Are you interested in becoming an AWS Certified Solutions Architect?
Discover a new interactive way of training for the exam.
Solved
Which NIC is live in Win/Linux?
Posted on 2016-09-28
How can I reliably tell which NIC is the main one in a multi NIC machine such as windows or Linux.
For example, say a Windows and a Linux box have 4 NICs each.
One or more NICs may or may not have IPs configured.
One or all could be private IP or a combination of public and private.
Some might be virtual IPs on one NIC.
Is there some way of knowing which is the main NIC? For example, we'll often configure a machine which has more than one NIC with the first NIC being the 'main' one if you will, the one which will carry most of the traffic.
Is there some way of knowing which NIC is transferring the bulk of the traffic without checking packet counts?
For example, say a Windows and a Linux box have 4 NICs each.
One or more NICs may or may not have IPs configured.
One or all could be private IP or a combination of public and private.
Some might be virtual IPs on one NIC.
Is there some way of knowing which is the main NIC? For example, we'll often configure a machine which has more than one NIC with the first NIC being the 'main' one if you will, the one which will carry most of the traffic.
Is there some way of knowing which NIC is transferring the bulk of the traffic without checking packet counts?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
10
-
9
3- +1
25 Comments
Active today
route print
will include the detail of the routing table, the default route points the segment ..
when there are multiple paths out, you would need to use the segments, and then use the metric to define which is preferred.
lower metric more preferred higher less.
will include the detail of the routing table, the default route points the segment ..
when there are multiple paths out, you would need to use the segments, and then use the metric to define which is preferred.
lower metric more preferred higher less.
Active today
Yes, but that is my point. How do I determine which interface is the main default one if there are more than one interface and especially if more than one route.
Active today
you have to see which is what
when ypou have two
0.0.0.0 0.0.0.0 Ip/interace metric
look at the data .....
when ypou have two
0.0.0.0 0.0.0.0 Ip/interace metric
look at the data .....
how would you define a "main" NIC? isn't the device that your default route goes, which "route print" will indicate you?
oh, I just see you mean the NIC which carries the most of traffic. then the default route device may not be the one.
Active today
I would not have access to the machine and can only use a small script for example to send myself this information.
The machine would run the script and email me the result.
Somehow, I need to figure out which is the default interface being used on the machine if it has more than one NIC being used.
The machine would run the script and email me the result.
Somehow, I need to figure out which is the default interface being used on the machine if it has more than one NIC being used.
Active today
This is extremely vague. Are you able to poll the system with items such as SNMP?
Without knowing the paths/data commonly accessed one has to rely on data tranfers to make such a determination, SNMP, WMI is the only way to script to extract data ...
Without knowing the paths/data commonly accessed one has to rely on data tranfers to make such a determination, SNMP, WMI is the only way to script to extract data ...
Active today
Not trying to be vague but explaining a situation that happens. I sometimes need to determine from a remote location which is the default NIC on a machine. The only access I have is to send it a script it can run. Nothing else.
Active today
As was pointed out he primary Nic might not be the Nic through which most othe traffic flows.
I.e. A system that has one Nic (primary) that accepts connections from external sources, with the second Nic is the system's access to network based storage (NAS/SAN)
The storage access might be the higher data traffic interface, but it is in no way the primary interface as commonly, primary deals with which interface has external access
What script are you running, what data does it collect/retrieve and sends to you?
I.e. A system that has one Nic (primary) that accepts connections from external sources, with the second Nic is the system's access to network based storage (NAS/SAN)
The storage access might be the higher data traffic interface, but it is in no way the primary interface as commonly, primary deals with which interface has external access
What script are you running, what data does it collect/retrieve and sends to you?
Active today
I already know those things, that is why I posted asking the question, to know if there was some way of doing this.
There is no script. I said I can send the machines a little script to run to find the information but no other access.
There is no script. I said I can send the machines a little script to run to find the information but no other access.
Active today
What are you using? what does your script do? Do you compare the routing table to the IP on each interface?
