How can I reliably tell which NIC is the main one in a multi NIC machine such as windows or Linux.
For example, say a Windows and a Linux box have 4 NICs each.
One or more NICs may or may not have IPs configured.
One or all could be private IP or a combination of public and private.
Some might be virtual IPs on one NIC.
Is there some way of knowing which is the main NIC? For example, we'll often configure a machine which has more than one NIC with the first NIC being the 'main' one if you will, the one which will carry most of the traffic.
Is there some way of knowing which NIC is transferring the bulk of the traffic without checking packet counts?
Visually inspect the data you get and that will make the coding of your script clearer. We seemingly keep going back and forth.
netstat -rn | find " 0.0.0.0 "
returns the line with the default gateway followed by the Local IP on that network
The combination of the two you can determine that "Local Area Network" is the primary nic.
It is simple since the system on which this test was done is a single network.
But it illustrates the point.
Lets try it with a multi-interface
In the above both nics have a default gateway set
the routing table is
In this case, note the metric and the IP/default gateway, based on the combination "Local Area Connection 2" is the primary interface.
Thou in the scenario here, where both have a default gateway, this system has two paths to the outside. One by way of "Local Area Connection 2" and should this network connection fail, network drop, the system can access the outside through the second "Local Area Connection" network interface.
Hope this helps clarify the consideration.
if you set a company policy that when a system is configured, the public (primary interface has to be named, primary, main, etc. you might still when network IPs are Dynamically allocated run into the situation where the network cables might get swapped and ........... which means information has to be pulled and reviewed.