APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

How do I find out what IP address a user or client came from?


Some material is very old and may be incorrect today

© July 2013 Anthony Lawrence

Some Unix/Linux utilities show this by default: Linux "w" displays the hostname that users logged in from, as does "who". Other systems may divulge this with a special flag: SCO uses "w -x" on more modern versions of its OS. Mac OS X shows it in its Networking Preference applet. But in all cases, you can get it with a script.

Parse the output with "sed" or whatever if you just need the address. For example:


# Ubuntu 12.04
$ who am i
pcunix  pts/1  2013-06-18 20:14 (pool-173-76-240-38:S.0)
$ who am i|awk '{ print $5}'
(pool-173-76-240-38:S.0)
 

That's a hostname, though, not an IP.


# Ubuntu 12.04
$ last -i
pcunix   pts/2        173.76.240.38    Sat Jul 13 09:40 - 10:11  (00:31)    
pcunix   pts/0        173.76.240.38    Sat Jul 13 05:35   still logged in   
pcunix   pts/2        173.76.240.38    Fri Jul 12 18:20 - 09:40  (15:19)    

wtmp begins Mon Jul  1 12:01:04 2013
 

Or:

# last -i | grep "still logged" | awk '{ print $1 " " $3 }'
pcunix 173.76.240.38
 

A more complicated script can use "who am i" and then grep the appropriate line from "last -i" to get the IP.

Check the Linux man and info pages to see if a command can be persuaded to give you what you want.

I could use a simple Perl script on my old BSD web server (where I was the only logged in user):

#!/usr/bin/perl
open(N,"/usr/bin/netstat -an |");
while (<N>) {
 next if not /ESTABLISHED/;
# webserver address at the time, not now
 next if not /64.226.42.29.22/;
 s/  */ /g;
 @a=split / /;
 $_=$a[4];
 s/\.[0-9][0-9]*$//;
 print;
 exit 0;
 }
 

I could have also fished it out of "w" and used gethostbyname . But on that BSD box, "w" truncates the host name if it is long:

10:21AM  up 25 days,  6:32, 1 user, load averages: 0.59, 0.67, 0.70
USER             TTY      FROM              [email protected]  IDLE WHAT
pcunix           p0       h00c0f05badf1.ne  9:26AM     - w
 

Fortunately, "who am i" is just what I wanted:

pcunix           ttyp0   Jun  3 09:26   (65.96.9.237)
 

Also see Determining clients IP address by service and PID for some code that uses lsof to extract the ip of any client connected to a service.

Here's an example taken from a news post:

From: "Brian K. White" <[email protected]>
Organization: Aljex Software
Newsgroups: comp.unix.sco.misc
Subject: Re: How can I get the IP address of the a telnet terminal (UW7)?
Date: Fri, 08 Dec 2000 23:51:17 GMT

... content trimmed 

just for the heck of it, here is a Linux version too.
I alreeady had it worked out in a script intended to be run on either
platform without editing


PORT_ID=`who -m |awk '{print $6}' |sed "s/^(// ; s/)$//"`


script is:

$ cat /usr/local/bin/tellip

#!/bin/sh
#
#spits out an IP or Hostname of the terminal that ran it
#used in scripts to determine non-static addresses
#
#can be run on SCO or Linux
#
# Brian K White - Aljex - [email protected]

case `uname -s` in
  Linux) who -m |awk '{print $6}' |sed "s/^(// ; s/)$//" ;;
  SCO_SV) who -mx |awk '{print $6}' ;;
esac

I use it in various scripts to grab the users current IP so I can
print/ftp/whatever to them even though their address is non-static, and in
some cases for a server to figure out it's current address when the server
itself is not initiating the connection. For instance, when the non-static
connection is raised on demand by a router, and the server is really just
another client machine on the lan, except the router is programmed to
forward the common services from the WAN to the server. In such a case,
the server doesn't know it's own public IP, but since it can browse the
internet at will, it can contact an outside linux or sco machine (that has
a static address) which will have a script with `tellip` embedded in it
and can thus keep a web page updated that has links back to the first
machine.

