Understanding VPN IPSec Tunnel Mode and IPSec Transport Mode – What s the Difference? #ipsec, #modes, #tunnel, #transport, #esp, #ah, #encryption, #protocol, #security, #encapsulation, #decapsulation, #difference, #compare, #network, #gateway, #peer, #secure, #ip, #header, #protected, #unprotected


#

Understanding VPN IPSec Tunnel Mode and IPSec Transport Mode – What’s the Difference?

IPSec’s protocol objective is to provide security services for IP packets such as encrypting sensitive data, authentication, protection against replay and data confidentiality.

As outlined in our IPSec protocol article. Encapsulating Security Payload (ESP) and Authentication Header (AH) are the two IPSec security protocols used to provide these security services. Analysing the ESP and AH protocols is out of this article’s scope, however you can turn to our IPSec article where you’ll find an in-depth analysis and packet diagrams to help make the concept clear.

Understanding IPSec Modes –Tunnel Mode Transport Mode

IPSec can be configured to operate in two different modes, Tunnel and Transport mode. Use of each mode depends on the requirements and implementation of IPSec.

IPSec Tunnel Mode

IPSec tunnel mode is the default mode. With tunnel mode, the entire original IP packet is protected by IPSec. This means IPSec wraps the original packet, encrypts it, adds a new IP header and sends it to the other side of the VPN tunnel (IPSec peer).

Tunnel mode is most commonly used between gateways (Cisco routers or ASA firewalls), or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.

Tunnel mode is used to encrypt traffic between secure IPSec Gateways, for example two Cisco routers connected over the Internet via IPSec VPN. Configuration and setup of this topology is extensively covered in our Site-to-Site IPSec VPN article. In this example, each router acts as an IPSec Gateway for their LAN, providing secure connectivity to the remote network:

Another example of tunnel mode is an IPSec tunnel between a Cisco VPN Client and an IPSec Gateway (e.g ASA5510 or PIX Firewall). The client connects to the IPSec Gateway. Traffic from the client is encrypted, encapsulated inside a new IP packet and sent to the other end. Once decrypted by the firewall appliance, the client’s original IP packet is sent to the local network.

In tunnel mode, an IPSec header (AH or ESP header ) is inserted between the IP header and the upper layer protocol. Between AH and ESP, ESP is most commonly used in IPSec VPN Tunnel configuration.

The packet diagram below illustrates IPSec Tunnel mode with ESP header :

ESP is identified in the New IP header with an IP protocol ID of 50.

The packet diagram below illustrates IPSec Tunnel mode with AH header :

The AH can be applied alone or together with the ESP, when IPSec is in tunnel mode. AH’s job is to protect the entire packet. The AH does not protect all of the fields in the New IP Header because some change in transit, and the sender cannot predict how they might change. The AH protects everything that does not change in transit. AH is identified in the New IP header with an IP protocol ID of 51.

IPSec Transport Mode

IPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.

Transport mode provides the protection of our data, also known as IP Payload, and consists of TCP/UDP header + Data, through an AH or ESP header. The payload is encapsulated by the IPSec headers and trailers. The original IP headers remain intact, except that the IP protocol field is changed to ESP (50) or AH (51), and the original protocol value is saved in the IPsec trailer to be restored when the packet is decrypted.

IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode.

The packet diagram below illustrates IPSec Transport mode with ESP header :

Notice that the original IP Header is moved to the front. Placing the sender’s IP header at the front (with minor changes to the protocol ID), proves that transport mode does not provide protection or encryption to the original IP header and ESP is identified in the New IP header with an IP protocol ID of 50 .

The packet diagram below illustrates IPSec Transport mode with AH header :

The AH can be applied alone or together with the ESP when IPSec is in transport mode. AH’s job is to protect the entire packet, however, IPSec in transport mode does not create a new IP header in front of the packet but places a copy of the original with some minor changes to the protocol ID therefore not providing essential protection to the details contained in the IP header (Source IP, destination IP etc). AH is identified in the New IP header with an IP protocol ID of 51.

In both ESP and AH cases with IPSec Transport mode, the IP header is exposed.


