HPE Community
Operating System - HP-UX
1753281 Members
5362 Online
108792 Solutions
New Discussion юеВ

Determining inbound IP address used

 
Scott Stewart
Occasional Contributor

тАО08-24-2006 05:57 AM

тАО08-24-2006 05:57 AM

Determining inbound IP address used

We are running several MC/SG clusters using UX 11.11. On these clusters we use lsof to determine what IP address was used to establish a particular telnet connection.

Specifically, this functionality is used to determine if the user was telnetting to the host IP address or the MC/SG package address. Profile / startup script processing is then conditioned based on the IP address used.

We recently upgraded our test cluster to UX 11.23 and found out that the method of handling telnet sessions has changed such that lsof can no longer retrieve the inbound address used. After speaking with HP support, it looks like our only alternative is to utilize a crash dump/debugger utility which will add a significant layer of complexity.

Does anyone else have a non-lsof solution which may work for this UX release?

Thanks!
Scott Stewart
0 Kudos
Reply
7 REPLIES 7
spex
Honored Contributor

тАО08-24-2006 06:51 AM

тАО08-24-2006 06:51 AM

Re: Determining inbound IP address used

Hi Scott,

Give these cobbled-together commands a shot...

For hostname:

# who -R | tr -s ' ' '\n' | grep '(.*)' | tr -d '()'

# last -R -1 | awk -F'[\. ]+' '{print $3}'

For IP:

# who -R | tr -s ' ' '\n' | grep '(.*)' | tr -d '()' | nslookup | grep 'Address' | awk '{print $2}'

# last -R -1 | awk -F'[\. ]+' '{print $3}' | nslookup | grep 'Address' | awk '{print $2}'

PCS
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-24-2006 06:55 AM

тАО08-24-2006 06:55 AM

Re: Determining inbound IP address used

Shalom,

I agree that the last -R command should give you exactly what you need. You won't pull the information in like lsof, but you should be able to get exactly what you need.

Its important to prevent the /var/adm/wtmp file from getting corrupted or you will get inaccurate information.

I would also note that if you can avoid it, you should stop using telnet. It authenticates in clear text and there are plenty of free openssh/ssh clients you can use to replace communications between machines or between cluster and clients.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
spex
Honored Contributor

тАО08-24-2006 07:05 AM

тАО08-24-2006 07:05 AM

Re: Determining inbound IP address used

'who' should include the '-m' switch to limit output to the current tty:

# who -mR | ...

PCS
0 Kudos
Reply
rick jones
Honored Contributor

тАО08-24-2006 12:51 PM

тАО08-24-2006 12:51 PM

Re: Determining inbound IP address used

How about looking at netstat -a output. It won't associate it with a specific telnet session, but you can see which remote IP/names have connected to which local IP's and the telnet port. Remote IP may not be sufficient to identify user, but it might get you closer.

That is, of course, if who -R doesn't work:

# who -R
root console Jun 16 14:14 (tarry.hpl.hp.com)
root pts/ta Aug 24 17:49 (tardy.cup.hp.com)
# uname -a
HP-UX tarry B.11.23 U ia64 2397028692 unlimited-user license
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО08-24-2006 02:32 PM

тАО08-24-2006 02:32 PM

Re: Determining inbound IP address used

You are all confused as to what the author is requesting.

If I understand correctly, he is NOT asking what IP address the connection is FROM, rather he is asking what IP address the user is connecting TO.

For example, is the user doing a:

telnet 1.2.3.4

or

telnet 3.4.5.6

I do something similar, but I use lsof on 11.11, as you used to Scott. Apparently that connection information is not kept on 11.23.

I've tried netstat and lsof and not had any luck getting the info on 11.23.
0 Kudos
Reply
spex
Honored Contributor

тАО08-24-2006 02:58 PM

тАО08-24-2006 02:58 PM

Re: Determining inbound IP address used

Patrick,

If that's the case, I recommend writing a wrapper script around the 'telnet' binary which logs the destination ip to a central location.

PCS
0 Kudos
Reply
rick jones
Honored Contributor

тАО08-25-2006 05:02 AM

тАО08-25-2006 05:02 AM

Re: Determining inbound IP address used

netstat will show that at the TCP connection level. connecting that back to the specific telnet session - say with educated guesses based on who -R is the remaining excercise.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.