Re: logging remote IP address
Sorry I'm coming into this discussion so late. I tend not to read work email on weekends for my own sanity. Let's not equate IPs with users. The fact of the matter is there are a lot of places that use cable routers to share one internet IP with a number of different clients. Here in Ithaca, it's as common as water with student housing doing some not so legal things with their Roadrunner hook-ups. I'm sure other areas are doing the same stuff with both cable routers and wireless access points. The facts of the matter are you have two different sessions with two different login. Personally I would consider that enough to determine there are two different people regardless of the common IP. --David Mark wrote: I'm trying to figure out is is the client on remote network has a duplicated id's (id used in my aplication). Here an example: I have two entries in access log file within 30 second from the same IP, but different logon id - my question is how to track it down that it's a different person? I check cookies: sessionID is not the same, but it doesn't help since you can close and open a browser to create a new cooke string. It might be getting of Tomcat topic, but any input is welcome. Thanks, Mark. --- Cervenka, Tom [EMAIL PROTECTED] wrote: Mark, Why do want to know the internal NAT ip address of a request? How is this helpful? Also, what if the requests come from clients with accounts on the same multiuser system? Are you trying to figure out how to tell them apart? There is no NAT address in this case. Maybe what you are trying to do is best solved by using cookies? What is it that you are trying to do? Tom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
snip Let's not equate IPs with users. The fact of the matter is there are a lot of places that use cable routers to share one internet IP with a number of different clients. /snip You probably did not have time to read all of the posts, David, but, the fact of the matter, I think everyone was clear on this one. snip The facts of the matter are you have two different sessions with two different login. Personally I would consider that enough to determine there are two different people regardless of the common IP. /snip Different sessions do not indicate two different people or two different machines anymore than the same ip address indicates the same person. I think that the original question, however, would have been happy with identifying two different machines. And, of course, one can do thatl So we do not have to make your assumption. Jack -- You can lead a horse to water but you cannot make it float on its back. Heaven has changed. The Sky now goes all the way to our feet. ~Dakota Jack~ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
Mark wrote: I'm just tring to see if http request that came from one IP address has more then 1 client behind it. I've seen on some webpages that My IP is displayed as both external and internal - so it means it's doable - but the question is how to get this info in Tomcat. If your local an your external (NATed) IP addresses are both displayed by a webpage you access, you are almost certainly accessing this site via a proxy that set the X-Forwarded-For HTTP-header-field to contain your local IP (the IP the proxy itself was accessed from). But that's nothing you can rely on. Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
snip On Fri, 28 Jan 2005 20:43:20 -0500, Parsons Technical Services [EMAIL PROTECTED] wrote: Definitely possible. Not as unlikely as you think. I know of shops that put a whole bunch of users on the same IP. Then there are schools that put a hundreds of classroom machines on one IP. Doug /snip If you remember the context in which I am working here, this is not so clear. I know why you think it is and from the context in which you are talking, I understand why you say that. However, remember that each person or machine that has access to a server in order to make a request must be uniquely identified or that person or machine cannot get a response. This could take quite a while to discuss, actually. The IP address that is exposed to the public, which is the one I use, has to be different or there would be no way to get back to the client machine. So, we may be talking about same IP in a different sense. Remember that distinctions you may be making in URLs I am making in IPs. There might not even be a URL (i.e. non-number URI) in my case. Jack -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ You can't wake a person who is pretending to be asleep. ~Native Proverb~ Each man is good in His sight. It is not necessary for eagles to be crows. We are poor . . . but we are free. ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: logging remote IP address
From: Dakota Jack [mailto:[EMAIL PROTECTED] Subject: Re: logging remote IP address The IP address that is exposed to the public, which is the one I use, has to be different or there would be no way to get back to the client machine. Not true - the combination of IP address and PORT must be unique, not just the IP address. This is the essence of how NAT and proxies work. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT]Re: logging remote IP address
From: Dakota Jack [mailto:[EMAIL PROTECTED] Subject: Re: logging remote IP address The IP address that is exposed to the public, which is the one I use, has to be different or there would be no way to get back to the client machine. Charles Wrote: Not true - the combination of IP address and PORT must be unique, not just the IP address. This is the essence of how NAT and proxies work. To expand on this, the job of a nat or pat device is not only to re-write the IP in the packet for as you say the packet would never return to the user, but to also keep track of all the connections established out bound and where they come from on the inside. When you make a request you send out a packet. It's destination is port 80 but the source on your machine may be any upper port. So it could look like: Source 192.168.10.31 port 14984 Destination 206.67.68.2 port 80 When the pat/nat devices gets done Source 67.34.126.21 port 44543 Destination 206.67.68.2 port 80 What is critical is that the pat/nat device remembers that: 192.168.10.31 port 14984 equals 67.34.126.21 port 44543 and thus reverses the changes in the packet. If another machine goes out it will get a unique port and thus the pat/nat device can keep track of which one is which. As for what is nat and pat. nat: Network address translation. All inside adresses are converted to one (Masqurade) outside address or one inside address is translated into a specific outside address. With the later your client will alwas have the same address. pat: pooled address translation. Same as Masqurade but done with a pool of addresses to support more clients. Hope this helps. Doug PS I think we left the pavement a long time ago, and thus this would be off topic. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: logging remote IP address
snip On Sat, 29 Jan 2005 22:58:01 -0500, Parsons Technical Services Not true - the combination of IP address and PORT must be unique, not just the IP address. This is the essence of how NAT and proxies work. /snip Yes, once again, I agree with this. Jack -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ You can't wake a person who is pretending to be asleep. ~Native Proverb~ Each man is good in His sight. It is not necessary for eagles to be crows. We are poor . . . but we are free. ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
I'm just tring to see if http request that came from one IP address has more then 1 client behind it. I've seen on some webpages that My IP is displayed as both external and internal - so it means it's doable - but the question is how to get this info in Tomcat. --- Parsons Technical Services [EMAIL PROTECTED] wrote: If what you are trying to see is the private IP of a machine then you will only have success if the machine was named the IP. Not likely. The IP is not stored in the HTTP header (Unless I missed it) but is derived from the TCP/IP packet. When a machine is on a private network this address is rewritten by the router the provides NAT or PAT translation. The one IP that is returned is the IP given by the router. Or is the actual IP of the machine. If I misunderstood what you needed let me know. Doug - Original Message - From: Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, January 27, 2005 3:28 PM Subject: logging remote IP address Hi, Can anybody help how to log remote IP internal address using catalina logger (org.apache.catalina.*) classes and Http request class? request.getRemoteAddr() returns only one IP, but I'd like to see if the request came from subnewtwork or not: I'm looking for both values external IP and internal so my log will look like: 200.200.200.200 (192.168.1.2) - - [5/Jan/2005:15:56:23 -0500] GET /test/index.jsp HTTP/1.0 200 354 Thanks, Mark. __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
I don't know what you mean by I've seen on some webpages [sic] that My [sic] IP is displayed as both exernal and internal. The IP address is for the internet and there is only one. You may have internal routing. That is different. I don't know what you mean about webpages displaying your internal routing, if that is what you mean. That sounds sort of impossible to me. See below: snip On Fri, 28 Jan 2005 08:21:15 -0800 (PST), Mark [EMAIL PROTECTED] wrote: I'm just tring to see if http request that came from one IP address has more then 1 client behind it. I've seen on some webpages that My IP is displayed as both external and internal - so it means it's doable - but the question is how to get this info in Tomcat. /snip There is good news and bad news. First, the bad. You cannot get internal (e.g. intranet information) routing information from the request. Second, the good: which has two parts. First part: thank God, because this would expose you mercifullessly to the outside if the request had this information. Second part: thank God, because you don't need this information in the request If you want to see the direction back to a machine that is sending a request from any network, that will be in the request without the internals of the network being there. The responder will know how to get to your network and your network will know how to get to the machine. So, all is well that ends well. Jack -- -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ You can't wake a person who is pretending to be asleep. ~Native Proverb~ Each man is good in His sight. It is not necessary for eagles to be crows. ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ --- This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: logging remote IP address
Mark wrote: I'm just tring to see if http request that came from one IP address has more then 1 client behind it. I've seen on some webpages that My IP is displayed as both external and internal - so it means it's doable - but the question is how to get this info in Tomcat. A major purpose of a NAT style firewall is to hide the private ip addresses behind the firewall. If it allowed this information out it would be a security compromise - the network topology behind the firewall is to be kept secret. I may be wrong, but I believe any web page you have been to that also showed in the browser/client's internal private IP address must have had a plugin - either an ActiveX or other type of plugin was probably involved. HTH - Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: logging remote IP address
Mark, Why do want to know the internal NAT ip address of a request? How is this helpful? Also, what if the requests come from clients with accounts on the same multiuser system? Are you trying to figure out how to tell them apart? There is no NAT address in this case. Maybe what you are trying to do is best solved by using cookies? What is it that you are trying to do? Tom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
Richard Mixon is, as usual, dead-on right. A good primer is http://webserver.cpg.com/ws/3.4/ snip A major purpose of a NAT style firewall is to hide the private ip addresses behind the firewall. If it allowed this information out it would be a security compromise - the network topology behind the firewall is to be kept secret. I may be wrong, but I believe any web page you have been to that also showed in the browser/client's internal private IP address must have had a plugin - either an ActiveX or other type of plugin was probably involved. HTH - Richard /snip Jack -- -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ You can't wake a person who is pretending to be asleep. ~Native Proverb~ Each man is good in His sight. It is not necessary for eagles to be crows. We are poor . . . but we are free. ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ --- This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: logging remote IP address
I'm trying to figure out is is the client on remote network has a duplicated id's (id used in my aplication). Here an example: I have two entries in access log file within 30 second from the same IP, but different logon id - my question is how to track it down that it's a different person? I check cookies: sessionID is not the same, but it doesn't help since you can close and open a browser to create a new cooke string. It might be getting of Tomcat topic, but any input is welcome. Thanks, Mark. --- Cervenka, Tom [EMAIL PROTECTED] wrote: Mark, Why do want to know the internal NAT ip address of a request? How is this helpful? Also, what if the requests come from clients with accounts on the same multiuser system? Are you trying to figure out how to tell them apart? There is no NAT address in this case. Maybe what you are trying to do is best solved by using cookies? What is it that you are trying to do? Tom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
If it is the same IP address, it probably is the same person. The alternatives are highly unlikely, if possible. Jack snip I have two entries in access log file within 30 second from the same IP, but different logon id - my question is how to track it down that it's a different person? /snip Jack -- -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ You can't wake a person who is pretending to be asleep. ~Native Proverb~ Each man is good in His sight. It is not necessary for eagles to be crows. We are poor . . . but we are free. ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ --- This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
Definitely possible. Not as unlikely as you think. I know of shops that put a whole bunch of users on the same IP. Then there are schools that put a hundreds of classroom machines on one IP. Doug - Original Message - From: Dakota Jack [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Friday, January 28, 2005 4:44 PM Subject: Re: logging remote IP address If it is the same IP address, it probably is the same person. The alternatives are highly unlikely, if possible. Jack snip I have two entries in access log file within 30 second from the same IP, but different logon id - my question is how to track it down that it's a different person? /snip Jack -- -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ You can't wake a person who is pretending to be asleep. ~Native Proverb~ Each man is good in His sight. It is not necessary for eagles to be crows. We are poor . . . but we are free. ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ --- This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging remote IP address
If what you are trying to see is the private IP of a machine then you will only have success if the machine was named the IP. Not likely. The IP is not stored in the HTTP header (Unless I missed it) but is derived from the TCP/IP packet. When a machine is on a private network this address is rewritten by the router the provides NAT or PAT translation. The one IP that is returned is the IP given by the router. Or is the actual IP of the machine. If I misunderstood what you needed let me know. Doug - Original Message - From: Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, January 27, 2005 3:28 PM Subject: logging remote IP address Hi, Can anybody help how to log remote IP internal address using catalina logger (org.apache.catalina.*) classes and Http request class? request.getRemoteAddr() returns only one IP, but I'd like to see if the request came from subnewtwork or not: I'm looking for both values external IP and internal so my log will look like: 200.200.200.200 (192.168.1.2) - - [5/Jan/2005:15:56:23 -0500] GET /test/index.jsp HTTP/1.0 200 354 Thanks, Mark. __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
