Re: How to get a workstation name from ip address
Having explored this a couple times in the past, I can say it's not easy or straight forward. There are exit points that can pass ip addresses from TCPIP/TN3270 server on into VTAM and subsequently to your applications. Depending on the level of logging happening in your network, including firewalls, load balancers, VPN issues, you might be able to track back to a physical (or virtual) instance of a TN3270 emulator. Which, of course, might be driven by a screen scraper. I would agree with the other option suggested. Announce and the tighten port 23 to require encryption. Fix those users whose emulators aren't ready. > -Original Message- > From: IBM Mainframe Discussion List On > Behalf Of don isenstadt > Sent: Tuesday, March 03, 2020 9:32 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: How to get a workstation name from ip address > > Hello..we have many users who are still using port 23 unsecured..so we can > easily identify them with a display tcpip command po=23. The list of ip > addresses needs to be translated to a workstation name because the ip > addresses are volitile. Ping -a does not work on the mainframe. We want the > command to be run from the mainframe. > Thanks, > -don > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
rDNS is just DNS where the name server has PTR records. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of ITschak Mugzach Sent: Tuesday, March 3, 2020 3:52 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address yes, the man page says -a resolve address to hostnames. resolver is DNS afaik. ITschak ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM comming son * On Tue, Mar 3, 2020 at 10:47 PM Grant Taylor < 023065957af1-dmarc-requ...@listserv.ua.edu> wrote: > On 3/3/20 1:03 PM, ITschak Mugzach wrote: > > how about ping -a? it returns the workstation name. > > Where does that name come from? > > Does it rely on reverse DNS? > > > > -- > Grant. . . . > unix || die > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
Your biggest issue will be if your users are using DHCP and the ip address is reassigned to a different user by the time the lookup happens. This assumes that you DHCP servers and DNS servers communicate when a DHCP request is satisfied. About the only way would be to do lookups at sign on time - and if the DNS isn't dynamically updated, even that won't help. One option is after announcing to your users you lock down the use of non secured access and allow the Incident tickets to determine who was impacted. Jerry Whitteridge Delivery Manager / Mainframe Architect GTS - Safeway Account 602 527 4871 Mobile jerry.whitteri...@ibm.com IBM Services IBM Mainframe Discussion List wrote on 03/03/2020 10:32:22 AM: > From: don isenstadt > To: IBM-MAIN@LISTSERV.UA.EDU > Date: 03/03/2020 10:32 AM > Subject: [EXTERNAL] How to get a workstation name from ip address > Sent by: IBM Mainframe Discussion List > > Hello..we have many users who are still using port 23 unsecured..so > we can easily identify them with a display tcpip command po=23. The > list of ip addresses needs to be translated to a workstation name > because the ip addresses are volitile. Ping -a does not work on the > mainframe. We want the command to be run from the mainframe. > Thanks, > -don > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On Tue, Mar 3, 2020 at 1:15 PM Grant Taylor < 023065957af1-dmarc-requ...@listserv.ua.edu> wrote: > On 3/3/20 11:31 AM, John McKown wrote: > > There is a way. But it can be a bit "complicated". > > Fair enough. > > My experience is to start with a manual process that does achieve the > goal, even if it's annoying and completely manual. Once that proves > itself, then you start streamlining & automating if there is enough demand. > > > I don't know the programming interfaces to get the information. But > > you can get the IP address given an LU name. > > Am I correct in assuming that there is a way to get the user name that's > logged into an LU? > Maybe, maybe not. It depends on what they are logging on to. TSO is rather easy. But what about CICS or IMS/DC or . That I don't know. IIRC, CICS will cut an SMF record when someone logs on. Or maybe the logon process itself will cut a RACF audit record. I'm ay home now and can't double check that. > > > ACK > > I'm thinking about a way that doesn't involve DNS. > > If it's possible to enumerate all the LUs to identify the LUs from the > interesting IP addresses, and it's possible to get usernames for said > interesting LUs, then you have the users that are using the interesting > IPs. Thus you know who to contact, completely independent of DNS. > > I am assuming that usernames (almost) directly map to the users and thus > provide a list of who needs to have their workstations updated / > migrated / reconfigured to not use unencrypted TN3270. > Yes, that's true. Actually what a reverse lookup would give you is the workstation name (in Windows at least) and not the name of the Windows user using it. And that's only if the WINS/AD server is set up properly. So, it's very company specific. Come to think of it, using SMF records might be easier than doing something "real time". Unless you need an immediate answer. > > > > -- > Grant. . . . > unix || die > > -- People in sleeping bags are the soft tacos of the bear world. Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On 3/3/20 2:43 PM, don isenstadt wrote: Nslookup does not work on my pc or the MF ..ping -a works on the pc..is there an equivalent of ping -a on the MF? I am surprised that ping -a works when nslookup doesn't work. (Both on your PC.) Would you mind sharing the commands that you're running? It is my (mis)understanding that ping -a simply does a reverse DNS lookup as part of it's operation and that it uses the system's configured DNS server(s). -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
