Link to home
Start Free TrialLog in
Avatar of Mike Paradis
Mike Paradis

asked on

Which NIC is live in Win/Linux?

How can I reliably tell which NIC is the main one in a multi NIC machine such as windows or Linux.

For example, say a Windows and a Linux box have 4 NICs each.

One or more NICs may or may not have IPs configured.
One or all could be private IP or a combination of public and private.
Some might be virtual IPs on one NIC.

Is there some way of knowing which is the main NIC? For example, we'll often configure a machine which has more than one NIC with the first NIC being the 'main' one if you will, the one which will carry most of the traffic.

Is there some way of knowing which NIC is transferring the bulk of the traffic without checking packet counts?
Avatar of arnold
arnold
Flag of United States of America image

route print
will include the detail of the routing table, the default route points the segment ..
when there are multiple paths out, you would need to use the segments, and then use the metric to define which is preferred.

lower metric more preferred higher less.
Avatar of Mike Paradis
Mike Paradis

ASKER

Yes, but that is my point. How do I determine which interface is the main default one if there are more than one interface and especially if more than one route.
you have to see which is what
when ypou have two
0.0.0.0 0.0.0.0 Ip/interace metric

look at the data .....
how would you define a "main" NIC? isn't the device that your default route goes, which "route print" will indicate you?
oh, I just see you mean the NIC which carries the most of traffic. then the default route device may not be the one.
in that case I would suggest u to use some network monitoring tools like cacti (google the keyword)
I would not have access to the machine and can only use a small script for example to send myself this information.
The machine would run the script and email me the result.

Somehow, I need to figure out which is the default interface being used on the machine if it has more than one NIC being used.
This is extremely vague. Are you able to poll the system with items such as SNMP?

Without knowing the paths/data commonly accessed one has to rely on data tranfers to make such a determination, SNMP, WMI is the only way to script to extract data ...
Not trying to be vague but explaining a situation that happens. I sometimes need to determine from a remote location which is the default NIC on a machine. The only access I have is to send it a script it can run. Nothing else.
As was pointed out he primary Nic might not be the Nic through which most othe traffic flows.

I.e. A system that has one Nic (primary) that accepts connections from external sources, with the second Nic is the system's access to network based storage (NAS/SAN)
The storage access might be the higher data traffic interface, but it is in no way the primary interface as commonly, primary deals with which interface has external access

What script are you running, what data does it collect/retrieve and sends to you?
I already know those things, that is why I posted asking the question, to know if there was some way of doing this.
There is no script. I said I can send the machines a little script to run to find the information but no other access.
What are you using? what does your script do? Do you compare the routing table to the IP on each interface?
You need to differentiate what are you asking as noted, are you trying to determine the primary (external access) interface, or do you want to identify the network interface through which has more utilization?
Yes, trying to determine the primary interface.
As I said, there is no script, the plan is to use one depending on if I could determine which is the main interface. I've explained all of this several times I think. I'm not sure why you think I am being vague.
I am trying to figure out what your options are, you can use wmi to pull information from a system, the determination is based on analyzing the sata. The inky simple answer us when a system inky gas I've interface.
Do you need this info on demand, or you are setting it up as a means of data collection when system boots, it runs a set of tests.

Are you looking for anyone to provide you the script, or help you get your script to a working ........

Do you have anything started at all that you can run on your local system?
I don't need help with the script, I needed info to get started on one.
I wasn't able to figure out how to identify the default NIC using some basic tests. I don't have access to tools on the remote machines, I could only run a very basic script.

It's easy when the machine only has one NIC but when it has multiples, the only possible hint might be which NIC is using a default route for example but that isn't reliable.

I need this info only, when ever I would remotely run the script which I could call up from a web page or something.
In order to help, it is useful to see what information you are considering and evaluating.

Are you pulling the routing table?
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.25.1    192.168.25.147     25  <== primary interface
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.25.0    255.255.255.0         On-link     192.168.25.147    281
    192.168.25.147  255.255.255.255         On-link     192.168.25.147    281
    192.168.25.255  255.255.255.255         On-link     192.168.25.147    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.25.147    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.25.147    281

netsh interfaces ip show interfaces
netsh can also be used to pull the ip address.
netsh interfaces ip show addressess
The combination of these will answer your question in most circumstance.

At times, scripting is simpler if I setup the framework of the process used to identify an answer to the question.

To identify the primary interface I do/consider, X, y, Z.
For linux, you can run "ifconfig" command to get all interface and know "which" is the main traffic overload NIC:
for example:
eth0      Link encap:Ethernet  HWaddr 00:16:3e:00:62:b7
          inet addr:10.11.22.33  Bcast:10.11.22.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:384732191 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1840845 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:18813588055 (18.8 GB)  TX bytes:149869820 (149.8 MB)

eth1      Link encap:Ethernet  HWaddr 00:16:3e:00:69:04
          inet addr:172.16.1.2  Bcast:172.16.1.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2773928336 errors:0 dropped:0 overruns:0 frame:0
          TX packets:328943002 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:228789172752 (228.7 GB)  TX bytes:479131003030 (479.1 GB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4869689488 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4869689488 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1215633560088 (1.2 TB)  TX bytes:1215633560088 (1.2 TB)


From the RX Bytes and TX Bytes, we know eth1 is the main NIC(we need ignore lo because is localhost).
Huacat, I disagree using data throughput as a determinant is not correct.
eth1 can be the internal interface on which data and backups are performed. the utilization because of those could exceed the amount of data access via the public interface.

Using a script to provide information on what IPs each system has and what routing table each system has.
Then viewing the data based on the preferred criteria will identify the interface .......
@Anold, Yeah.

Route print can identify the default used NIC, but the author seems want to know wich NIC transfer the most traffic, so I post the command here.

If the author want to know which NIC take the most connections, he can use "netstat" command to check it.
But that command only take connections snapshot of that moment, we need check it in background continuous.
No, I want to identify the default NIC. However, default means what?
As Arnold said, a NIC could be used for backups so might have high traffic.
A NIC could have a public or private IP and its default gateway be either.

I don't think there is any way of doing this.
You have to know other things (criteria) on whose basis a determination can be made.

I.e the example posted by huacat, one has to see the routing table (netstat -rn or route print)

I.e. Your rule is that anything touching the 10.11.16.0-10.11.23.255  is a network that us external.
Etc.
The scheme has to match your impression when you look at the sata reported, what fo you take into account to make the determination?

I.e. You ask a person to get you info on server1 what IPs, ..
They come back with lan1 10.11.22.33 lan2 172.16.1.2 10.11.16.1 is default gateway/router.

Etc.
Your scripts can only gather information. Including, domain member or not local accounts and their membership, functions the system has by pulling which applications, features, roles, storage, capacity, etc.
>You have to know other things (criteria) on whose basis a determination can be made.

Of course but I don't have those metrics. The question is how could the default NIC be determined.
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The answer doesn't exist when there is no controlled situation. For example, if the entire network is company related, then you could establish guidelines but when most might be customers, you have no control so cannot know.

I decided to award a shared solution because it might help others.