Linux which interface is used

How to check that a daemon is listening on what interface?

Ex.: an sshd is configured to only listen on wlan0. So. Besides checking the sshd_config how can I check that a daemon is listening on what inerface? netstat can do it? how? (OS: openwrt or scientific linux or openbsd) UPDATE: I thought sshd could be limited to an interface. but no. (192.168.1.5 is on wlan0. )

# grep ^ListenAddress /etc/ssh/sshd_config ListenAddress 192.168.1.5:22 # # lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 23952 root 3u IPv4 1718551 0t0 TCP 192.168.1.5:22 (LISTEN) # # ss -lp | grep -i ssh 0 128 192.168.1.5:ssh *:* users:(("sshd",23952,3)) # # netstat -lp | grep -i ssh tcp 0 0 a.lan:ssh *:* LISTEN 23952/sshd # 

4 Answers 4

(you might have to install the package ip on openwrt (v12 / attitude adjustment)

ifconfig/netstat etc. are considered deprecated, so you should use (as root)

to show the TCP/UDP sockets on which a running program which contains the string sshd is listening to

• -n
  no port to name resolution
• -l
  only listening sockets
• -p
  show processes listening
• -u
  show udp sockets
• -t
  show tcp sockets

Then you geht a list like this one:

tcp LISTEN 0 128 *:22 *:* users:(("sshd",3907,4)) tcp LISTEN 0 128 . 22 . * users:(("sshd",3907,3)) tcp LISTEN 0 128 127.0.0.1:6010 *:* users:(("sshd",4818,9)) tcp LISTEN 0 128 ::1:6010 . * users:(("sshd",4818,8)) 

the interesting thing is the 5th column which shows a combination of IP address and port:

1. *:22
   listen on port 22 on every available IPv4 address
2. . 22
   listen on port 22 on every available IP address (i do not write IPv6, as IP is IPv6 per RFC 6540)
3. 127.0.0.1:6010
   listen on IPv4 address 127.0.0.1 (localhost/loopback) and port 6010
4. ::1:6010
   listen on IP address ::1 (0:0:0:0:0:0:0:1 in full notation, also localhost/loopback) and port 6010

You then want to know which interfaces has an IPv4 address (to cover 1.)

ip -4 a # or "ip -4 address" # or "ip -4 address show" 

or an IP address (to cover 2.)

ip -6 a # or "ip -6 address # or "ip -6 address show 

(if you do not add the option for IP ( -6 ) or IPv4 ( -4 ) both are shown)

You can also have an look that output and search for e.g. 127.0.0.1 or any other IP/IPv4-address

# here a demo where i show all addresses of the device "lo" (loopback) ip a show dev lo 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 

The lines beginning with inet and inet6 show that these IPs are bound to this interface, you may have many of these lines per interface:

he-ipv6: mtu 1480 qdisc noqueue state UNKNOWN link/sit 192.0.2.1 peer 192.0.2.3 inet6 2001:db8:12::1/64 scope global valid_lft forever preferred_lft forever inet6 2001:db8::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::1111:1111/128 scope link valid_lft forever preferred_lft forever 

address="127.0.0.1" for i in $(grep ':' /proc/net/dev | cut -d ':' -f 1 | tr -d ' ') ; do if $(ip address show dev $i | grep -q "$") ; then echo "$ found on interface $" fi done 

you mean that there is no exact way to determine that a daemon is listening on what interface, because it could be only determined by IP address?

# lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 3028 root 3u IPv4 7072 0t0 TCP *:22 (LISTEN) sshd 3028 root 4u IPv6 7074 0t0 TCP *:22 (LISTEN) 

iproute2 ‘s ss can do this, too (as root):

# ss -lp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 . ssh . * users:(("sshd",3028,4)) LISTEN 0 128 *:ssh *:* users:(("sshd",3028,3)) 

. and finally, netstat (as root):

# netstat -lp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:ssh *:* LISTEN 3028/sshd 

Specifically, *:ssh or 0.0.0.0:22 means it’s listening on the wildcard interface (ie, all of them). Something like host-eth1:ssh or 10.0.0.4:22 mean it’s listening on that specific interface

wait a minute.. I thought this is the good answer 😀 but no, there is no interface in it.. How do I found out that a program is only listening on given interface? or there isn’t any solution for this question? :O

@gaskopeter You can see the interface from the ip address which is shown ( 192.168.1.5 or a.lan in your question). If there is a * in this place, then it listens on all interfaces ( *:ssh in sr_’s answer).

As far as i know, you can’t (except on BSD systems, where Finkregh’s solution works fine). It might be possible but you don’t care, because most application listen on every interface, even when bound to an IP address.

On linux (and openwrt), the only way for an application to listen only on a certain interface is the SO_BINDTODEVICE socket option. Few applications actually supports this, as it is OS specific. That, or they use packet socket, but that’s for low level protocols (like dhcp servers).