What about dig? -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of don isenstadt Sent: Tuesday, March 3, 2020 4:43 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address Nslookup does not work on my pc or the MF ..ping -a works on the pc..is there an equivalent of ping -a on the MF? I see the syntax is different than unix or the pc -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
Nslookup does not work on my pc or the MF ..ping -a works on the pc..is there an equivalent of ping -a on the MF? I see the syntax is different than unix or the pc -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
I thought it was just a fun, intentional demonstration of hypoantipedanticaticry. I could be wrong, but that is next to unpossible. First Horizon Bank Mainframe Technical Support -Original Message- From: IBM Mainframe Discussion List On Behalf Of Paul Gilmartin Sent: Tuesday, March 3, 2020 3:30 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address [External Email. Exercise caution when clicking links or opening attachments.] On Tue, 3 Mar 2020 10:21:09 -0800, Charles Mills wrote: >I hesitate a little to possibly just add to the noise because I don't really >know the answer; I'm just hypothecating. > (hypotheticating? Not that either. hypothesizing? Aren't spellcheckers fun?) >Does a workstation necessarily have a name? In the protocol, I mean. A dumb >terminal with no name can do telnet. Is there anything to the connection >request other than "Hi, I'm 192.168.1.1, let's connect"? There's no query >where the mainframe says "tell me about yourself," right? > And that IP address may have been assigned by DHCP. DHCP may retain the association and disclose it on request. But DHCP might generate a surrogate host name, a transformation of the IP address it assigned. Some might consider making such information generally available a security risk. There's a (weak) argument there for choosing opaque hostnames. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN Confidentiality notice: This e-mail message, including any attachments, may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution, or copying of this e-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this e-mail message from your computer. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
yes, the man page says -a resolve address to hostnames. resolver is DNS afaik. ITschak ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM comming son * On Tue, Mar 3, 2020 at 10:47 PM Grant Taylor < 023065957af1-dmarc-requ...@listserv.ua.edu> wrote: > On 3/3/20 1:03 PM, ITschak Mugzach wrote: > > how about ping -a? it returns the workstation name. > > Where does that name come from? > > Does it rely on reverse DNS? > > > > -- > Grant. . . . > unix || die > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On 3/3/20 1:03 PM, ITschak Mugzach wrote: how about ping -a? it returns the workstation name. Where does that name come from? Does it rely on reverse DNS? -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On Tue, 3 Mar 2020 10:21:09 -0800, Charles Mills wrote: >I hesitate a little to possibly just add to the noise because I don't really >know the answer; I'm just hypothecating. > (hypotheticating? Not that either. hypothesizing? Aren't spellcheckers fun?) >Does a workstation necessarily have a name? In the protocol, I mean. A dumb >terminal with no name can do telnet. Is there anything to the connection >request other than "Hi, I'm 192.168.1.1, let's connect"? There's no query >where the mainframe says "tell me about yourself," right? > And that IP address may have been assigned by DHCP. DHCP may retain the association and disclose it on request. But DHCP might generate a surrogate host name, a transformation of the IP address it assigned. Some might consider making such information generally available a security risk. There's a (weak) argument there for choosing opaque hostnames. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
how about ping -a? it returns the workstation name. ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM comming son * On Tue, Mar 3, 2020 at 10:00 PM Seymour J Metz wrote: > A TN3270 client has an IP address, may have a domain name and does not > have an LUNAME. The TN3270 has a pool of LUNAMEs that it assigns from when > a client connects. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > > From: IBM Mainframe Discussion List on behalf > of Charles Mills > Sent: Tuesday, March 3, 2020 1:21 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: How to get a workstation name from ip address > > I hesitate a little to possibly just add to the noise because I don't > really know the answer; I'm just hypothecating. > > Does a workstation necessarily have a name? In the protocol, I mean. A > dumb terminal with no name can do telnet. Is there anything to the > connection request other than "Hi, I'm 192.168.1.1, let's connect"? There's > no query where the mainframe says "tell me about yourself," right? > > I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I > say "here is my name to give to the host." There is a space for an "LU > name" but it's blank and I have no idea what it is for. My Windows has a > hostname but there is no reason to think it is unique in any given host's > clients. > > I fear the question may not have an answer. > > There's always my favorite approach: disable it and see who screams. > (Yeah, you could put out some sort of warning broadcast a month in advance.) > > Charles > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of don isenstadt > Sent: Tuesday, March 3, 2020 9:32 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: How to get a workstation name from ip address > > Hello..we have many users who are still using port 23 unsecured..so we can > easily identify them with a display tcpip command po=23. The list of ip > addresses needs to be translated to a workstation name because the ip > addresses are volitile. Ping -a does not work on the mainframe. We want > the command to be run from the mainframe. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
A TN3270 client has an IP address, may have a domain name and does not have an LUNAME. The TN3270 has a pool of LUNAMEs that it assigns from when a client connects. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Charles Mills Sent: Tuesday, March 3, 2020 1:21 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address I hesitate a little to possibly just add to the noise because I don't really know the answer; I'm just hypothecating. Does a workstation necessarily have a name? In the protocol, I mean. A dumb terminal with no name can do telnet. Is there anything to the connection request other than "Hi, I'm 192.168.1.1, let's connect"? There's no query where the mainframe says "tell me about yourself," right? I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I say "here is my name to give to the host." There is a space for an "LU name" but it's blank and I have no idea what it is for. My Windows has a hostname but there is no reason to think it is unique in any given host's clients. I fear the question may not have an answer. There's always my favorite approach: disable it and see who screams. (Yeah, you could put out some sort of warning broadcast a month in advance.) Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of don isenstadt Sent: Tuesday, March 3, 2020 9:32 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: How to get a workstation name from ip address Hello..we have many users who are still using port 23 unsecured..so we can easily identify them with a display tcpip command po=23. The list of ip addresses needs to be translated to a workstation name because the ip addresses are volitile. Ping -a does not work on the mainframe. We want the command to be run from the mainframe. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On Mar 3, 2020, at 1:30 PM, Grant Taylor <023065957af1-dmarc-requ...@listserv.ua.edu> wrote: > > I suspect that the "LU name" is probably the TN3270's counterpart to "answer > back". > I think that’s right. -- Pew, Curtis G curtis@austin.utexas.edu -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On 3/3/20 12:24 PM, Farley, Peter x23353 wrote: From the other responses it would seem that getting a "host name" for the remote IP address may in fact require a "reverse DNS" lookup to get that name. (Reverse) DNS is the contemporary way to get IP to host name mapping. There are others, but they have fallen out of favor years (decades?) ago. I also don't know if the mainframe supports them; hosts file, NIS, etc. I wonder, does "reverse DNS" get you to the actual connected system (presumably a PC of some sort) Most services only look at the remote IP of the established connection. even if the PC is behind a router and uses DHCP for a local network address (so only the router has a "public" IP address)? (Reverse) DNS may get you the hostname of the IP behind the router /if/ that IP is known. Most SOHO routers like you are describing NAT to a single external IP, which is seen by the mainframe. As such, the mainframe won't see the IP that is behind the SOHO routers like you are talking about. What if the PC also uses a VPN to connect to the remote system? Same thing applies. It's all about the remote IP address of the established connection. What about "thin client" setups? What does a system that gives you a 3270 screen in a browser window (i.e., no actual tn3270 software on the PC) look like on the VTAM side? What IP address does it see connecting? Same thing applies. The mainframe will see the remote IP address of thee established TCP connection. This IP will most likely be the server that is providing the web-to-3270 gateway function, which is decidedly NOT the thin client. Interesting questions. Indeed. -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
