Channels
#sql
Title
# sql
w
WS
02/23/2021, 7:33 PMdoes anyone have a query to pull the mac address of the default network interface for windows + mac
s
spookerlabs
02/23/2021, 7:41 PMI guess something like this
select mac FROM interface_details WHERE interface = (select interface FROM routes WHERE destination = '0.0.0.0');basically get interface from routes table with default destination (
0.0.0.0w
WS
02/23/2021, 7:45 PMgotcha, getting an error on that query specifically,
Query Execution Failed : Scalar sub-query has returned multiple rowss
spookerlabs
02/23/2021, 7:46 PMthis query returns more then one interface ? select interface from routes WHERE destination = "0.0.0.0";
w
WS
02/23/2021, 7:47 PMyea for sure, 105k rows
Copy code
10.0.0.26
172.20.10.7
10.85.15.115
utun1
en0
en0
utun1
utun1
...s
spookerlabs
02/23/2021, 7:50 PMbut all destination to 0.0.0.0 ?
select * from routes; Which return do you have ?
I dont think going to work at Windows since interface name from interface_details is different from routes
Just checked now. I tested at Linux before and worked. Sorry about that
f
fritz
02/23/2021, 8:08 PMIf you wanted to take a more naive/brittle approach you could try the following, it's far from perfect but might get you closer:
Copy code
SELECT interface, mac, platform,
CASE
WHEN platform = 'windows' THEN MAX(dhcp_lease_obtained)
WHEN platform = 'darwin' THEN MAX(ibytes)
END AS max_column
FROM interface_details, os_version;💯 1
w
WS
02/23/2021, 8:09 PMhah interesting, i was wondering how one might infer based on the available fields
f
fritz
02/23/2021, 8:11 PMthis has some pretty crappy pre-baked assumptions which could lead to mixups such as using MAX(ibytes) which could be wrong if you recently switched from LAN wired connection to wifi.
11 Views