HPE Community
Operating System - HP-UX
1753947 Members
7362 Online
108811 Solutions
New Discussion юеВ

What IP-Address did a user connect to?

 
Andreas Poeschl
Occasional Contributor

тАО10-30-2002 10:11 PM

тАО10-30-2002 10:11 PM

What IP-Address did a user connect to?

Hi,

if a server has got several IP addresses configured for its interfaces (e. g. Service Guard packages are running), is it possible to find out later, which ip address a user connected to? It always seems to me that the user connected to the base ip address of the machine and not to one of the additional addresses.

Regards,
Andreas
Life is a bad adventure game - but the graphics is great!
0 Kudos
Reply
12 REPLIES 12
Patrick Chim
Trusted Contributor

тАО10-30-2002 10:20 PM

тАО10-30-2002 10:20 PM

Re: What IP-Address did a user connect to?

Hi,

You can use 'netstat -na | grep ' to check whether the user are connecting to which IP address.

It depends on how your application or user connect to your server. You can simply use telnet to the server which one of them using the static IP and the other using the virtual IP. When you issue the 'netstat -na' command, you will see the two IP addresses are connecting by your telnet session.

tcp 0 0 172.19.128.8.23 172.19.130.119.2648 ESTABLISHED
tcp 0 0 172.19.128.21.23 172.19.130.119.1027 ESTABLISHED

From the above example, 119 is my workstation IP and 128.8 is virtual IP and 128.21 is the static IP.

Is this what you are looking for ?

Regards,
Patrick
0 Kudos
Reply
Andreas Poeschl
Occasional Contributor

тАО10-30-2002 10:47 PM

тАО10-30-2002 10:47 PM

Re: What IP-Address did a user connect to?

This is basically, what i am looking for - but it seems as if the virtual information disappeared after login (end of .profile-work). Only the main address remains in netstat -na.

So during login I get 2 entries, one for the base and one for the virtual address.

Afterwards there is only the entry the base address left.

Regards,
Andreas
Life is a bad adventure game - but the graphics is great!
0 Kudos
Reply
Patrick Chim
Trusted Contributor

тАО10-30-2002 11:24 PM

тАО10-30-2002 11:24 PM

Re: What IP-Address did a user connect to?

Hi again,

I attempted to login the telnet session with virtual IP and the connection still show in the 'netstat -na' command after I logged in. Can you show me more information before and after you logon.

Moreover, please capture the output of 'netstat -ni' as it will show the status of the primary and logical interfaces.

Regards,
Patrick
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

тАО10-31-2002 02:12 AM

тАО10-31-2002 02:12 AM

Re: What IP-Address did a user connect to?

Hi

Have you look at :-

last -R



Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Andreas Poeschl
Occasional Contributor

тАО10-31-2002 03:00 AM

тАО10-31-2002 03:00 AM

Re: What IP-Address did a user connect to?

Here is the output of "netstate -in":

Name Mtu Network Address Ipkts Opkts
lan3 1500 160.47.14.0 160.47.14.35 907173 796701
lan1:1 1500 160.47.15.0 160.47.15.110 1843642 51582
lan1 1500 160.47.15.0 160.47.15.25 8907829 12529292
lo0 4136 127.0.0.0 127.0.0.1 20291 20291

If I connect to 160.47.15.110 (using xterm over Exceed), I get (recorded during execution of ~/.profile):

tcp 0 0 160.47.15.110.512 160.47.110.173.2063 ESTABLISHED
tcp 0 0 160.47.15.25.52308 160.47.110.173.6000 ESTABLISHED

After finished login, I get:
tcp 0 0 160.47.15.25.52308 160.47.110.173.6000 ESTABLISHED

This means that the interesting connection information is gone and only the base ip address is left.

Regards,
Andreas

P.S.: Information was recorded with "netstat -in | grep 110.173", where 160.47.110.173 is my client ip address
Life is a bad adventure game - but the graphics is great!
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО10-31-2002 03:53 AM

тАО10-31-2002 03:53 AM

Re: What IP-Address did a user connect to?

Andreas,

It appears you will have to capture that information in their .profile, especially if the use of "last" isn't working for you.

live free or die
harry
Live Free or Die
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО10-31-2002 03:58 AM

тАО10-31-2002 03:58 AM

Re: What IP-Address did a user connect to?

How about using nettl and netfmt.
I think you can get the source and destination ip's here.

just check the attachment for the usage of nettl and netfmt
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО10-31-2002 04:08 AM

тАО10-31-2002 04:08 AM

Re: What IP-Address did a user connect to?

Here is the attachment
0 Kudos
Reply
Ravi_8
Honored Contributor

тАО10-31-2002 05:37 AM

тАО10-31-2002 05:37 AM

Re: What IP-Address did a user connect to?

Hi, Andreas

yes, user will be connected to base address.

never give up
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.