You need to differentiate what are you asking as noted, are you trying to determine the primary (external access) interface, or do you want to identify the network interface through which has more utilization?
You need to differentiate what are you asking as noted, are you trying to determine the primary (external access) interface, or do you want to identify the network interface through which has more utilization?
Active today
Yes, trying to determine the primary interface.
As I said, there is no script, the plan is to use one depending on if I could determine which is the main interface. I've explained all of this several times I think. I'm not sure why you think I am being vague.
As I said, there is no script, the plan is to use one depending on if I could determine which is the main interface. I've explained all of this several times I think. I'm not sure why you think I am being vague.
Active today
I am trying to figure out what your options are, you can use wmi to pull information from a system, the determination is based on analyzing the sata. The inky simple answer us when a system inky gas I've interface.
Do you need this info on demand, or you are setting it up as a means of data collection when system boots, it runs a set of tests.
Are you looking for anyone to provide you the script, or help you get your script to a working ........
Do you have anything started at all that you can run on your local system?
Do you need this info on demand, or you are setting it up as a means of data collection when system boots, it runs a set of tests.
Are you looking for anyone to provide you the script, or help you get your script to a working ........
Do you have anything started at all that you can run on your local system?
Active today
I don't need help with the script, I needed info to get started on one.
I wasn't able to figure out how to identify the default NIC using some basic tests. I don't have access to tools on the remote machines, I could only run a very basic script.
It's easy when the machine only has one NIC but when it has multiples, the only possible hint might be which NIC is using a default route for example but that isn't reliable.
I need this info only, when ever I would remotely run the script which I could call up from a web page or something.
I wasn't able to figure out how to identify the default NIC using some basic tests. I don't have access to tools on the remote machines, I could only run a very basic script.
It's easy when the machine only has one NIC but when it has multiples, the only possible hint might be which NIC is using a default route for example but that isn't reliable.
I need this info only, when ever I would remotely run the script which I could call up from a web page or something.
Active today
In order to help, it is useful to see what information you are considering and evaluating.
Are you pulling the routing table?
netsh interfaces ip show interfaces
netsh can also be used to pull the ip address.
netsh interfaces ip show addressess
The combination of these will answer your question in most circumstance.
At times, scripting is simpler if I setup the framework of the process used to identify an answer to the question.
To identify the primary interface I do/consider, X, y, Z.
Are you pulling the routing table?
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.25.1 192.168.25.147 25 <== primary interface
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.25.0 255.255.255.0 On-link 192.168.25.147 281
192.168.25.147 255.255.255.255 On-link 192.168.25.147 281
192.168.25.255 255.255.255.255 On-link 192.168.25.147 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.25.147 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.25.147 281
netsh interfaces ip show interfaces
netsh can also be used to pull the ip address.
netsh interfaces ip show addressess
The combination of these will answer your question in most circumstance.
At times, scripting is simpler if I setup the framework of the process used to identify an answer to the question.
To identify the primary interface I do/consider, X, y, Z.
Active 1 day ago
For linux, you can run "ifconfig" command to get all interface and know "which" is the main traffic overload NIC:
for example:
eth0 Link encap:Ethernet HWaddr 00:16:3e:00:62:b7
inet addr:10.11.22.33 Bcast:10.11.22.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:384732191 errors:0 dropped:0 overruns:0 frame:0
TX packets:1840845 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18813588055 (18.8 GB) TX bytes:149869820 (149.8 MB)
eth1 Link encap:Ethernet HWaddr 00:16:3e:00:69:04
inet addr:172.16.1.2 Bcast:172.16.1.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2773928336 errors:0 dropped:0 overruns:0 frame:0
TX packets:328943002 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:228789172752 (228.7 GB) TX bytes:479131003030 (479.1 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4869689488 errors:0 dropped:0 overruns:0 frame:0
TX packets:4869689488 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1215633560088 (1.2 TB) TX bytes:1215633560088 (1.2 TB)
From the RX Bytes and TX Bytes, we know eth1 is the main NIC(we need ignore lo because is localhost).
for example:
eth0 Link encap:Ethernet HWaddr 00:16:3e:00:62:b7
inet addr:10.11.22.33 Bcast:10.11.22.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:384732191 errors:0 dropped:0 overruns:0 frame:0
TX packets:1840845 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18813588055 (18.8 GB) TX bytes:149869820 (149.8 MB)
eth1 Link encap:Ethernet HWaddr 00:16:3e:00:69:04
inet addr:172.16.1.2 Bcast:172.16.1.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2773928336 errors:0 dropped:0 overruns:0 frame:0
TX packets:328943002 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:228789172752 (228.7 GB) TX bytes:479131003030 (479.1 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4869689488 errors:0 dropped:0 overruns:0 frame:0
TX packets:4869689488 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1215633560088 (1.2 TB) TX bytes:1215633560088 (1.2 TB)
From the RX Bytes and TX Bytes, we know eth1 is the main NIC(we need ignore lo because is localhost).
Active today
Huacat, I disagree using data throughput as a determinant is not correct.
eth1 can be the internal interface on which data and backups are performed. the utilization because of those could exceed the amount of data access via the public interface.
Using a script to provide information on what IPs each system has and what routing table each system has.
Then viewing the data based on the preferred criteria will identify the interface .......
eth1 can be the internal interface on which data and backups are performed. the utilization because of those could exceed the amount of data access via the public interface.
Using a script to provide information on what IPs each system has and what routing table each system has.
Then viewing the data based on the preferred criteria will identify the interface .......
Active 1 day ago
@Anold, Yeah.
Route print can identify the default used NIC, but the author seems want to know wich NIC transfer the most traffic, so I post the command here.
If the author want to know which NIC take the most connections, he can use "netstat" command to check it.
But that command only take connections snapshot of that moment, we need check it in background continuous.
Route print can identify the default used NIC, but the author seems want to know wich NIC transfer the most traffic, so I post the command here.
If the author want to know which NIC take the most connections, he can use "netstat" command to check it.
But that command only take connections snapshot of that moment, we need check it in background continuous.
Active today
No, I want to identify the default NIC. However, default means what?
As Arnold said, a NIC could be used for backups so might have high traffic.
A NIC could have a public or private IP and its default gateway be either.
I don't think there is any way of doing this.
As Arnold said, a NIC could be used for backups so might have high traffic.
A NIC could have a public or private IP and its default gateway be either.
I don't think there is any way of doing this.
Active today
You have to know other things (criteria) on whose basis a determination can be made.
I.e the example posted by huacat, one has to see the routing table (netstat -rn or route print)
I.e. Your rule is that anything touching the 10.11.16.0-10.11.23.255 is a network that us external.
Etc.
The scheme has to match your impression when you look at the sata reported, what fo you take into account to make the determination?
I.e. You ask a person to get you info on server1 what IPs, ..
They come back with lan1 10.11.22.33 lan2 172.16.1.2 10.11.16.1 is default gateway/router.
Etc.
Your scripts can only gather information. Including, domain member or not local accounts and their membership, functions the system has by pulling which applications, features, roles, storage, capacity, etc.
I.e the example posted by huacat, one has to see the routing table (netstat -rn or route print)
I.e. Your rule is that anything touching the 10.11.16.0-10.11.23.255 is a network that us external.
Etc.
The scheme has to match your impression when you look at the sata reported, what fo you take into account to make the determination?
I.e. You ask a person to get you info on server1 what IPs, ..
They come back with lan1 10.11.22.33 lan2 172.16.1.2 10.11.16.1 is default gateway/router.
Etc.
Your scripts can only gather information. Including, domain member or not local accounts and their membership, functions the system has by pulling which applications, features, roles, storage, capacity, etc.
Active today
>You have to know other things (criteria) on whose basis a determination can be made.
Of course but I don't have those metrics. The question is how could the default NIC be determined.
Of course but I don't have those metrics. The question is how could the default NIC be determined.
Active today
It is a combination of getting the active networks list with the routing table.
