I am fairly new to linux I wanted to ask if its possible in linux commands to run a "route -n" command to retrieve information for a specific NIC. E.G route -n ether0. Because currently it shows me for all the NIC's but what if I want just for one?
Use the iproute2 ip command (rather than the antique route command), and provide a selector with your NIC:
# for ether0
ip -o route list dev ether0
(I've added -o since your tags indicate that you're using this for scripting purposes; ensuring that each result lives on its own line is appropriate in this case).
This is a significant improvement on the simple route | grep ether0 approach, as it shows routing entries which can end up sending traffic through a NIC but don't name that NIC explicitly.
As the default for iproute2 is to avoid leaning on the resolver, no local flag equivalent to -n is necessary; instead, if you did want to use the resolver, you would need to add -r.
Do you want see route for ether0, you can use below command
ip -o route show dev ether0
or
ip route show | grep ether0
or
route -n | grep ether0
or
netstat -nr | grep ether0
To see NIC for ether0, you can use ifconfig command and Gateway NIC you can use arp -a commands
ifconfig ether0
for see GW and direct connected NICS you can use below command
arp -a
I am trying to get the source MAC address of every packet being dumped on the network, excluding any packets involving the host machine. I expect that in order to accomplish this I should get the data from tcpdump with the host's network interface in promiscuous mode.
Note that I am not interested in getting the full header or even the link level header. The -e option is not what I want. I just want the source MAC address for each packet, and nothing more.
This is what I am currently doing right now:
sudo tcpdump -I -elt -i wlan0 not host 127.0.0.1 2>> /dev/null | sed 's/ .*//'
with 127.0.0.1 replaced with the actual IP address of the local network interface.
This works great in some networks, where the source MAC address is the first piece of information that is output by tcpdump. Unfortunately, this has not always been my experience. It seems that the output to tcpdump is protocol-dependent and so on some networks it varies.
I suppose I could rewrite my sed command so that it outputs the first item that matches the regex for a MAC address:
(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}
but I am unsure if the first MAC address in the line will always be the source MAC address.
If there's no way to have tcpdump output the source MAC address directly, is there some way I could have it output the raw bits from the link level header? From there I should be able to piece together the source MAC address.
by using tshark you can do it like that:
example:
tshark -i eth0 -e eth.src -Tfields
I want command to get Linux machine(amazon) external/public IP Address.
I tried hostname -I and other commands from blogs and stackoverflow like
ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p'
and many more. But they all are giving me internal IP Address.
Then I found some sites which provides API for this.
Example : curl http://ipecho.net/plain; echo
But I don't want to rely on third party website service. So, is there any command line tool available to get external IP Address?
simplest of all would be to do :
curl ifconfig.me
A cleaner output
ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://'
You could use this script
# !/bin/bash
#
echo 'Your external IP is: '
curl -4 icanhazip.com
But that is relying on a third party albeit a reliable one.
I don't know if you can get your external IP without asking someone/somesite i.e. some third party for it, but what do I know.
you can also just run:
curl -4 icanhazip.com
This is doing the same thing as a command the -4 is to get the output in Ipv4
You can use this command to get public ip and private ip(second line is private ip; third line is public ip.)
ip addr | awk '/inet / {sub(/\/.*/, "", $2); print $2}'
I would suggest you to use the command external-ip (sudo apt-get install miniupnpc) as it (I'm almost sure) uses upnp protocol to ask the router instead of asking an external website so it should be faster, but of course the router has to have upnp enabled.
You can simply do this :
curl https://ipinfo.io/ip
It might not work on amazon because you might be using NAT or something for the server to access the rest of the world (and for you to ssh into it also). If you are unable to ssh into the ip that is listed in ifconfig then you are either in a different network or dont have ssh enabled.
This is the best I can do (only relies on my ISP):
ISP=`traceroute -M 2 -m 2 -n -q 1 8.8.8.8 | grep -m 1 -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'`
extIP=`ping -R -c 1 -t 1 -s 1 -n $ISP | grep RR | grep -m 1 -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'`
echo $extIP
Or, the functionally same thing on one line:
ISP=`traceroute -M 2 -m 2 -n -q 1 8.8.8.8 | grep -m 1 -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'` | ping -R -c 1 -t 1 -s 1 -n $ISP | grep RR | grep -m 1 -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
to save it to a temporary & hidden file add > .extIP to the end of the last line, then cat .extIP to see it.
