How do see what ip address users are logged into ???

How do see what ip address users are logged into ???

Post by Cliff Jon » Wed, 31 May 1995 04:00:00



I manage a few unix boxes (mostly SCO and linux) and contiually find users
using telnet, ftp, trn, xterm ,etc and cannot find the ip address there
going to. I 've tried the last command but it only lists telnet and ftp.
Is there a way to see all address and ports a workstation connects to ????
 
 
 

How do see what ip address users are logged into ???

Post by Mark W. Schuma » Thu, 01 Jun 1995 04:00:00




>I manage a few unix boxes (mostly SCO and linux) and contiually find users
>using telnet, ftp, trn, xterm ,etc and cannot find the ip address there
>going to. I 've tried the last command but it only lists telnet and ftp.
>Is there a way to see all address and ports a workstation connects to ????

Look into netstat.

--
"Mike White: The Ralph Perk of the '90s. Bring back Dennis Kucinich in '97!"

 
 
 

How do see what ip address users are logged into ???

Post by Shawn Bro » Thu, 01 Jun 1995 04:00:00




>I manage a few unix boxes (mostly SCO and linux) and contiually find users
>using telnet, ftp, trn, xterm ,etc and cannot find the ip address there
>going to. I 've tried the last command but it only lists telnet and ftp.
>Is there a way to see all address and ports a workstation connects to ????

Do a man on netstat, that'll probably give you the level of information you
need.

If you need more, get the lsof package (use archie to find it.)

Shawn


for the sake of a little safety deserve neither     | Finger for PGP public key
liberty nor safety." - Benjamin Franklin            | Thwart gov't - use PGP!
NSA PGP Bomb FBI Assassinate LSD Waco BATF AK-47 Thermite Sarin Methamphetamine

 
 
 

How do see what ip address users are logged into ???

Post by Leslie Westm » Thu, 01 Jun 1995 04:00:00



Quote:

>I manage a few unix boxes (mostly SCO and linux) and contiually find
users
>using telnet, ftp, trn, xterm ,etc and cannot find the ip address there
>going to. I 've tried the last command but it only lists telnet and ftp.
>Is there a way to see all address and ports a workstation connects to
????

do a 'man netstat' and see if you have that
 
 
 

How do see what ip address users are logged into ???

Post by Mr Pi » Tue, 06 Jun 1995 04:00:00


: I manage a few unix boxes (mostly SCO and linux) and contiually find users
: using telnet, ftp, trn, xterm ,etc and cannot find the ip address there
: going to. I 've tried the last command but it only lists telnet and ftp.
: Is there a way to see all address and ports a workstation connects to ????

netstat -a

 
 
 

1. User logging (WAS: Is it possible to log original IP addresses?)

OK, thanks to everyone who pointed me to X-Forwarded-For header,
which contains the address of client behind the proxy. It really works,
but it looks like in case of proxy forwarding request to another proxy
I'm getting the address of that previous proxy:
i.e. client->proxyA->proxyB->server and I log proxyA in X-Forwarded-For
...

Log format:
CustomLog xxxxx  "%h %l %u %t \"%r\" %s %b \"%{Referer}i\"
\"%{User-Agent}i\" %{X-Forwarded-For}i"

Sample log line:
basil.ulcc.wwwcache.ja.net - - [19/Apr/2000:12:53:36 +0400] "GET
/Exclusive/exclusive_K8.html HTTP/1.0" 200 2783 "-" "Mozilla/4.0
(compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8

nslookup 194.82.103.8
Name:    quietly-confident.wwwcache.ja.net

#telnet 194.82.103.8 3128
Trying 194.82.103.8...
Connected to 194.82.103.8.
Escape character is '^]'.
GET /

HTTP/1.0 400 Bad Request
Server: Squid/2.2.STABLE5-hno.20000202
...
So proxyA = quietly-confident.wwwcache.ja.net, proxyB=
basil.ulcc.wwwcache.ja.net,
client= ???

So now my questions are:
1. Are my conclusions correct?
2. Are there any better methods for tracking server users, including
users
behind proxies? May be cookies will help and if yes, are there any tools
for
that?
3. Can anybody explain why I am getting  'unknown,' in this log line
"Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8
Other log lines look as they should be:
"Mozilla/4.7 [en] (Win98; I)" 193.232.8.111
Again, custom format here is
\"%{User-Agent}i\" %{X-Forwarded-For}i

Many thanks in advance

Michael

2. XF86401+KDE2... TrueType Fonts, No Wallpaper

3. Getting ip address of logged in user

4. Linux and people with disabilities

5. Am I seeing IPv5, or am I hallucinating?

6. How to configure HP Vectra "port mouse" under Linux?

7. IP Chains by User, not IP Address,

8. RIVA TNT AGP and XFree86 3.3.3.1 help!

9. IP accounting on a per-user basis, rather than per IP address.

10. command last sees user still logged on !

11. Ip-Masquerade and games over the net...what am I doing wrong????????

12. Why I am getting two IP addresses when I connect to my work through VPN

13. no terminal/ip address information displayed by "who am i"