How do I find out what IP address a user or client came from?

Some Unix/Linux utilities show this by default: Linux "w" displays the hostname that users logged in from, as does "who". Other systems may divulge this with a special flag: SCO uses "w -x" on more modern versions of its OS. Mac OS X shows it in its Networking Preference applet. But in all cases, you can get it with a script.

Parse the output with "sed" or whatever if you just need the address. For example:


# Ubuntu 12.04
$ who am i
pcunix  pts/1  2013-06-18 20:14 (pool-173-76-240-38:S.0)
$ who am i|awk '{ print $5}'
(pool-173-76-240-38:S.0)
 

That's a hostname, though, not an IP.


# Ubuntu 12.04
$ last -i
pcunix   pts/2        173.76.240.38    Sat Jul 13 09:40 - 10:11  (00:31)    
pcunix   pts/0        173.76.240.38    Sat Jul 13 05:35   still logged in   
pcunix   pts/2        173.76.240.38    Fri Jul 12 18:20 - 09:40  (15:19)    

wtmp begins Mon Jul  1 12:01:04 2013
 

Or:

# last -i | grep "still logged" | awk '{ print $1 " " $3 }'
pcunix 173.76.240.38
 

A more complicated script can use "who am i" and then grep the appropriate line from "last -i" to get the IP.

Check the Linux man and info pages to see if a command can be persuaded to give you what you want.

I could use a simple Perl script on my old BSD web server (where I was the only logged in user):

#!/usr/bin/perl
open(N,"/usr/bin/netstat -an |");
while (<N>) {
 next if not /ESTABLISHED/;
# webserver address at the time, not now
 next if not /64.226.42.29.22/;
 s/  */ /g;
 @a=split / /;
 $_=$a[4];
 s/\.[0-9][0-9]*$//;
 print;
 exit 0;
 }
 

I could have also fished it out of "w" and used gethostbyname . But on that BSD box, "w" truncates the host name if it is long:

10:21AM  up 25 days,  6:32, 1 user, load averages: 0.59, 0.67, 0.70
USER             TTY      FROM              LOGIN@  IDLE WHAT
pcunix           p0       h00c0f05badf1.ne  9:26AM     - w
 

Fortunately, "who am i" is just what I wanted:

pcunix           ttyp0   Jun  3 09:26   (65.96.9.237)
 

Also see Determining clients IP address by service and PID for some code that uses lsof to extract the ip of any client connected to a service.

Here's an example taken from a news post:

From: "Brian K. White" <[email protected]>
Organization: Aljex Software
Newsgroups: comp.unix.sco.misc
Subject: Re: How can I get the IP address of the a telnet terminal (UW7)?
Date: Fri, 08 Dec 2000 23:51:17 GMT

... content trimmed 

just for the heck of it, here is a Linux version too.
I alreeady had it worked out in a script intended to be run on either
platform without editing


PORT_ID=`who -m |awk '{print $6}' |sed "s/^(// ; s/)$//"`


script is:

$ cat /usr/local/bin/tellip

#!/bin/sh
#
#spits out an IP or Hostname of the terminal that ran it
#used in scripts to determine non-static addresses
#
#can be run on SCO or Linux
#
# Brian K White - Aljex - [email protected]

case `uname -s` in
  Linux) who -m |awk '{print $6}' |sed "s/^(// ; s/)$//" ;;
  SCO_SV) who -mx |awk '{print $6}' ;;
esac

I use it in various scripts to grab the users current IP so I can
print/ftp/whatever to them even though their address is non-static, and in
some cases for a server to figure out it's current address when the server
itself is not initiating the connection. For instance, when the non-static
connection is raised on demand by a router, and the server is really just
another client machine on the lan, except the router is programmed to
forward the common services from the WAN to the server. In such a case,
the server doesn't know it's own public IP, but since it can browse the
internet at will, it can contact an outside linux or sco machine (that has
a static address) which will have a script with `tellip` embedded in it
and can thus keep a web page updated that has links back to the first
machine.

-- 
Brian K. White                   http://www.squonk.net/users/linut
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[~ezentity_gt+ezentity_lt~---]>++.
filePro BBx  Linux SCO  Prosper/FACTS AutoCAD  #callahans Satriani

SCO Unix

In SCO OSR5, there are options to who, w, last, and finger which provide this information. In a program, you can fetch this information from /etc/utmpx for the appropriate definitions.