The LUNAME that you're seeing is the name for TSO, not the name for your PCOMM. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Farley, Peter x23353 Sent: Tuesday, March 3, 2020 2:24 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address My PCOMM emulator (V5.7) on my work PC displays the LU name that it connects to in the window area below the actual 3270 screen (below the 3270 "operator information area") when I connect remotely to my employer's system. I don’t see my Vista emulator dong the same, but Tom should be able to tell you if he has it available somewhere in his menus. I have seen ADCD system connect screens that put the LU name on the screen when you connect, so I presume it is available somewhere in VTAM at connection time, but I've only seen that LU name displayed when connecting via tn3270e to an IP address, not when connecting to a "local" (non-network) device. I do not know if there is a display command or a VTAM API that could get you the LU name, but that isn't a "workstation identifier" either when you think of it, since you are likely to get a different LU name every time you connect. >From the other responses it would seem that getting a "host name" for the >remote IP address may in fact require a "reverse DNS" lookup to get that name. > I wonder, does "reverse DNS" get you to the actual connected system >(presumably a PC of some sort) even if the PC is behind a router and uses DHCP >for a local network address (so only the router has a "public" IP address)? >What if the PC also uses a VPN to connect to the remote system? What about "thin client" setups? What does a system that gives you a 3270 screen in a browser window (i.e., no actual tn3270 software on the PC) look like on the VTAM side? What IP address does it see connecting? Interesting questions. Peter -Original Message- From: IBM Mainframe Discussion List On Behalf Of Charles Mills Sent: Tuesday, March 3, 2020 1:21 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address I hesitate a little to possibly just add to the noise because I don't really know the answer; I'm just hypothecating. Does a workstation necessarily have a name? In the protocol, I mean. A dumb terminal with no name can do telnet. Is there anything to the connection request other than "Hi, I'm 192.168.1.1, let's connect"? There's no query where the mainframe says "tell me about yourself," right? I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I say "here is my name to give to the host." There is a space for an "LU name" but it's blank and I have no idea what it is for. My Windows has a hostname but there is no reason to think it is unique in any given host's clients. I fear the question may not have an answer. There's always my favorite approach: disable it and see who screams. (Yeah, you could put out some sort of warning broadcast a month in advance.) Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of don isenstadt Sent: Tuesday, March 3, 2020 9:32 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: How to get a workstation name from ip address Hello..we have many users who are still using port 23 unsecured..so we can easily identify them with a display tcpip command po=23. The list of ip addresses needs to be translated to a workstation name because the ip addresses are volitile. Ping -a does not work on the mainframe. We want the command to be run from the mainframe. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On 3/3/20 11:21 AM, Charles Mills wrote: Does a workstation necessarily have a name? That turns into a slippery slope of "What is a name?" / "What does the name actually mean?". I think that the host end has a name / ID for the connection, at least insofar as differentiating the connection / session from other connections / sessions. The client may not have / know about / care about any such identifier. The client may have a (DNS) hostname associated with it's IP, be it dynamic or otherwise. These two client ""names may not be the same thing. In the protocol, I mean. A dumb terminal with no name can do telnet. Is there anything to the connection request other than "Hi, I'm 192.168.1.1, let's connect"? There's no query where the mainframe says "tell me about yourself," right? I don't know about TN3270. Traditional telnet does support what open systems refer to as "answer back", which is some sort of name / ID / string that is configured on the client. I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I say "here is my name to give to the host." There is a space for an "LU name" but it's blank and I have no idea what it is for. I suspect that the "LU name" is probably the TN3270's counterpart to "answer back". I've been told that years ago host applications would use this answer back / LU name as an identifier to alter how things behaved. It could be anything from choosing the default printer (hypothetically physically closer to the terminal) or choosing different terminal behaviors, etc. I have dabbled with this in Linux to alter the environment to change the way that error messages are displayed. I have a few client machines that are using a more capable version of XTerm that supports graphics. So, if the answer back has the specifically configured and recognized names / IDs / strings, my shell can know that it can send fancy error messages w/ graphics back to me. One important thing to remember is that you should not use the answer back / LU name for any (important) security information because the information is provided by the client. This means that any client can change what it provides, possibly even spoofing information as a means to gain elevated privileges. My Windows has a hostname but there is no reason to think it is unique in any given host's clients. Do to the vagaries of Windows (read: NetBIOS) networking, I would expect the hostname to be unique within a given network (segment), or that there are other problems. I fear the question may not have an answer. I suspect that you are closer with the "LU name" than you may have realized. There's always my favorite approach: disable it and see who screams. (Yeah, you could put out some sort of warning broadcast a month in advance.) BOFH: Scream tests are always fun. }:-) -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
There are two logical units in a session, each having its own LUNAME. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Pew, Curtis G Sent: Tuesday, March 3, 2020 2:18 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address On Mar 3, 2020, at 12:21 PM, Charles Mills wrote: > > I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I say > "here is my name to give to the host." There is a space for an "LU name" but > it's blank and I have no idea what it is for. My Windows has a hostname but > there is no reason to think it is unique in any given host's clients. > The LUNAME is a part of the tn3270E protocol, but I would hesitate to use it as a client identifier; it’s more about what on the server the client thinks it wants to access. You *may* configure the tn3270 server to use LUNAME to determine which USSTAB to use for the session or even to connect directly to a particular VTAM application. The OSA-ICC tn3270 server *requires* clients to provide an LUNAME, and uses it to select the LPAR and unit number for the session. Those are the two tn3270 servers I’m familiar with. Others may do other things with the tn3270 LUNAME. There’s no inherent security on LUNAME, though; all tn3270E clients I know of allow the user to put anything in there. It’s up to the server to decide what to do with it. -- Pew, Curtis G curtis@austin.utexas.edu -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
There is a field set by NVAS in the (CINIT?) that passes the IP address. Other session managers may do likewise. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Pew, Curtis G Sent: Tuesday, March 3, 2020 2:22 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address On Mar 3, 2020, at 1:18 PM, Pew, Curtis G wrote: > > You *may* configure the tn3270 server to use LUNAME to determine which USSTAB > to use for the session or even to connect directly to a particular VTAM > application. > I should have also said that the LUNAME in the tn3270E protocol doesn’t necessarily have any relation to the VTAM LU identifier used for the session, although I believe you could configure it to map them somehow. -- Pew, Curtis G curtis@austin.utexas.edu -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
My PCOMM emulator (V5.7) on my work PC displays the LU name that it connects to in the window area below the actual 3270 screen (below the 3270 "operator information area") when I connect remotely to my employer's system. I don’t see my Vista emulator dong the same, but Tom should be able to tell you if he has it available somewhere in his menus. I have seen ADCD system connect screens that put the LU name on the screen when you connect, so I presume it is available somewhere in VTAM at connection time, but I've only seen that LU name displayed when connecting via tn3270e to an IP address, not when connecting to a "local" (non-network) device. I do not know if there is a display command or a VTAM API that could get you the LU name, but that isn't a "workstation identifier" either when you think of it, since you are likely to get a different LU name every time you connect. From the other responses it would seem that getting a "host name" for the remote IP address may in fact require a "reverse DNS" lookup to get that name. I wonder, does "reverse DNS" get you to the actual connected system (presumably a PC of some sort) even if the PC is behind a router and uses DHCP for a local network address (so only the router has a "public" IP address)? What if the PC also uses a VPN to connect to the remote system? What about "thin client" setups? What does a system that gives you a 3270 screen in a browser window (i.e., no actual tn3270 software on the PC) look like on the VTAM side? What IP address does it see connecting? Interesting questions. Peter -Original Message- From: IBM Mainframe Discussion List On Behalf Of Charles Mills Sent: Tuesday, March 3, 2020 1:21 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How to get a workstation name from ip address I hesitate a little to possibly just add to the noise because I don't really know the answer; I'm just hypothecating. Does a workstation necessarily have a name? In the protocol, I mean. A dumb terminal with no name can do telnet. Is there anything to the connection request other than "Hi, I'm 192.168.1.1, let's connect"? There's no query where the mainframe says "tell me about yourself," right? I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I say "here is my name to give to the host." There is a space for an "LU name" but it's blank and I have no idea what it is for. My Windows has a hostname but there is no reason to think it is unique in any given host's clients. I fear the question may not have an answer. There's always my favorite approach: disable it and see who screams. (Yeah, you could put out some sort of warning broadcast a month in advance.) Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of don isenstadt Sent: Tuesday, March 3, 2020 9:32 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: How to get a workstation name from ip address Hello..we have many users who are still using port 23 unsecured..so we can easily identify them with a display tcpip command po=23. The list of ip addresses needs to be translated to a workstation name because the ip addresses are volitile. Ping -a does not work on the mainframe. We want the command to be run from the mainframe. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On Mar 3, 2020, at 1:18 PM, Pew, Curtis G wrote: > > You *may* configure the tn3270 server to use LUNAME to determine which USSTAB > to use for the session or even to connect directly to a particular VTAM > application. > I should have also said that the LUNAME in the tn3270E protocol doesn’t necessarily have any relation to the VTAM LU identifier used for the session, although I believe you could configure it to map them somehow. -- Pew, Curtis G curtis@austin.utexas.edu -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
Ping -a? בתאריך יום ג׳, 3 במרץ 2020, 21:15, מאת Grant Taylor < 023065957af1-dmarc-requ...@listserv.ua.edu>: > On 3/3/20 11:31 AM, John McKown wrote: > > There is a way. But it can be a bit "complicated". > > Fair enough. > > My experience is to start with a manual process that does achieve the > goal, even if it's annoying and completely manual. Once that proves > itself, then you start streamlining & automating if there is enough demand. > > > I don't know the programming interfaces to get the information. But > > you can get the IP address given an LU name. > > Am I correct in assuming that there is a way to get the user name that's > logged into an LU? > > > The operator command looks like: > > > > *D NET,,ID=E08VETHH* > > IST097I DISPLAY ACCEPTED > > IST075I NAME = UICINET1.E08VETHH, TYPE = DYNAMIC APPL 584 > > IST486I STATUS= ACT/S, DESIRED STATE= ACTIV > > IST1447I REGISTRATION TYPE = CDSERVR > > IST1629I MODSRCH = NEVER > > IST977I MDLTAB=***NA*** ASLTAB=***NA*** > > IST861I MODETAB=MODETABP USSTAB=***NA*** LOGTAB=***NA*** > > IST934I DLOGMOD=***NA*** USS LANGTAB=***NA*** > > IST1632I VPACING = 1 > > IST1938I APPC = NO > > IST597I CAPABILITY-PLU ENABLED ,SLU ENABLED ,SESSION LIMIT 0001 > > IST231I APPL MAJOR NODE = E08ACCES > > IST1425I DEFINED USING MODEL E08VET?? > > IST212I ACBNAME = ECCVETHH > > IST654I I/O TRACE = OFF, BUFFER TRACE = OFF > > IST1500I STATE TRACE = OFF > > IST271I JOBNAME = TN3270, STEPNAME = TN3270, DSPNAME = IST6B7ED > > IST228I ENCRYPTION = OPTIONAL , TYPE = DES > > IST1563I CKEYNAME = E08VETHH CKEY = PRIMARY CERTIFY = NO > > IST1552I MAC = NONE MACTYPE = NONE > > IST1050I MAXIMUM COMPRESSION LEVEL - INPUT = 0, OUTPUT = 0 > > IST1633I ASRCVLM = 100 > > IST1634I DATA SPACE USAGE: CURRENT = 0 MAXIMUM = 136 > > IST1634I DATA SPACE USAGE: CURRENT = 0 MAXIMUM = 136 > > *IST1669I IPADDR..PORT 10.43.130.61..53971* > > IST171I ACTIVE SESSIONS = 01, SESSION REQUESTS = 00 > > IST314I END > > So you can associate a TN3270 LU with an IP address. > > > You can then do the TSO NETSTAT command to try a "reverse DNS lookup" by: > > > > NETSTAT 10.43.130.61 > > > > However, on our system, there is not a "reverse DNS" lookup on > > workstation names, it appears. > > ACK > > I'm thinking about a way that doesn't involve DNS. > > If it's possible to enumerate all the LUs to identify the LUs from the > interesting IP addresses, and it's possible to get usernames for said > interesting LUs, then you have the users that are using the interesting > IPs. Thus you know who to contact, completely independent of DNS. > > I am assuming that usernames (almost) directly map to the users and thus > provide a list of who needs to have their workstations updated / > migrated / reconfigured to not use unencrypted TN3270. > > > > -- > Grant. . . . > unix || die > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On Mar 3, 2020, at 12:21 PM, Charles Mills wrote: > > I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I say > "here is my name to give to the host." There is a space for an "LU name" but > it's blank and I have no idea what it is for. My Windows has a hostname but > there is no reason to think it is unique in any given host's clients. > The LUNAME is a part of the tn3270E protocol, but I would hesitate to use it as a client identifier; it’s more about what on the server the client thinks it wants to access. You *may* configure the tn3270 server to use LUNAME to determine