Video Security Systems #security #surveillance #systems, #ip #surveillance #cameras, #video #security #systems #


#

Worldeyecam, INC

Worldeyecam is extremely excited to announce the latest addition to our product line, Uniview . Being able to offer our customers the latest and greatest in innovative security technology is one of the paramount privileges we have as a business. What sets Uniview apart? The numbers don’t lie; Uniview has been dominating the Chinese project market over the last three years. They have covered over 580+ safe city projects, 70% of airport projects, 50% of military and police projects, as well as 40% of metro/university projects, all ranking No.1 in China among domestic manufacturers (Dahua, Hikvision etc.) and international competitors (Axis, Bosch, Honeywell, Samsung etc.).

Now that Uniview is readily available in the US market it is quickly becoming a cost effective and high quality replacement for older technology that is clinging on to sales in the USA. Uniview has currently secured more than 1200+ patents in 2016, 83% are innovation patents. Almost every two days one pattern is applied. More than that, Uniview invests more than 15% of sales revenue into R D. All of the above numbers are ranking No.1 in the CCTV industry. Their attention to product quality and innovation ability is staggering when compared with current competitors in the same market.

Uniview is a professional solution provider and project-based company, they focus on middle-range and high-end projects in the manufacture sector in their current domestic market. This can only mean amazing things for the security market in the USA. We will have a brand new manufacturer with tried and proven technology that is compatible up and down with product lines currently in place all over the security market. This means you will be able to implement Uniview in its entirety as a new system or upgrade a piece at a time. Whatever your budget constraints are we can work with you to make sure you are getting the best quality for money.

You will not find Uniview on Amazon or EBay, Uniview as a company cares about its product line and is working hard to ensure that the counterfeit market which has plagued other brands will never harm their customer base. They keep a stringent eye on who is able to carry the brand making sure they represent quality and trust within the security industry.

Univew UNV Camera Systems

Designed for Professional use by Professionals

4 Camera Systems

8 Camera Systems

16 Camera Systems

Uniview Case Studies

Uniview provided IP cameras for city surveillance in Gangnam District, S. Korea

In such a mass security system like city surveillance, it is required to have dense distributed and wide range of surveillance points since cameras are the basic resources to obtain information. In Gangnam District, they used four fixed lens cameras in the intersections to cover four different directions, and a PTZ dome camera to check details when event happens. The dense distributed cameras divided the city into grid, and monitoring every corner with no dead zone.

UNV Customer System Kit Builder

Designing a unique surveillance system for your home or business is as easy as clicking your mouse with our new Custom Kit Builder. With intuitive prompts that guide you along the way, you are in control of your camera styles, NVR or DVR size, power accessories and hard drive space. Still have questions, give us a call, our expert technicians are here to help. Your brand new system is only a few clicks away.


IP Address Classes – IP Network Classes #ip #address, #ip #address #location, #ip, #tcp #ip, #tcp #ip #protocol #find #ip #address, #hide #ip, #my #ip #address, #my #ip, #ip #address #lookup, #proxy, #anonymous #proxy


#

IP Network Classes


IP Networking Classes

Every host on a TCP/IP network needs to have a unique address, similar to you needing a unique address for your house. With this unique address, it is possible to send data from host to host.

Every packet contains addressing information in the header, and the IP address in the header is used to route packets.

If several people on your street had the same address, the post office would have a difficult time sorting mail. For a similar reason, IP addresses are unique on each network.

What is IP addressing?

IP addressing is simply configuring each TCP/IP host with a valid IP address.

For access to the Internet, a host must have an IP address that identifies not only the host address (like a house number) but also identifies the network address (like a street number).

An administrator needs to be aware of proper addressing techniques so that the hosts on the network will function correctly. TCP/IP addresses are based on 32-bit addresses.

IP Address classes

IP addresses are divided into five IP classes:
IP address class A
IP address class B
IP address class C
IP address class D
IP address class E

All IP addresses are placed in a particular class based on the decimal values of their first octets. In the first octet, an IP address can start with a decimal value between 1 and 255.

IP class A addresses have first octets with a decimal number from 1 to 127. Example:
27.x.y.z
102.x.y.z

IP class B addresses have first octets with a decimal number from 128 to 191.Example:
128.x.y.z
151.x.y.z

IP class C addresses have first octets with a decimal number from 192 to 223.Example:
192.x.y.z
223.x.y.z

IP class D addresses have decimal values from 224 to 239 in the first octet, and the 4 leftmost bits are 1110.Example:
224.x.y.z
239.x.y.z

The last IP address class of addresses is IP class E. IP class E addresses range from 240 to 255 in the first octet, and the 4 leftmost bits are 1111. Example:
240.x.y.z
255.x.y.z

The system of IP class addresses has been set up to help ensure assignment of unique IP addresses. DHCP discover, DHCP offer, DHCP request, and DHCP acknowledgment are are four steps in getting an IP address from a DHCP server.

Computer IP Address Configuration


To find out local what is My IP address and possible TCP/IP networking problem follow next steps:

  • If you use win9x/ME go to start-run and type winipcfg. and then press ENTER
  • For win2k/xp or wista go to start-run (Windows Wista user go to Windows button), type cmd and then ENTER. At the DOS prompt type ipconfig and you’ll see DNS suffix, IP address, subnet mask, and default gateway. For more info type ipconfig /all
  • For Macintosh select the TCP/IP control panel from the Apple menu’s “Control Panels” sub-menu. The TCP/IP control panel window will open and display your ip address.

Cisco Unified Wireless IP Phone 7921G #ip #voip #phone


#

Cisco Unified Wireless IP Phone 7921G

Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications. It enables more effective, more secure, and more personal communications that directly affect both sales and profitability. It brings people together by enabling a new way of communicating in which your business moves with you, security is everywhere, and information is always available whenever and wherever it is needed. Cisco Unified Communications is part of an integrated solution that includes network infrastructure, security, mobility, network management products, lifecycle services, flexible deployment and outsourced management options, end-user and partner financing packages, and third-party communications applications.

The power of Cisco Unified Communications extends throughout the enterprise with a powerful, converged wireless solution with intelligent wireless infrastructure and an innovative product: the new Cisco Unified Wireless IP Phone 7921G (Figure 1). The device delivers on-campus mobility to users using the voice-over-wireless LAN.

Figure 1. Cisco Unified Wireless IP Phone 7921G

The Cisco Unified Wireless IP Phone 7921G supports a host of calling features and voice-quality enhancements. The device is an advanced media IP phone, delivering wideband audio capabilities. In addition to wideband audio, Cisco Unified Wireless IP Phone 7921G supports presence, which enables users in a mobile Wi-Fi environment to view the current status of other users. Because the Cisco Unified Wireless IP Phone 7921G is designed to grow with system capabilities, features will keep pace with new system enhancements. Table 1 provides a list of the features, Table 2 summarizes wireless characteristics, Table 3 lists specifications, Table 4 lists accessories, and Table 5 provides certification and compliance information.

Table 1. Features

Cisco Unified IP Phones are covered by a Cisco standard 1-year replacement warranty. A Cisco SMARTnet optional service agreement is available for the Cisco Unified Wireless IP Phone 7921G hardware, Desktop Charger, and Multi-Charger only, not for other accessories, such as batteries.

Note: This product is not a medical device and may use an unlicensed frequency band that is susceptible to interference from other devices or equipment.

Cisco Unified Communications Services and Support

Using the Cisco Lifecycle Services approach, Cisco and its partners offer a broad portfolio of end-to-end services to support the Cisco Unified Communications system. These services are based on proven methodologies for deploying, operating, and optimizing IP communications solutions. Initial planning and design services, for example, can help you meet aggressive deployment schedules and reduce network disruption during implementation. Operate services reduce the risk of communications downtime with expert technical support, and optimize services enhance solution performance for operational excellence. Cisco and its partners offer a system-level service and support approach that can help you create and maintain a resilient, converged network that meets your business needs.


