Some Useful UNIX Commands on your Mac

Over the last day or so I’ve been messing around at the UNIX command line on my Mac, trying to find a workaround for a VPN policy that doesn’t allow split tunneling. (Just as a stupid side question, what is the security issue with split tunneling, anyway?) Along the way, I uncovered some handy commands for gathering information about the networking configuration of your Mac.

I can’t take credit for all of these; most of them were shared with me by Matt Cowger, fellow VCDX and vSpecialist.

If anyone has any additional commands they’d like to share, I encourage you to add them to the comments on this post. Enjoy!

To find the IP address of the default gateway:

netstat -nr -f inet | grep default | grep en | awk '{print $2}'

To find the interface name of the default route:

netstat -nr -f inet | grep default | grep en | awk '{print $6}'

To find the IP address assigned to the interface for the default gateway:

ORGGWIF=`netstat -nr -f inet | grep default | grep en | awk '{print $6}'`
ifconfig $ORGGWIF | grep "inet " | awk '{print $2}'

To find the default gateway network:

ORGGWIF=`netstat -nr -f inet | grep default | grep en | awk '{print $6}'`
netstat -I $ORGGWIF -n | grep -v : | grep $ORGGWIF | awk '{print $3}'

To find the subnet mask for the default gateway network:

ORGGWIF=`netstat -nr -f inet | grep default | grep en | awk '{print $6}'`
system_profiler SPNetworkDataType | grep -A 15 $ORGGWIF | grep "Subnet Masks" | awk '{print $3}'

To convert the subnet mask into CIDR format:

ORGGWIF=`netstat -nr -f inet | grep default | grep en | awk '{print $6}'`
ORGGWMASK=`system_profiler SPNetworkDataType | grep -A 15 $ORGGWIF | grep "Subnet Masks" | awk '{print $3}'`
echo obase=2.$ORGGWMASK | tr . \; | bc | tr -d 0\\n | wc -c | awk '{print $1}'

To determine the wireless SSID to which your Mac is currently associated:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep SSID | tail -n 1 | awk '{print $2}'

CLI gurus and wizards are encouraged to share other useful commands in the comments below. Thanks!

Tags: , , ,


  1. Dave Holland’s avatar

    Nothing to add on the CLI front, but split tunnelling is sometimes frowned on because the client system is effectively connected to the internal and external networks simultaneously, bridging/bypassing firewall policies.

  2. Mark Chmarny’s avatar

    This is funny, I joined EMC about a month ago and just got a new MBA (i7). Got the work stuff set up pretty quickly, the split tunnel has been the last bastion. These command will come handy, thanks.

  3. JR’s avatar

    The problem with split tunnelling (as I understand it) is that it provides a bypass to corporate edge security.

    As an example, all our VPN traffic routes through a firewall with anti-malware filtering. Attempts to get to a malware site would (hopefully) be caught. Split tunnelling allows users to go direct to their favourite malware sites instead of up the tunnel, and bypasses the corporate firewall.

  4. slowe’s avatar

    Dave, JR, if I understand your comments correctly the concern is really about endpoint security more than anything else, then—is that accurate? If that’s the case, then focus on endpoint security. If you’re forcing traffic up the tunnel because you want to ensure someone’s laptop doesn’t get infected, what’s to stop the laptop from getting infected when they’re NOT connected to the VPN? Not allowing split tunneling is, in my mind, an “afterthought” or a “reactive” security posture that doesn’t really add much value. Of course, that’s just my opinion, and opinions are like elbows—everyone has a couple.

    I’d love to hear your thoughts!

    Mark, welcome to EMC and welcome to the Mac community. Keep in mind I don’t advocate violating corporate security standards, so what you choose to do with these commands is your responsibility. :-)

  5. JR’s avatar

    Hi Scott.

    I agree that disabling split tunnelling when using a VPN doesn’t do anything to stop users merrily downloading malicious software when disconnected. The only way to stop that is through “corporate policy” (the same one that stopped our users writing their passwords on Post-It notes…).

    I do see some value in it as part of a wider “defence in depth”. It won’t stop determined users who know how to reconfigure their proxy settings, but for those users who follow corporate policy and only use the Internet while using VPN and have their browsers configured for the corporate proxy, it does add an extra element of security (e.g., stopping malware from phoning home).

  6. slowe’s avatar

    JR, I can see it as part of a wider “defence in depth” strategy. Still doesn’t mean I like it! :-)

  7. Peter Jorgensen’s avatar

    Very cool, thanks! One caveat, though:

    Your SSID discovery command assumes that the SSID string has no spaces. Mine does, and it only returns the part of the name up to the first space.

    I.e., for SSID “My Network” this command:

    /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep SSID | tail -n 1 | awk ‘{print $2}’

    Will return:


    I’m not an awk ninja and don’t have a solution at-hand, though I’m sure there’s one out there.

  8. Chris’s avatar

    Change the SSID command to be:
    /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep SSID | tail -n 1 | awk -F’: ‘ ‘{print $2}’

    That’s a colon and a space in the quotes after the -F. By default awk splits on whitespace (which is great) but we’re overriding it and making it split on the combined ‘: ‘

  9. EtherealMind’s avatar

    The majority of people are not capable for making good security choices or being aware of their responsibilities. Therefore the default position is to send all traffic to the corporate network where it can pass through a proxy that scans for virus, content, malware etc. Think of that manager who may be excellent at selling something but not much bothered about his computer as a business tool.

    For people who know what split tunnelling is this probably doesn’t apply.

Comments are now closed.