, or perhaps fish it out
of "netstat -an" in some limited cases where it is easy to
programatically find it.
Windows
I'm sure you can clobber something out of netstat, and don't forget that you can run Services for Unix or Cygwin.
Simple stuff like:
works; see Listing Users using RDP for some Powershell code.
How to get a user's client IP address in ASP.NET?"
Apache has the remote IP in $ENV{'REMOTE_ADDR'} if you are doing webserver scripts in Perl; it's $_SERVER['REMOTE_ADDR'] in PHP See How to get Client IP address in PHP? for comments on HTTP_X_FORWARDED_FOR.
Warning: it's not hard to misconfigure some routers to mis-report the connecting machine's ip. See http://aplawrence.com/Kerio/open_relay_from_router.html.
Comments: Click Here.
Want to showcase your product to our audience? Check our advertising options.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.
I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you
to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. If you have any question, please do feel free to contact me.
-
Samepage - Redefining how people create and share information
-
Kerio Mail Server, Firewall and more