-- 
Brian K. White                   http://www.squonk.net/users/linut
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx  Linux SCO  Prosper/FACTS AutoCAD  #callahans Satriani

SCO Unix

In SCO OSR5, there are options to who, w, last, and finger which provide this information. In a program, you can fetch this information from /etc/utmpx for the appropriate definitions.

The farther back you go through older versions, the less likely you are to find this sort of information.

Current versions have these options as summarized by Bela Lubkin:

Many OpenServer Release 5 utilities can show you the host name; they just don't do so by default:



John Dubois has an "oanwho" script for OSR5 described more fully at <[email protected]>.

If the address can't be resolved with DNS, these utilities will give you the ip address. There are times when you want the IP address and not the FQDN. That can sometimes be difficult: you can pass the name to "dig" and parse the output, or perhaps fish it out of "netstat -an" in some limited cases where it is easy to programatically find it.

Windows

I'm sure you can clobber something out of netstat, and don't forget that you can run Services for Unix or Cygwin.

Simple stuff like:

netstat -n | find ":3389" | find "ESTABLISHED"
 

works; see Listing Users using RDP for some Powershell code.

How to get a user's client IP address in ASP.NET?

Apache has the remote IP in $ENV{'REMOTE_ADDR'} if you are doing webserver scripts in Perl; it's $_SERVER['REMOTE_ADDR'] in PHP See How to get Client IP address in PHP? for comments on HTTP_X_FORWARDED_FOR.

Warning: it's not hard to misconfigure some routers to mis-report the connecting machine's ip. See Misconfigured router causes open SMTP relay.

Mac OS X

ifconfig | grep 'broadcast' | awk '{print $2}'
 

If you want to do it with (ughh!) Applescript, see Getting IP Address in OS X.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> How do I find out what IP address a user or client came from?

4 comments


Inexpensive and informative Apple related e-books:

Take Control of IOS 11

Take Control of Apple Mail, Third Edition

Take Control of Numbers

Photos: A Take Control Crash Course

iOS 8: A Take Control Crash Course





More Articles by © Anthony Lawrence







Mon Mar 28 11:27:15 2005: 240   anonymous


g sf errrr 6 Żop&#9834;}



Thu Jul 22 06:01:01 2010: 8845   jai

gravatar


bash-3.00$ finger -l
Login name: test1
Directory: /home/test1 Shell: /usr/bin/ksh
On since Jul 22 11:48:16 on pts/0, 33 minutes Idle Time
from intense-895645e
On since Jul 22 11:48:22 on pts/1, 33 minutes Idle Time
from 192.168.5.165:0.0
No Plan.

Login name: test3
Directory: /home/test3 Shell: /usr/bin/ksh
On since Jul 22 11:57:31 on pts/2
from 192.168.5.178
No Plan.

Login name: root
Directory: / Shell: /usr/bin/ksh
On since Jul 21 12:38:04 on pts/3, 23 hours Idle Time
from 192.168.1.43
No Plan.

Login name: uniserve
Directory: /home/uniserve Shell: /usr/bin/ksh
On since Jul 21 13:52:34 on pts/5, 22 hours Idle Time
from 192.168.1.137
On since Jul 21 14:44:00 on pts/6, 21 hours Idle Time
from 192.168.1.137
No Plan.
=============================================

Its really fantastic thanks a lot....i felt very happy about this....
also who -X also give the IP address thankyou....
jai.......



Wed Nov 13 16:45:31 2013: 12363   anonymous

gravatar


How can i connect two pc that have a different ip address with a cross cable? one is linux and other is unix.
Linux have this ipaddress 10.5.8.48, and unix pc have 10.5.37.68

thanks a lot



Wed Nov 13 17:38:42 2013: 12364   TonyLawrence

gravatar


For those two to talk to each other, you'd need a 255.255.0.0 subnet mask.

------------------------


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Dead trees and polluting ink. I'll be happy to see them go. (Tony Lawrence)




Linux posts

Troubleshooting posts


This post tagged:

Code

FAQ

Linux

Microsoft

Perl

Scripting



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode