hostname -i vs hostname -I in linux - linux

So I looked up on google about the difference between the output for hostname -i and hostname -I but couldn't get anything significant.
The output for hostname -i: 127.0.1.1
The output for hostname -I: 192.168.X.X.
All I could get was this:
-i: This option is used to get the IP(network) addresses. This option works only if the hostname is resolvable.
-I: This option is used to get all IP(network) addresses. The option doesn’t depend on the resolvability of the hostname.
It would be great if someone could elaborate on this for me.

From the information in your question I infer that your question is about linux hostname command. That's important as BSD flavor of that command (e.g. found in macOS system) has different argument set.
The man page for linux hostname command is actually very specific about the difference and you have posted already excerpt from it:
-i, --ip-address
Display the network address(es) of the host name. Note that this works only if the host name can be resolved. Avoid
using this option; use hostname --all-ip-addresses instead.
-I, --all-ip-addresses
Display all network addresses of the host. This option enumerates all configured addresses on all network interfaces.
The loopback interface and IPv6 link-local addresses are omitted. Contrary to option -i, this option does not depend
on name resolution. Do not make any assumptions about the order of the output.
The "address being resolved" (the -i argument) means that it is being resolved via DNS. You can get similar results by using some name resolution command as nslookup <yourhostname> or getent hosts <yourhostname>:
$ nslookup myhostname
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: myhostname
Address: X.X.X.X
The -I on the other hand iterates over all network interfaces of your host and sees how they are actually configured. That means it obtains the IP address via completely different method.

Assuming your hostname is set to myhost, hostname -i tries to resolve myhost. You probably have such a line in your /etc/hosts
127.0.0.1 myhost
This will resolve myhost as 127.0.0.1.
With hostname -I you get the addresses of your network interface(s), apparently without the loopback addresses. These addresses might be assigned by DHCP.
In your case with the output 192.168.X.X you only have one interface connected with only an IPv4 address.
My Ubuntu 19.10 system displays one IPv4 address and one IPv6 address when connected to WiFi only or two IPv4 and IPv6 addresses each when connected to both WiFi and Ethernet.

Related

IP Command set gatway

I want to set the gateway to the particular interface via shell script.
We can modify the ethernet configuration file like this
DEVICE="eth0"
BOOTPROTO="static"
HWADDR=20:89:84:c8:12:8a
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR=192.168.0.108
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=8.8.8.8
DNS1=8.8.4.4
But I want to do it the ip command way. What will be the equivalent ip command to achieve this?
You could start with this little intro to the ip commands or this ip commands cheat sheet. With those, you can set IPADDR, e.g.
sudo ip addr add 192.168.0.108 dev eth0
The GATEWAY is set by
sudo ip route add 0.0.0.0/0 via 192.168.0.1 dev eth0
The sudo is needed only, if the user is not root.
More work is to be done for the rest and not all of them are ip commands. E.g. DNS servers are set in the /etc/resolv.conf file and not by an ip command.

Scanning the network for all the hostnames present with their respective ip addresses

I have tried nmap, nbtscan, fping, arp-scan for the overstated need and all are producing expected output.
But I am facing some trouble with the arp command its not working and showing something like this:
? (10.240.253.2) at 80:a1:d7:7c:22:94 [ether] on eth0
<something>.local (10.240.253.53) at 9c:2a:70:d8:50:ed [ether] on eth0
I have tried arp -a and arp -a -n both. Also I tried running ping -b <broadcast ip address> before these command but ping -b does not execute at all means it does nothing.
On other systems in my network it is running fine. But it seems there is some setting problem with my computer that I am not aware of.
arp is not a scanner. It queries your system's ARP cache.
Therefore, it will only show IP and MAC addresses of hosts which have sent ARP queries or answers recently seen by your system.
As you mention, nmap, for example, is much more suited to what you're trying to do than arp.