On linux, which uses a weak host model, every application listens on every interfaces by default, even when binding a socket to an IP address. The only exception is when binding to 127.0.0.1, which ensures that the application only listens on the lo interface.

You heard it right: If you have two interfaces (say eth0 and eth1 ) with two different IP addresses, (say 192.0.2.1 for eth0 and 198.51.100.1 for eth1 ) and you tell an application to bind on 192.0.2.1, the application will still listen on both interfaces, but will only respond if the destination IP is 192.0.2.1. So someone on the eth1 interface, if its routing table is appropriately defined, can access your application by accessing it via the 192.0.2.1 address (but not via 198.51.100.1) on the eth1 interface.

Assuming that binding to an IP address is the same as binding to a network interface is utterly false on Linux. If that bothers you, use policy routing and/or iptables .

Источник

List network interfaces on Linux

The network configuration is a common place to start during system configuration, security audits, and troubleshooting. It can reveal useful information like MAC and IP addresses. This guide helps you to gather this information on Linux, including listing all available network interfaces and its details.

Show network interfaces

Linux

Every Linux distribution is using its own way of configuring the network configuration details. Therefore, it is good to know which tools can be used to query these details in a generic way. So these commands should be working on the popular distributions like Arch Linux, CentOS, Debian, Gentoo, RHEL, and Ubuntu.

The old way: ifconfig

Previously the most obvious command to obtain the available network interfaces was using the ifconfig command. As some systems no longer have that command installed by default, we will also look at using alternative ip. If you still have ifconfig available, run it with the -a parameter.

Depending on what particular information you need, you can use grep to get you the right lines. The ifconfig command on Linux actually has the most option available, so have a look at the man page for all details.

Modern version: using the ip command

Newer Linux distributions now ship only the ip command. It is advised to start using this command instead of ifconfig, as its output works better with newer machines. Especially when using containerized applications, dynamic routing, and network aliases.

The easiest way to see what network interfaces are available is by showing the available links.

Linux network interfaces with ip link show command

Another option to show available network interfaces is by using netstat.

Note: the column command is optional, but provides a friendlier output for the eye.

Show the default gateway

The default gateway is the system that receives traffic for networks outside your own. On Linux systems, this gateway is typically received via DHCP or manually configured in a text configuration file.

Using the ip command

The output may look like this:

default via 123.12.0.1 dev eth0 onlink 10.17.0.0/16 dev eth0 proto kernel scope link src 10.17.0.3 123.12.0.0/18 dev eth0 proto kernel scope link src 123.123.0.3

With netstat

The default gateway can be listed with the netstat command.

The output will be something like this:

Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 123.12.0.1 0.0.0.0 UG 0 0 0 eth0 10.17.0.0 * 255.255.0.0 U 0 0 0 eth0 123.12.0.0 * 255.255.192.0 U 0 0 0 eth0

The second column shows the gateway. When it lists an asterisk (*), it means it uses the default gateway.

AIX and Solaris

These two old style platforms have of course ifconfig still available. By using the -a parameter, all interfaces will be displayed.

ifconfig -a | grep «flags ez-toc-section» > DragonBSD, FreeBSD, NetBSD

On the systems running BSD, it is also the ifconfig tool that can be used.

ifconfig -l

Frequently Asked Questions

How can I see the MTU of an interface?

Use the ip show link command.

What command can I use to display the default gateway on Linux?

Use the ip route command to show routing information, including the default gateway and the network interface it uses.

How can I test if my network configuration is correct?

Test if you can reach or access both devices on your network as outside of it. This way you know that your IP address and gateway is correctly set up. If you can only access remote systems by IP address, then check your name server configuration, typically stored in /etc/resolv.conf. Another useful tool to test your system, including your network configuration, is by using auditing tool Lynis. It will test for connectivity of the name servers and retrieves the most important parts of the network settings.

Did this article help you? Become part of the community and share it on your favorite website or social media. Do you have additional tips regarding the network configuration on Linux? Share it in the comments!

One more thing.

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

Security scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.

Источник

How to check which network interface is active and providing internet?

how do perform a check which network interface is active and providing internet and internet is working on that interface. In the above lo (loopback interface), eno1 (ethernet interface), wlp2s0 (wireless) are up but i am getting internet only from wlp2s0 .

3 Answers 3

One fairly good way is to check the routing table to see where the default routing goes

ip route list | grep default 

how do perform a check which network interface is active

Any of the interfaces saying state UP are active, and providing connectivity to some network or another.

and providing internet and internet is working on that interface.

You are really asking about just how approximately does ip routing work, and there is a lot of depth to that question. In essence, the routing table is a list of different networks with masks, and what network interface or external router provides connectivity to them.

At the end of this list is a special entry called the default route , which is kind of an alias for the network 0.0.0.0/0. It functions as a catch-all for things that you have no specific entry for, and in essence is the internet.

You can see the routing table by typing ip route . It will provide some explanation of what interfaces are used for different addresses, and show the mighty default route.

Источник