#sql - does anyone have a query to pu

Channels

w
WS
1 year ago
does anyone have a query to pull the mac address of the default network interface for windows + mac
spookerlabs
1 year ago
I guess something like this
```
select mac FROM interface_details WHERE interface = (select interface FROM routes WHERE destination = '0.0.0.0');
```
works
basically get interface from routes table with default destination (
```
0.0.0.0
```
) and so query interface_details for this interface
w
WS
1 year ago
gotcha, getting an error on that query specifically,
```
Query Execution Failed : Scalar sub-query has returned multiple rows
```
i follow the logic though
spookerlabs
1 year ago
this query returns more then one interface ? select interface from routes WHERE destination = "0.0.0.0";
w
WS
1 year ago
yea for sure, 105k rows

10.0.0.26
172.20.10.7
10.85.15.115
utun1
en0
en0
utun1
utun1
...

spookerlabs
1 year ago
but all destination to 0.0.0.0 ?
select * from routes; Which return do you have ?
I dont think going to work at Windows since interface name from interface_details is different from routes
Just checked now. I tested at Linux before and worked. Sorry about that

fritz

1 year ago

If you wanted to take a more naive/brittle approach you could try the following, it's far from perfect but might get you closer:

SELECT interface, mac, platform, 
CASE 
  WHEN platform = 'windows' THEN MAX(dhcp_lease_obtained)
  WHEN platform = 'darwin' THEN MAX(ibytes)
  END AS max_column
FROM interface_details, os_version;

💯 1

w
WS
1 year ago
hah interesting, i was wondering how one might infer based on the available fields
f
fritz
1 year ago
this has some pretty crappy pre-baked assumptions which could lead to mixups such as using MAX(ibytes) which could be wrong if you recently switched from LAN wired connection to wifi.

Join thread in Slack

View count: 4