Get only the source MAC address from tcpdump

I am trying to get the source MAC address of every packet being dumped on the network, excluding any packets involving the host machine. I expect that in order to accomplish this I should get the data from tcpdump with the host's network interface in promiscuous mode.
Note that I am not interested in getting the full header or even the link level header. The -e option is not what I want. I just want the source MAC address for each packet, and nothing more.
This is what I am currently doing right now:
sudo tcpdump -I -elt -i wlan0 not host 127.0.0.1 2>> /dev/null | sed 's/ .*//'
with 127.0.0.1 replaced with the actual IP address of the local network interface.
This works great in some networks, where the source MAC address is the first piece of information that is output by tcpdump. Unfortunately, this has not always been my experience. It seems that the output to tcpdump is protocol-dependent and so on some networks it varies.
I suppose I could rewrite my sed command so that it outputs the first item that matches the regex for a MAC address:
(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}
but I am unsure if the first MAC address in the line will always be the source MAC address.
If there's no way to have tcpdump output the source MAC address directly, is there some way I could have it output the raw bits from the link level header? From there I should be able to piece together the source MAC address.
by using tshark you can do it like that:
example:
tshark -i eth0 -e eth.src -Tfields

I get "cannot assign requested address" error

I am trying to run beanstalkd
if i use 127.0.0.1 with port no 11300 it works or for the matter any other port
beanstalkd -d -l 127.0.0.1 -p 11300
But if use external IP it doesn't work.
beanstalkd -d -l 107.0.1.5 -p 11300
Should i enable the port or something . If i should how does it work in the first case and not the second
The IP address you pass to beanstalkd is the address that it binds to - if given, it will only accept connections to that address on the machine it runs on. So the address 107.0.1.5 must be on one of the network interfaces on the machine you run it on.
If you want you can simply omit the -l <address> option to get beanstalkd to listen on all of the addresses on the host.

Change and sync hostname / ip address changes on debian linux

For changing static ip address, i set the contents of /etc/network/interfaces to
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet static
address <newaddress>
netmask <netmask>
gateway <gateway>
dns-nameservers <dns1> <dns2>
then do ifdown eth0 && ifup eth0
For changing the hostname, i do the following actions
execute hostname <newname>
set contents of /etc/hostname to <newname>
replace <oldname> with <newname> in /etc/hosts
Issues
Both ip address and host name changes don't take effect.
If I change the ip address and ping the hostname, it still resolves to the oldaddress
If I change the hostname and ping the new hostname, it cannot resolve to an ip
If I change the hostname and ping the old hostname, it is still available and resolved the current ip address.
I restart the machine and it still behaves the same way.
What am I missing?
Could the parent network play any role in this?
Also note that my machine thinks the hostname is updated after I change it.
I think this is not actually a problem and this behavior is explained by arp caching.
The ARP tool manipulates or displays the kernel's IPv4 network neighbour and this includes in some way your host as well.
The arp command has many switches you can work on as, for example, the following command:
arp -n
This command prints out the list of arp cache entries.
Unfortunately there is no command to flush it hence, you have 2 options.
Option 1: You wait for the cache to update (won't take long)
Option 2: You run the following very basic script and you see:
#!/bin/sh
for i in `awk -F ' ' '{ if ( $1 ~ /[0-9{1,3}].[0-9{1,3}].[0-9{1,3}].[0-9{1,3}]/ ) print $1 }' /proc/net/arp` ;
do
arp -d $i
done
The script is not mine, I have reported the only I usually run which was taken originally from this well done example:
http://www.lainoox.com/display-add-flush-arpcache-linux-arp/
I hope this helps in some way.
Changing /etc/hostname will have the affect of changing the hostname displayed on your terminal, welcome messages, in your logs and anywhere else the system uses hostname. These are all vanity changes.
Channging /etc/hosts will change your local host-name resolution (i.e. translating an ip address to a hostname and vise versa) Anything DNS does not resolv or anything you want to override locally. By default, the local files override network resolution. This is determined in /etc/nsswitch which says to use local files first then then dns for host resolution.
The important thing to keep in mind here is that these changes will not affect how othesr on a network would determine this host's ip address or name, which of course is handled through DNS or maybe their local /etc/hosts file(s).
yeah resolv.conf is for dns. as is which handles NAMES and anything that has to do with the internet. Such as ping. dns resolvc locally weather you have server or not thus the hostname / ect hosts which ALSO handle dns. your resolv.conf will update from your isp when you connect or you can change it by hand / set some thing more dynamic on a bridged interface

Resources