The farther back you go through older versions, the less likely you are to find this sort of information.

Current versions have these options as summarized by Bela Lubkin:

Many OpenServer Release 5 utilities can show you the host name; they just don't do so by default:


  • who -x (hostname truncated)
  • who -xu (full length)
  • who -mxu (full length; this tty)
  • w -x [user ...] (truncated)
  • w -X [user ...] (full length; 5.0.4 and later)
  • finger [-s user ...] (truncated)
  • finger -l [user ...] (full length)
  • last -W /etc/wtmpx [user] (truncated; login history)
  • last -W /etc/utmpx [user] (truncated; current)
  • last -H hostname [user] (history for "hostname", use full name even though output will be truncated)

John Dubois has an "oanwho" script for OSR5 described more fully at <[email protected]>.

If the address can't be resolved with DNS, these utilities will give you the ip address. There are times when you want the IP address and not the FQDN. That can sometimes be difficult: you can pass the name to "dig" and parse the output, or perhaps fish it out of "netstat -an" in some limited cases where it is easy to programatically find it.

Windows

I'm sure you can clobber something out of netstat, and don't forget that you can run Services for Unix or Cygwin.

Simple stuff like:

netstat -n | find ":3389" | find "ESTABLISHED"
 

works; see Listing Users using RDP for some Powershell code.

How to get a user's client IP address in ASP.NET?

Apache has the remote IP in $ENV{'REMOTE_ADDR'} if you are doing webserver scripts in Perl; it's $_SERVER['REMOTE_ADDR'] in PHP See How to get Client IP address in PHP? for comments on HTTP_X_FORWARDED_FOR.

Warning: it's not hard to misconfigure some routers to mis-report the connecting machine's ip. See Misconfigured router causes open SMTP relay.

Mac OS X

ifconfig | grep 'broadcast' | awk '{print $2}'
 

If you want to do it with (ughh!) Applescript, see Getting IP Address in OS X.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> How do I find out what IP address a user or client came from?


4 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Mon Mar 28 11:27:15 2005: 240   anonymous


g sf errrr 6 �op&#9834;}



Thu Jul 22 06:01:01 2010: 8845   jai

gravatar


bash-3.00$ finger -l
Login name: test1
Directory: /home/test1 Shell: /usr/bin/ksh
On since Jul 22 11:48:16 on pts/0, 33 minutes Idle Time
from intense-895645e
On since Jul 22 11:48:22 on pts/1, 33 minutes Idle Time
from 192.168.5.165:0.0
No Plan.

Login name: test3
Directory: /home/test3 Shell: /usr/bin/ksh
On since Jul 22 11:57:31 on pts/2
from 192.168.5.178
No Plan.

Login name: root
Directory: / Shell: /usr/bin/ksh
On since Jul 21 12:38:04 on pts/3, 23 hours Idle Time
from 192.168.1.43
No Plan.

Login name: uniserve
Directory: /home/uniserve Shell: /usr/bin/ksh
On since Jul 21 13:52:34 on pts/5, 22 hours Idle Time
from 192.168.1.137
On since Jul 21 14:44:00 on pts/6, 21 hours Idle Time
from 192.168.1.137
No Plan.
=============================================

Its really fantastic thanks a lot....i felt very happy about this....
also who -X also give the IP address thankyou....
jai.......



Wed Nov 13 16:45:31 2013: 12363   anonymous

gravatar


How can i connect two pc that have a different ip address with a cross cable? one is linux and other is unix.
Linux have this ipaddress 10.5.8.48, and unix pc have 10.5.37.68

thanks a lot



Wed Nov 13 17:38:42 2013: 12364   TonyLawrence

gravatar


For those two to talk to each other, you'd need a 255.255.0.0 subnet mask.

------------------------
Kerio Samepage


Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





FORTRAN—the "infantile disorder"—, by now nearly 20 years old, is hopelessly inadequate for whatever computer application you have in mind today: it is now too clumsy, too risky, and too expensive to use. (Edsger W. Dijkstra)

When someone says: "I want a programming language in which I need only say what I wish done", give him a lollipop. (Alan J. Perlis)








This post tagged:

FAQ