SIP protocol #sip #protocol, #voip #providers #list, #voip, #provider, #list, #catalogue, #voice, #over, #ip, #voip #provider, #voip #providers, #itsp, #h.323, #sip, #ip #telephony #voip, #voice #over #ip,internet #telephony #service #provider, #internet #telephony, #telephony #provider, #voipproviders, #voip #provider


#

SIP protocol

found 1139 companies

VoIP Provider. Diyanat
Location: India /Hyderabad
Main Category: Voip consulting
Categories: VoIP Billing Software Provider, SIP Billing, Voip consulting, Voip engineering
Protocols: SIP, IAX, h.323
Services: PC to Phone, IP devices, Installation and Support Services, H.323 VoIP Gateway, H.323 Softswitch & CPE, Gatekeepering, Consultancy Services, Billing Software, Phone To PC, Phone To Phone, SIP Softswitch & CPE, SIP VoIP Gateway, System Integration, Voice and Video Conferencing, Web To Phone

voip providers in India
voip routes in India
voip catalog with Voip consulting

VoIP Provider. Lantone Information Systems LLP
Location: Singapore
Main Category: Voip consulting
Categories: Voip consulting
Protocols: IAX, SIP
Services: Call Relay VoIP Solutions, Call Routing VoIP Solutions, Consultancy Services, IP devices, PC to Phone, Phone To PC, Phone To Phone, SIP VoIP Gateway, System Integration

voip providers in Singapore
voip routes in Singapore
voip catalog with Voip consulting

VoIP Provider. HablaporInternet
Location: Colombia /Bogota
Main Category: Hardware
Categories: Hardware, International VoIP Wholesale Provider, Voip consulting
Protocols: IAX, SIP
Services: Call Routing VoIP Solutions, Consultancy Services, H.323 Wireless/ GSM VoIP Solutions, IP devices, SIP VoIP Gateway, System Integration, Termination

voip providers in Colombia
voip routes in Colombia
voip catalog with Hardware

VoIP Provider. Switzernet
Location: Switzerland
Main Category: Internet Telephony Service Provider
Categories: International VoIP Wholesale Provider, Internet Telephony Service Provider
Protocols: SIP
Services: PC to Phone, Phone To PC

voip providers in Switzerland
voip routes in Switzerland
voip catalog with Internet Telephony Service Provider

VoIP Provider. Ntelecom – Your Next telecom
Location: Albania /Prishtine
Main Category: International VoIP Wholesale Provider
Categories: Hosted VoIP billing service provider, International VoIP Wholesale Provider, Internet Telephony Service Provider, Internet VoIP and Video Conferencing Service Provider, Network Service Provider, SIP Billing, VoIP Billing Software Provider, Voip consulting, Voip engineering, Voip Termination ISP
Protocols: h.323, SIP
Services: Billing Software, Call Relay VoIP Solutions, Call Routing VoIP Solutions, Collaboration, Consultancy Services, Data Conferencing, E1 Bulk Wholeseller, Fax To Fax, Gatekeepering, H.323 Softswitch & CPE, H.323 VoIP Gateway, H.323 Wireless/ GSM VoIP Solutions, Installation and Support Services, IP devices, Outsourced Billing, Partnering for Origination and Termination, PC to Phone, Phone To PC, Phone To Phone, Project Mangement Services, SIP Softswitch & CPE, SIP VoIP Gateway, System Integration, Termination, Voice and Video Conferencing, vPhone, Web Call, Web To Phone

voip providers in Albania
voip routes in Albania
voip catalog with International VoIP Wholesale Provider

VoIP Provider. FAHR-TELECOM
Location: Germany /Frankfurt am Main
Main Category: Hardware
Categories: Hosted VoIP billing service provider, Hardware
Protocols: SIP, IAX
Services: Call Routing VoIP Solutions

voip providers in Germany
voip routes in Germany
voip catalog with Hardware

VoIP Provider. A-I.NetCom
Location: Italy
Main Category: International VoIP Wholesale Provider
Categories: Internet Telephony Service Provider, International VoIP Wholesale Provider, Network Service Provider, Voip Termination ISP
Protocols: h.323, SIP
Services: Call Routing VoIP Solutions, H.323 VoIP Gateway, H.323 Wireless/ GSM VoIP Solutions, SIP VoIP Gateway

voip providers in Italy
voip routes in Italy
voip catalog with International VoIP Wholesale Provider

VoIP Provider. Airstar Communications Network
Location: Canada /Airdrie
Main Category: Hardware
Categories: International VoIP Wholesale Provider, Hardware
Protocols: h.323, SIP
Services: Termination

voip providers in Canada
voip routes in Canada
voip catalog with Hardware

VoIP Provider. Comcerto
Location: Bahrain /Manama
Main Category: VoIP Billing Software Provider
Categories: Voip consulting, VoIP Billing Software Provider, SIP Billing
Protocols: SIP, MGCP, IAX, h.323
Services: Installation and Support Services, Consultancy Services, Billing Software, SIP Softswitch & CPE

voip providers in Bahrain
voip routes in Bahrain
voip catalog with VoIP Billing Software Provider

VoIP Provider. SABA COMMUNICATIONS
Location: USA /BAKERSFIELD
Main Category: International VoIP Wholesale Provider
Categories: International VoIP Wholesale Provider
Protocols: SIP
Services: Call Routing VoIP Solutions

voip providers in USA
voip routes in USA
voip catalog with International VoIP Wholesale Provider


Configuring DHCP and WDS #microsoft #windows, #server #configuration, #dhcp, #wds, #ip #address, #server #manager, #windows #server #2008, #cloud # # #data #center, #management # # #mobility, #windows #8


#

Configuring DHCP and WDS

During a WDS client s boot process, the normal DHCP traffic occurs. The client broadcasts for an IP address to port UDP 67. Traditionally, only DHCP listened on port UDP 67, but now WDS also listens on port UDP 67 (more on this in a second). When the DHCP server hears the request, it makes an offer. The offer contains an IP address, subnet mask, and any DHCP options you might have set. The client then requests that the DHCP server assign the offerred IP address to the client s MAC address. Lastly, an acknowledgment is broadcast by the DHCP server that for the next eight days (if you keep the defaults) the offerred IP address is assigned to the client. But wait it s not done and this is where it gets interesting from a WDS perspective. The client sends out that first broadcast packet again (technically it s called a discover packet). The DHCP server responds with another offer, but this offer is used to find the WDS server. So what happens when you have WDS and DHCP running on the same server? They can t both listen on port UDP 67 right? Let s look at the three different scenarios for configuring DHCP to help clients find the WDS server.

Scenario 1: WDS and DHCP are running on different servers but on the same subnet so broadcasts are not a problem: As long as the client deploying an image from the WDS server and the WDS server are on the same subnet and different servers, everything works fine with no DHCP options configured.

Scenario 2: WDS and DHCP running on different servers that are on different subnets (broadcasting would be problematic because most enviornments don t allow broadcast traffic to cross subnets: for the WDS client to find the WDS server you ll need to configure two DHCP options option 66 and option 67. Option 66 is the Boot Server Host Name. In the string value of this option type the name or IP address of the WDS server (I like IP address no name resolution issues.) Option 67 is the Bootfile Name, and the string value should contain the name of the file you want your clients to boot. For 32-bit clients use boot\x86\pxeboot.com, and for 64-bit clients use boot\x64\pxeboot.com.

Scenario 3: WDS and DHCP are installed on the same server: You must tell WDS not to listen on port UDP 67, leaving it available for DHCP traffic only. But then how does the client find the WDS server? You set option 60 in DHCP.

If you install WDS on a server that s already running DHCP, during the configuration of WDS the DHCP Option 60 page will appear, and you can select both Do not listen on port 67 and Configure DHCP option 60 to PXEClient . If you install DHCP on a machine that already has WDS installed, you must manually enable option 60 in DHCP.

Configuring DHCP Options

You set DHCP options in the DHCP snap-in found in Server Manager. Expand IPV4, and then if you want to set a Server option, right-click Server Options and choose Configure Options. For a Scope option, expand your scope, right-click Scope Options and choose Configure Options. On the General tab, select the 060 PXEClient check box. For options 66 and 67, scroll down to find 066 Boot Server Host Name. When you select this check box, the String value field in the Data entry box opens. Type in either the IP address or the name of your WDS server. Option 67 is similar to option 66; if you select the 067 Bootfile Name check box, the String value field in the Data entry box opens. Type the name of the file you want your clients to boot. I found these file names in the WDS snap-in/properties of the WDS server/Boot tab. Be sure to get the entire path: boot\x86\pxeboot.com for 32-bit clients and boot\x64\pxeboot.com for 64 bit clients.

Share this article


Wholesale A-Z Termination for VOIP providers, carriers and small business #voice #over #ip #service, #mobile #termination #rates, #provider #voip, #sip #termination, #voip #routes, #voip #carrier


#

MyVoipTraffic VOIP termination services:

  • Wholesale A-Z Termination provider
  • EUR and USD accounts
  • 3 different voip routes for international call termination
  • Protocol: SIP

One of the best voip service providers in the call termination market, MyVoipTraffic offers some of the best voice termination rates in the industry, through its collaboration with over 60 carriers. MyVoipTraffic provides you only the best quality voice termination services on the VOIP market today.

Our voip routes and services are offered to VOIP service providers, wholesale carriers, SIP service providers, Voip providers and Voip carriers, ISPs and small businesses, plus call shops looking for quality wholesale voice termination.

It is easy and simple to set up your with us; you only need to create an account and make a prepayment using one of our payment methods available. You can then configure your device and make international calls at some of the best rates in the world.

Calls are billed in 1 second increments except Mexico fix and mobile which are billed in 60 seconds increment. Rates are subjected to change without notice.

Sign up for FREE and be part of the great voip success!


VoIP Phone Service #hosted #ip #phones


#

Hosted IP Phone

Most business phone systems need to be replaced at least every 10 years. But, if you re a small or mid-sized business, purchasing and maintaining a phone system can be costly. Why pay for the equipment and maintenance when you can simply pay for the service?

Blackfoot offers Ergo, a privately hosted IP phone solution that effectively ensures your company stays current with the latest in digital voice communications. With Ergo, there is no upfront cost and no system to own. One competitive, monthly fee includes use of a state-of-the-art phone system, phone service, tech support, and all required upgrades and maintenance.

Benefits of Blackfoot Hosted IP Phone

  • Savings: No upfront cost eliminates the need to invest in a phone system
  • Partnership: We ll help you determine what technology best suits your business, including desktop, conferencing and cordless devices
  • Value: No costly annual maintenance contract because Blackfoot owns the system – we set it up, maintain it and manage software upgrades remotely
  • Scalable: Extensions are unlimited so you can add as needed to streamline business or as your company grows
  • Mobility: Stay connected to the features of your Ergo phone service anytime, anywhere with Ergo Mobility
  • Administrator Portal: Manage and configure the features and settings of your Ergo phone solution via Business Group Manager
  • Accessible: Hop online and use our CommPortal system to view your calling history, click to call, integrate your contact list, and use advanced features like Find Me/Follow Me and Simultaneous Ring
  • Unified: For added convenience, receive voice mails and faxes as attachments in your email inbox
  • Hunting: If you re on the go, you can direct calls to ring a specific group of phones simultaneously, ensuring you re always able to answer the call
  • Secure: Ergo is hosted on Blackfoot s private cloud, and managed end-to-end
  • Popular Professional Features: Music on hold/Message on hold. call forwarding, call park and pick up, do not disturb, call transfer, direct inward dialing, three-way conferencing and more

Other products that might interest you

Calling Features

Get the latest phone features, like Simultaneous Ring, Remote Access and Unified Voice Mail.

Conferencing Solutions

Ensure efficient, productive conference calling whenever you need to connect with clients, remote employees or vendors.

Integrated Services

Our proven technology carries voice and Internet over a single, managed high-speed connection, saving you money.

Contact an Expert


Get the IP address of the machine – Stack Overflow #how #to #get #my #internet #ip #address


#

This Question is almost the same as the previously asked Get the IP Address of local computer -Question. However I need to find the IP address(es) of a Linux Machine .

So: How do I – programmatically in C++ – detect the IP addresses of the linux server my application is running on. The servers will have at least two IP addresses and I need a specific one (the one in a given network (the public one)).

I’m sure there is a simple function to do that – but where?

To make things a bit clearer:

  • The server will obviously have the “localhost”: 127.0.0.1
  • The server will have an internal (management) IP address: 172.16.x.x
  • The server will have an external (public) IP address: 80.190.x.x

I need to find the external IP address to bind my application to it. Obviously I can also bind to INADDR_ANY (and actually that’s what I do at the moment). I would prefer to detect the public address, though.

asked Oct 17 ’08 at 15:00

I like jjvainio’s answer. As Zan Lnyx says, it uses the local routing table to find the IP address of the ethernet interface that would be used for a connection to a specific external host. By using a connected UDP socket, you can get the information without actually sending any packets. The approach requires that you choose a specific external host. Most of the time, any well-known public IP should do the trick. I like Google’s public DNS server address 8.8.8.8 for this purpose, but there may be times you’d want to choose a different external host IP. Here is some code that illustrates the full approach.

answered Jun 25 ’10 at 18:15

I do not think there is a definitive right answer to your question. Instead there is a big bundle of ways how to get close to what you wish. Hence I will provide some hints how to get it done.

If a machine has more than 2 interfaces ( lo counts as one) you will have problems to autodetect the right interface easily. Here are some recipes on how to do it.

The problem, for example, is if hosts are in a DMZ behind a NAT firewall which changes the public IP into some private IP and forwards the requests. Your machine may have 10 interfaces, but only one corresponds to the public one.

Even autodetection does not work in case you are on double-NAT, where your firewall even translates the source-IP into something completely different. So you cannot even be sure, that the default route leads to your interface with a public interface.

Detect it via the default route

This is my recommended way to autodetect things

Something like ip r get 1.1.1.1 usually tells you the interface which has the default route.

If you want to recreate this in your favourite scripting/programming language, use strace ip r get 1.1.1.1 and follow the yellow brick road.

Set it with /etc/hosts

This is my recommendation if you want to stay in control

You can create an entry in /etc/hosts like

Then you can use this alias publicinterfaceip to refer to your public interface.

Sadly haproxy does not grok this trick with IPv6

Use the environment

This is a good workaround for /etc/hosts in case you are not root

Same as /etc/hosts. but use the environment for this. You can try /etc/profile or

/.profile for this.

Hence if your program needs a variable MYPUBLICIP then you can include code like (this is C, feel free to create C++ from it):

So you can call your script/program /path/to/your/script like this

this even works in crontab .

Enumerate all interfaces and eliminate those you do not want

The desperate way if you cannot use ip

If you do know what you do not want, you can enumerate all interfaces and ignore all the false ones.

Here already seems to be an answer https://stackoverflow.com/a/265978/490291 for this approach.

Do it like DLNA

The way of the drunken man who tries to drown himself in alcohol

You can try to enumerate all the UPnP gateways on your network and this way find out a proper route for some “external” thing. This even might be on a route where your default route does not point to.

This gives you a good impression which one is your real public interface, even if your default route points elsewhere.

There are even more

Where the mountain meets the prophet

IPv6 routers advertise themselves to give you the right IPv6 prefix. Looking at the prefix gives you a hint about if it has some internal IP or a global one.

You can listen for IGMP or IBGP frames to find out some suitable gateway.

There are less than 2^32 IP addresses. Hence it does not take long on a LAN to just ping them all. This gives you a statistical hint on where the majority of the Internet is located from your point of view. However you should be a bit more sensible than the famous https://de.wikipedia.org/wiki/SQL_Slammer

ICMP and even ARP are good sources for network sideband information. It might help you out as well.

You can use Ethernet Broadcast address to contact to all your network infrastructure devices which often will help out, like DHCP (even DHCPv6) and so on.

This additional list is probably endless and always incomplete, because every manufacturer of network devices is busily inventing new security holes on how to auto-detect their own devices. Which often helps a lot on how to detect some public interface where there shouln’t be one.

As the question specifies Linux, my favourite technique for discovering the IP-addresses of a machine is to use netlink. By creating a netlink socket of the protocol NETLINK_ROUTE, and sending an RTM_GETADDR, your application will received a message(s) containing all available IP addresses. An example is provided here.

In order to simply parts of the message handling, libmnl is convenient. If you are curios in figuring out more about the different options of NETLINK_ROUTE (and how they are parsed), the best source is the source code of iproute2 (especially the monitor application) as well as the receive functions in the kernel. The man page of rtnetlink also contains useful information.

answered Jun 27 ’13 at 22:00