which USSTAB to use for the session or even to connect directly to a particular VTAM application. The OSA-ICC tn3270 server *requires* clients to provide an LUNAME, and uses it to select the LPAR and unit number for the session. Those are the two tn3270 servers I’m familiar with. Others may do other things with the tn3270 LUNAME. There’s no inherent security on LUNAME, though; all tn3270E clients I know of allow the user to put anything in there. It’s up to the server to decide what to do with it. -- Pew, Curtis G curtis@austin.utexas.edu -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On 3/3/20 11:31 AM, John McKown wrote: There is a way. But it can be a bit "complicated". Fair enough. My experience is to start with a manual process that does achieve the goal, even if it's annoying and completely manual. Once that proves itself, then you start streamlining & automating if there is enough demand. I don't know the programming interfaces to get the information. But you can get the IP address given an LU name. Am I correct in assuming that there is a way to get the user name that's logged into an LU? The operator command looks like: *D NET,,ID=E08VETHH* IST097I DISPLAY ACCEPTED IST075I NAME = UICINET1.E08VETHH, TYPE = DYNAMIC APPL 584 IST486I STATUS= ACT/S, DESIRED STATE= ACTIV IST1447I REGISTRATION TYPE = CDSERVR IST1629I MODSRCH = NEVER IST977I MDLTAB=***NA*** ASLTAB=***NA*** IST861I MODETAB=MODETABP USSTAB=***NA*** LOGTAB=***NA*** IST934I DLOGMOD=***NA*** USS LANGTAB=***NA*** IST1632I VPACING = 1 IST1938I APPC = NO IST597I CAPABILITY-PLU ENABLED ,SLU ENABLED ,SESSION LIMIT 0001 IST231I APPL MAJOR NODE = E08ACCES IST1425I DEFINED USING MODEL E08VET?? IST212I ACBNAME = ECCVETHH IST654I I/O TRACE = OFF, BUFFER TRACE = OFF IST1500I STATE TRACE = OFF IST271I JOBNAME = TN3270, STEPNAME = TN3270, DSPNAME = IST6B7ED IST228I ENCRYPTION = OPTIONAL , TYPE = DES IST1563I CKEYNAME = E08VETHH CKEY = PRIMARY CERTIFY = NO IST1552I MAC = NONE MACTYPE = NONE IST1050I MAXIMUM COMPRESSION LEVEL - INPUT = 0, OUTPUT = 0 IST1633I ASRCVLM = 100 IST1634I DATA SPACE USAGE: CURRENT = 0 MAXIMUM = 136 IST1634I DATA SPACE USAGE: CURRENT = 0 MAXIMUM = 136 *IST1669I IPADDR..PORT 10.43.130.61..53971* IST171I ACTIVE SESSIONS = 01, SESSION REQUESTS = 00 IST314I END So you can associate a TN3270 LU with an IP address. You can then do the TSO NETSTAT command to try a "reverse DNS lookup" by: NETSTAT 10.43.130.61 However, on our system, there is not a "reverse DNS" lookup on workstation names, it appears. ACK I'm thinking about a way that doesn't involve DNS. If it's possible to enumerate all the LUs to identify the LUs from the interesting IP addresses, and it's possible to get usernames for said interesting LUs, then you have the users that are using the interesting IPs. Thus you know who to contact, completely independent of DNS. I am assuming that usernames (almost) directly map to the users and thus provide a list of who needs to have their workstations updated / migrated / reconfigured to not use unencrypted TN3270. -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On Tue, Mar 3, 2020 at 11:50 AM Grant Taylor < 023065957af1-dmarc-requ...@listserv.ua.edu> wrote: > On 3/3/20 10:32 AM, don isenstadt wrote: > > Hello..we have many users who are still using port 23 unsecured..so we > > can easily identify them with a display tcpip command po=23. > > related n00b question: > > Is there a way to associate TCP connections to TN3270 (?) devices? > > Is there a way to associate TN3270 devices to users? > > It may be a multi-step process, and have problems with newly opened and > recently closed connections in between the steps, but I would expect > there to be a way to do this. > > I would also expect this to be somewhat more reliable than reverse DNS > in that this would come from data directly accessible on the mainframe > and not rely on data sources off of / further away from the mainframe. > (I trust closer data sources more than I do further away data sources.) > > > > -- > Grant. . . . > unix || die > > There is a way. But it can be a bit "complicated". I don't know the programming interfaces to get the information. But you can get the IP address given an LU name. The operator command looks like: *D NET,,ID=E08VETHH* IST097I DISPLAY ACCEPTED IST075I NAME = UICINET1.E08VETHH, TYPE = DYNAMIC APPL 584 IST486I STATUS= ACT/S, DESIRED STATE= ACTIV IST1447I REGISTRATION TYPE = CDSERVR IST1629I MODSRCH = NEVER IST977I MDLTAB=***NA*** ASLTAB=***NA*** IST861I MODETAB=MODETABP USSTAB=***NA*** LOGTAB=***NA*** IST934I DLOGMOD=***NA*** USS LANGTAB=***NA*** IST1632I VPACING = 1 IST1938I APPC = NO IST597I CAPABILITY-PLU ENABLED ,SLU ENABLED ,SESSION LIMIT 0001 IST231I APPL MAJOR NODE = E08ACCES IST1425I DEFINED USING MODEL E08VET?? IST212I ACBNAME = ECCVETHH IST654I I/O TRACE = OFF, BUFFER TRACE = OFF IST1500I STATE TRACE = OFF IST271I JOBNAME = TN3270, STEPNAME = TN3270, DSPNAME = IST6B7ED IST228I ENCRYPTION = OPTIONAL , TYPE = DES IST1563I CKEYNAME = E08VETHH CKEY = PRIMARY CERTIFY = NO IST1552I MAC = NONE MACTYPE = NONE IST1050I MAXIMUM COMPRESSION LEVEL - INPUT = 0, OUTPUT = 0 IST1633I ASRCVLM = 100 IST1634I DATA SPACE USAGE: CURRENT = 0 MAXIMUM = 136 IST1634I DATA SPACE USAGE: CURRENT = 0 MAXIMUM = 136 *IST1669I IPADDR..PORT 10.43.130.61..53971* IST171I ACTIVE SESSIONS = 01, SESSION REQUESTS = 00 IST314I END You can then do the TSO NETSTAT command to try a "reverse DNS lookup" by: NETSTAT 10.43.130.61 However, on our system, there is not a "reverse DNS" lookup on workstation names, it appears. -- People in sleeping bags are the soft tacos of the bear world. Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