If your ISP's address never changes (honestly i'm not sure if it would or not), then you could fetch it once, and then replace $ISP in line two with it
This has been tested on a mac with wonderful success.
the only adjustment on linux that I've found so far is the traceroute "-M" flag might need to be "-f" instead
and it relies heavily on the ping's "-R" flag, which tells it to send back the "Record Route" information, which isn't always supported by the host. But it's worth a try!
the only other way to do this without relying on any external servers is to get it from curl'ing your modem's status page... I've done this successfully with our frontier DSL modem, but it's dirty, slow, unreliable, and requires hard-coding your modem's password.
Here's the "process" for that:
curl http://[user]:[password]#[modem's LAN address]/[status.html] | grep 'WanIPAddress =' | grep -m 1 -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
That fetches the raw html, searches for any lines containing "WanIpAddress =" (change that so it's appropriate for your modem's results), and then narrows down those results to an IPv4 style address.
Hope that helps!
As others suggested, we have to rely on third party service which I don't feel safe using it. So, I have found Amazon API on this answer :
$ curl http://169.254.169.254/latest/meta-data/public-ipv4
54.232.200.77
For more details, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-retrieval
The super-easy way is using the glances tool. you can install it on Ubuntu using:
$ sudo apt install glances
then using it with:
$ glances
and at the top of the terminal, it highlights your public IP address, and so many other information about your system (like what htop does) and network status.
For a formatted output use :-
dig TXT +short o-o.myaddr.l.google.com #ns1.google.com
it'll give you formatted output like this
"30.60.10.11"
also FYI,
dig is more faster than curl and wget
The following works as long as you have ifconfig and curl.
curl ifconfig.me
I discovered only last week with help on here that I could have the OS Architecture (32/64) stored in a variable like this:
arch=$(getconf LONG_BIT)
I am hoping that I can use a similar method for local IP address:
ipaddress=$(????)
So that any occurrences of $ipaddress will be replaced with "192.168.1.100" or whatever the local IP might be
Unfortunately, it is not possible to extract the IP address of the system from the sysconf sub-system.
It is possible to have several IP addresses associated with the interfaces on a Linux system so there is no way to determine which IP address is the 'correct' one.
You could use the following shell snippet to list the active IP addresses on the system:
ifconfig | grep 'inet addr' | awk '{print $2}' | cut -d ':' -f2
On my system this lists the following IP addresses:
192.168.1.12
127.0.0.1
If you see similar output, it means you've only got a single active interface along with the local loopback, so you can add |grep -v 127 to the previous snippet to filter out the local loopback address.
I'm not sure whether to post it here or at ServerFault.
Anyway, I'm trying to work around company's firewall to connect to some media sharing site using my phone's 3g network. I've come up with a simple ip route command which take pppd's inet address as it's parameter. But, I want to make it a little bit more automated by reading the inet address right from the script, not by passing it via command line parameter.
Here's the scenario, to make it more obvious:
The command invocation as of now: $jumpfirewall xxx.xxx.xxx.xxx
The command invocation I want: $jumpfirewall
Do you know some command or library that I can use to read it from command line?
Adapted from cyberciti:
/sbin/ifconfig ppp0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'
The ifconfig ppp0 will get information for your primary PPP interface; the grep cuts it down to the line containing the IP address; the cut splits out everything after inet addr: up to bcast:, giving something like 1.2.3.4 Bcast:; and the awk call will print only the first (space-separated) field, leaving you with only the IP address.
pppd automatically calls a script in /etc/ppp/ip-up when a link is brought up. In this script, $4 is the local IP address of the PPP link. (On some distributions, /etc/ppp/ip-up is set to call the scripts in /etc/ppp/ip-up.d, with $PPP_LOCAL set to the IP address, so you can place your script there).
This way, you won't have to manually call the script - just bring up the PPP link and it'll be run automatically. There's a corresponding /etc/ppp/ip-down you can use to undo your route when the link goes down.