Visually inspect the data you get and that will make the coding of your script clearer. We seemingly keep going back and forth.
netstat -rn | find " 0.0.0.0 "
returns the line with the default gateway followed by the Local IP on that network
The combination of the two you can determine that "Local Area Network" is the primary nic.
It is simple since the system on which this test was done is a single network.
But it illustrates the point.
Lets try it with a multi-interface
In the above both nics have a default gateway set
the routing table is
In this case, note the metric and the IP/default gateway, based on the combination "Local Area Connection 2" is the primary interface.
Thou in the scenario here, where both have a default gateway, this system has two paths to the outside. One by way of "Local Area Connection 2" and should this network connection fail, network drop, the system can access the outside through the second "Local Area Connection" network interface.
Hope this helps clarify the consideration.
if you set a company policy that when a system is configured, the public (primary interface has to be named, primary, main, etc. you might still when network IPs are Dynamically allocated run into the situation where the network cables might get swapped and ........... which means information has to be pulled and reviewed.
Visually inspect the data you get and that will make the coding of your script clearer. We seemingly keep going back and forth.
netstat -rn | find " 0.0.0.0 "
returns the line with the default gateway followed by the Local IP on that network
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4063:bb41:b6a9:6d39%6
IPv4 Address. . . . . . . . . . . : 192.168.35.147
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.35.1
Tunnel adapter isatap.{83A83843-A155-4999-9118-F357 9A9672DC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:145a:2c0e:ba02:284c
Link-local IPv6 Address . . . . . : fe80::145a:2c0e:ba02:284c%13
Default Gateway . . . . . . . . . : ::
0.0.0.0 0.0.0.0 192.168.35.1 192.168.35.147 25
The combination of the two you can determine that "Local Area Network" is the primary nic.
It is simple since the system on which this test was done is a single network.
But it illustrates the point.
Lets try it with a multi-interface
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : XXXXXX
IP Address. . . . . . . . . . . . : 192.168.100.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : XXX
IP Address. . . . . . . . . . . . : 192.168.40.27
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.40.1
In the above both nics have a default gateway set
the routing table is
0.0.0.0 0.0.0.0 192.168.40.1 192.168.40.27 1
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.15 100
In this case, note the metric and the IP/default gateway, based on the combination "Local Area Connection 2" is the primary interface.
Thou in the scenario here, where both have a default gateway, this system has two paths to the outside. One by way of "Local Area Connection 2" and should this network connection fail, network drop, the system can access the outside through the second "Local Area Connection" network interface.
Hope this helps clarify the consideration.
if you set a company policy that when a system is configured, the public (primary interface has to be named, primary, main, etc. you might still when network IPs are Dynamically allocated run into the situation where the network cables might get swapped and ........... which means information has to be pulled and reviewed.
Active 1 day ago
Hi Mark, you must gave the "standard" to identify the "default NIC".
I list some posible critical below, you need make a decision,
There haven't a standard anwser for you question, it depend on how you define the "default".
I list some posible critical below, you need make a decision,
- Most Traffic trasferred(see above)
- Public IP or private IP address determined(NIC with Public Internet IP as default NIC)
- Default route(default route 0.0.0.0/0.0.0.0 as default NIC)
- Most connection bear(for example, most TCP/IP connection used)
- App determined(for example: Apached bind NIC as default NIC)
- Shared connection as default NIC
- ....
There haven't a standard anwser for you question, it depend on how you define the "default".
Active today
The answer doesn't exist when there is no controlled situation. For example, if the entire network is company related, then you could establish guidelines but when most might be customers, you have no control so cannot know.
I decided to award a shared solution because it might help others.
I decided to award a shared solution because it might help others.
Featured Post
This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In part one, we reviewed the prerequisites required for installing SQL Server vNext.
In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
- Windows 10
- Windows Vista
- Windows 8
- Windows OS
- Windows 7
- Microsoft Legacy OS, Windows XP, *Scripts, *task scheduler
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month10 days, 4 hours left to enroll
722 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.