I hesitate a little to possibly just add to the noise because I don't really know the answer; I'm just hypothecating. Does a workstation necessarily have a name? In the protocol, I mean. A dumb terminal with no name can do telnet. Is there anything to the connection request other than "Hi, I'm 192.168.1.1, let's connect"? There's no query where the mainframe says "tell me about yourself," right? I don't recall anything in my 3270 emulator (Tom Brennan's Vista) where I say "here is my name to give to the host." There is a space for an "LU name" but it's blank and I have no idea what it is for. My Windows has a hostname but there is no reason to think it is unique in any given host's clients. I fear the question may not have an answer. There's always my favorite approach: disable it and see who screams. (Yeah, you could put out some sort of warning broadcast a month in advance.) Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of don isenstadt Sent: Tuesday, March 3, 2020 9:32 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: How to get a workstation name from ip address Hello..we have many users who are still using port 23 unsecured..so we can easily identify them with a display tcpip command po=23. The list of ip addresses needs to be translated to a workstation name because the ip addresses are volitile. Ping -a does not work on the mainframe. We want the command to be run from the mainframe. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On Tue, Mar 3, 2020 at 11:32 AM don isenstadt wrote: > Hello..we have many users who are still using port 23 unsecured..so we can > easily identify them with a display tcpip command po=23. The list of ip > addresses needs to be translated to a workstation name because the ip > addresses are volitile. Ping -a does not work on the mainframe. We want > the command to be run from the mainframe. > Thanks, > -don > > In order to do this, the z/OS system must use a DNS server (here we use SYS1.LIH1.PARMLIB(TCPDATA) with the IP of the DNS server being specified in the NSINTERADDR statement). The DNS server here is maintained by the Network ("open") people. Most of the IP addresses have a "reverse DNS lookup" entered. So we can do something like this on TSO: NSLOOKUP 10.170.30.10 and get: EZB3170I Server: nrhdomp002.uicnrh.dom EZB3172I Address: 10.170.5.9 EZB3170I Name:lih1.uicnrh.dom EZB3172I Address: 10.170.30.10 back to the TSO session. This uses the "gethostbyaddr()" function. C Ref: https://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hala001/maphost.htm HLASM Ref: https://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hala001/mgbyad.htm REXX Ref: https://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hala001/rexx_gethostbyaddr_r.htm -- People in sleeping bags are the soft tacos of the bear world. Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
On 3/3/20 10:32 AM, don isenstadt wrote: Hello..we have many users who are still using port 23 unsecured..so we can easily identify them with a display tcpip command po=23. related n00b question: Is there a way to associate TCP connections to TN3270 (?) devices? Is there a way to associate TN3270 devices to users? It may be a multi-step process, and have problems with newly opened and recently closed connections in between the steps, but I would expect there to be a way to do this. I would also expect this to be somewhat more reliable than reverse DNS in that this would come from data directly accessible on the mainframe and not rely on data sources off of / further away from the mainframe. (I trust closer data sources more than I do further away data sources.) -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: How to get a workstation name from ip address
Have you configured a dynamic rDNS server? -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of don isenstadt Sent: Tuesday, March 3, 2020 12:32 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: How to get a workstation name from ip address Hello..we have many users who are still using port 23 unsecured..so we can easily identify them with a display tcpip command po=23. The list of ip addresses needs to be translated to a workstation name because the ip addresses are volitile. Ping -a does not work on the mainframe. We want the command to be run from the mainframe. Thanks, -don -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
How to get a workstation name from ip address
Hello..we have many users who are still using port 23 unsecured..so we can easily identify them with a display tcpip command po=23. The list of ip addresses needs to be translated to a workstation name because the ip addresses are volitile. Ping -a does not work on the mainframe. We want the command to be run from the mainframe. Thanks, -don -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN