SUMMARY: getting full name of a remote users host.

From: Donald McLachlan (
Date: Mon Dec 07 1992 - 19:19:42 CST

One can normally use the output of who or whoami or `who am i` if the hosts ...
        - are in the same domain, the domain-name is stripped off.
        - have names < 16 chars long.

For the other cases ...

- some people have patched rlogind, telnetd, and ftpd to strip off the
  domainname if they are the same.

- some people also patched rlogind, telnetd, and ftpd to put the ip address
  in wtmp and utmp if the hostname was longer than 15 chars.

- some recommened getting the xrsh program which is designed to set the
  display variable for you. This is nice except, it requires the site
  originating the call get and use this program.
  It is supposed tp be available at

- (Andy Feldt) provides this set of commands
  work nicely.

        1) netstat | grep "marvin.dgbt.doc."
                Now suppose the output of this gave:

                tcp 0 0 machine.telnet marvin.dgbt.doc.1258 ESTABLISHED
        2) netstat -n | grep 1258 (or whatever port the first netstat showed)

        3) this will show the IP address of the host which you can look up
            with nslookup...

- recommended this possible solution for
  a C program ...

        You need to apply getpeername(2) to the login socket. In the case of
        rsh, I believe this socket is directly available to the session as
        stdin/stdout/stderr; but for telnet or rlogin the socket is handled by
        in.telnetd or in.rlogind, which translates between the network protocol
        and a pty. This means that you will need to either modify in.telnetd
        and in.rlogind, or write wrappers which apply getpeername() and set
        DISPLAY appropriately before invoking the real daemons.

        This would likely be in the FAQ for comp.protocols.tcp-ip (aka, if such an FAQ existed.

I will get ahold of xrsh for connections established from our end, and
I will try to build a script around the netstat and nslookup (dig) solution.

Thanks to all who replied, and here is a copy of my original request.

> This is related to setting the DISPLAY environment variable. I have searched
> the archive at latech, but could not find an appropriate summary.
> I am looking for an easy way to obtain the "full" hostname a remote user
> is logged in from.
> It seems utmp, wtmp, and lastlog ALL allow only 16 chars for
> the remote hostname (including the terminating null).
> Therefore a user logged in from "", has a hostname
> "marvin.dgbt.doc." Does anyone know of an easy way to get the "full"
> hostname?

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:54 CDT