who_is_using_this_ip_address
Differences
This shows you the differences between two versions of the page.
Next revisionBoth sides next revision | |||
who_is_using_this_ip_address [2013/12/01 11:02] – created samer | who_is_using_this_ip_address [2013/12/01 11:08] – samer | ||
---|---|---|---|
Line 1: | Line 1: | ||
A frequent question that faces network administrators or application developers consists in identifying //who is using a specific public IP address//. This information can be utilised for instance to perform user localisation and enable location-based services or user access control. In this context, a main technical challenge is to associate the IP address with its corresponding Autonomous System (AS). | A frequent question that faces network administrators or application developers consists in identifying //who is using a specific public IP address//. This information can be utilised for instance to perform user localisation and enable location-based services or user access control. In this context, a main technical challenge is to associate the IP address with its corresponding Autonomous System (AS). | ||
- | == Limitations of the whois information | + | ==== Limitations of the whois Information ==== |
- | A typical method to identify the AS that announces a specific IP address is to use the whois protocol. A whois command is available on main OSes and enables to query the databases of regional registries such as ARIN, RIPE, LACNINC, ... A very interesting [article][1] provides tips for using the whois command. Here is a simple example that queries the whois.ripe.net server database in order to find the origin AS of the 148.60.0.0/ | + | A typical method to identify the AS that announces a specific IP address is to use the whois protocol. A whois command is available on main OSes and enables to query the databases of regional registries such as ARIN, RIPE, LACNINC, ... A very interesting [[http:// |
- | <pre class=" | + | <code shell>$ whois -h whois.ripe.net 148.60.0.0/ |
origin: | origin: | ||
- | </pre> | + | </code> |
- | One way to do this is by querying | + | However things get complicated very rapidly since the route object information |
- | == Using BGP information | + | Another method is by looking at the actual |
- | <pre class=" | + | ==== Using BGP Information ==== |
+ | |||
+ | < | ||
% This is RIPE NCC's Routing Information Service | % This is RIPE NCC's Routing Information Service | ||
% whois gateway to collected BGP Routing Tables | % whois gateway to collected BGP Routing Tables | ||
Line 46: | Line 48: | ||
num-rispeers: | num-rispeers: | ||
source: | source: | ||
- | </pre> | + | </code> |
- | ## A Do-It-Yourself BGP query service | + | ==== A Do-It-Yourself BGP Query Service ==== |
- | [1]: http:// |
who_is_using_this_ip_address.txt · Last modified: 2014/02/15 23:31 by samer