Customers may need the IP addresses of ThousandEyes Agents in order to construct firewall rules or similar filters. We do not publish a list of IP addresses, but customers can use the ThousandEyes application program interface (API) to obtain the IP addresses of both Cloud Agents assigned to your organization and Enterprise Agents assigned to your Account Group. You can query the API with a web browser, a custom script, or a RESTful API tool to obtain the latest list of IP addresses, or you can use our command-line tool - te-iplist.
Note that for Cloud Agents, the IP address assignment is relatively constant but subject to change without notice. Consult the Knowledge Base article Obtaining a list of ThousandEyes Agent IP Addresses for more information.
te-iplist is a command-line interface (CLI) utility that queries ThousandEyes API for the Agents available for your account and outputs Agent IPs in different forms (IP list, subnet list, IP range list, IP block list) and formats (plain text, CSV, JSON, XML).
On Linux and macOS ensure the utility is executable before the usage:
chmod +x te-iplist
Refer to the te-iplist documentation for all available parameters or issue the command with the
User and API Token
In the te-iplist commands illustrated in the following sections, the authentication fields need to be filled in this way:
<user> : it's the user email.
<user-api-token> : it's the API Basic Authentication Token.
They can be retrieved in this page of the app: Account Settings > Users and Roles > Profile tab.
Display a list of all Cloud and Enterprise Agent IP addresses (
$ ./te-iplist -u <user> -t <user-api-token> -o ip 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 ... 2400:8900::f03c:91ff:fec8:c7b2 2400:8900::f03c:91ff:fec8:c7d3 2400:8900::f03c:91ff:fedf:65c4 2403:7000:8000:400::20 2600:3c03::f03c:91ff:feae:cd41 ...
Display a minimal list of subnets (
-o subnet-loose) that cover Enterprise Agent IP addresses (
-e). List should include Agent names as comments (
$ ./te-iplist -u <user> -t <user-api-token> -o subnet-loose -e -n 10.0.0.3 # kubernetes te-agent-pod 10.0.1.0/26 # ip-10-0-1-48.localdomain; csc-internal; office-12 188.8.131.52 # kubernetes te-agent-pod; ip-10-0-1-48.localdomain; csc-internal; office-12
Display a list of IP blocks (
-o block-strict) of Cloud Agents (
-c) IPv6 (
$ ./te-iplist -u <user> -t <user-api-token> -o block-strict -c -6 2400:8900::f03c:91ff:fec8:c7b2 2400:8900::f03c:91ff:fedf:65c4 2403:7000:8000:400::[18-20] ...
Display a list of IP ranges (
-o range-strict) of Enterprise Agents private (
-e-private) IPv4 (
$ ./te-iplist -u <user> -t <user-api-token> -o range-strict -e-private -4 -n 10.10.10.202 - 10.10.10.203 # primoz-centos-te; centos6 192.168.0.2 - 192.168.0.4 # thousandeyes-va-14244; thousandeyes-va-14403; thousandeyes-va66
Create a comma separated values (CSV) file which includes all Agents and all output formats:
$ ./te-iplist -u <user> -t <user-api-token> -o csv > all-agents.csv
You can open CSV file as a spreadsheet in your favorite Spreadsheet editor, such as LibreOffice Calc, Numbers or Google Sheets. Unfortunately Microsoft Excel does not support CSV files with new lines inside cells and will not import the generated CSV.
Loose vs Strict
IP subnets, IP ranges and IP blocks can be displayed in loose or strict notations. Strict notation covers only the IP addresses that are used by the Agents. Loose notation covers all IP addresses that are used by the Agents, but may also cover some of the addresses that are not used by the Agents. Loose notation typically covers all the Agent IP addresses with fewer entries. For example, IP addresses:
10.0.0.2 10.0.0.3 10.0.0.5
can be covered by multiple strict subnet notations:
or by a single loose subnet notation:
You should select the notation that is acceptable by your security standards.
Users assigned to multiple Account Groups can list the Agents available in a specific Account Group with the
-a <accountGroupId> argument. You can list available Account Group IDs with:
te-iplist -u <user> -t <user-api-token> -account-groups
-a is not provided, user's login Account Group is used. For users in multiple organizations, only one login Account Group can be assumed; others will need to be specified.