who_is_using_this_ip_address
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
who_is_using_this_ip_address [2014/02/09 00:23] – [2.2- Riswhois Server] samer | who_is_using_this_ip_address [2014/02/15 23:31] (current) – samer | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Who is Using This IP Address? ===== | ====== Who is Using This IP Address? ===== | ||
- | A frequent question that faces network administrators or application developers consists in identifying //who is using a specific public IP address//. This information can be utilized for instance to perform user localization and enable location-based services or user access control. In this context, a main technical challenge is to associate | + | A frequent question that faces network administrators or application developers consists in identifying //who is using a specific public IP address//. This information can be utilized for instance to perform user localization and enable location-based services or user access control. In this context, a main technical challenge is to associate |
===== -- Limitations of the whois Information ===== | ===== -- Limitations of the whois Information ===== | ||
Line 18: | Line 18: | ||
An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, | An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, | ||
- | [{{ : | + | [{{ : |
However, having access to a DFZ BGP router is not easy in practice. Alternatively, | However, having access to a DFZ BGP router is not easy in practice. Alternatively, | ||
Line 45: | Line 45: | ||
Community: 15290:3356 15290:64995 15290:65050 15290:65506 | Community: 15290:3356 15290:64995 15290:65050 15290:65506 | ||
- | Despite its availability, | + | Despite its availability, |
==== -- Team Cymru whois Server ==== | ==== -- Team Cymru whois Server ==== | ||
- | Team Cymru implements the '' | + | Team Cymru implements the '' |
< | < | ||
Line 57: | Line 57: | ||
</ | </ | ||
- | and another example that demonstrates the possibility of sending multiple | + | and another example that demonstrates the possibility of sending multiple |
< | < | ||
Line 68: | Line 68: | ||
==== -- Riswhois Server ==== | ==== -- Riswhois Server ==== | ||
- | RIPE NCC implements a similar whois service named RISwhois | + | RIPE NCC implements a similar whois service named RISwhois. This service provides |
<WRAP info> | <WRAP info> | ||
Line 74: | Line 74: | ||
</ | </ | ||
- | In the following, a simple example shows the output of a Riswhois query: '' | + | In the following, a simple example shows the output of a Riswhois query: |
< | < | ||
Line 89: | Line 89: | ||
<WRAP round important> | <WRAP round important> | ||
- | Note RRCs may receive different information for the same IP prefix. | + | Due to BGP policies between ASes in the Internet, |
- | that Riswhois | + | |
</ | </ | ||
Line 114: | Line 113: | ||
</ | </ | ||
===== -- A Do-It-Yourself BGP Query Service ===== | ===== -- A Do-It-Yourself BGP Query Service ===== | ||
+ | |||
+ | When accessing the online servers (Riswhois, Cymru or legacy whois servers) is not possible or not recommended, | ||
+ | Here are some hints and recipes to implement a server that maps IP prefixes with AS numbers based on BGP information. | ||
- | Start by downloading | + | ==== -- Basic Steps ==== |
+ | |||
+ | Start by downloading | ||
+ | |||
+ | < | ||
+ | $ wget http:// | ||
+ | </ | ||
+ | |||
+ | As raw data is written in MRT format, you need to install [[https:// | ||
+ | |||
+ | < | ||
+ | $ zcat latest-bview.gz | bgpdump -m - > latest-bview-parsed.txt | ||
+ | </ | ||
+ | |||
+ | Here is a typical line in the dumped file, where you can see the prefix '' | ||
+ | < | ||
+ | TABLE_DUMP2|1389513606|B|85.132.60.10|29049|148.60.0.0/ | ||
+ | .132.60.10|0|0|1273: | ||
+ | </ | ||
+ | |||
+ | Now you can use your favorite | ||
+ | |||
+ | ==== -- Software Tools ==== | ||
+ | |||
+ | Fortunately, | ||
+ | - [[http:// | ||
+ | - [[https:// | ||
+ | - [[http:// |
who_is_using_this_ip_address.1391901805.txt.gz · Last modified: 2014/02/09 00:23 by samer