faqts : Computers : Programming : Languages : Perl : webside heack : General Information

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

26 of 60 people (43%) answered Yes
Recently 5 of 10 people (50%) answered Yes

Entry

Revisited%3A+How+can+I+find+a+clients+geographical+location+from+their+IP+address%3F

Jun 6th, 2003 00:08
igor sviridov, karie starks, Jonas Luster, * rwhois.exodus.net 4321
 


The simplest way, as has been pointed out, is to translate the IP-
address into its correpsonding reverse DNS entry. This brings two 
problems: a) Where is .net-Land, .com-Land or even .de-Land (I own 
several .de domains, all located on servers in the USA and I live in 
San Jose). and b) How to find out where .cc exactly is.
Some, although certainly not enough, DNS records sport a LOC entry. 
Accounding to the RFC, LOC gives either the server's physicla location 
in UTM coordinates or a description of the location. By running a `dig -
t LOC` on the address you MIGHT be able to deduce the physical location.
IP-adresses are given out by large IP-maintainers, most notably ARIN 
and RIPE (US, World and Europe). By performing a whois lookup on ARIN 
you will be told which sub-delegator delegated the IP in question. 
Here's an example:
bash-2.05$ whois -h whois.arin.net 216.34.142.180
Exodus Commnications Inc. (NETBLK-ECI-7)
[...]
   Netname: ECI-7
   Netblock: 216.32.0.0 - 216.35.255.255
[...]
  * Rwhois reassignment information for this block is available at:
  * rwhois.exodus.net 4321
bash-2.05$ telnet rwhois.exodus.net 4321
[...]
network:Auth-Area:216.34.0.0/16
network:Class-Name:network
network:Network-Name:216.34.142.160
network:IP-Network:216.34.142.160/27
network:Organization;I:Exodus Internal-JSmith home office
network:Address-1;I:1605 Wyatt Rd.
and ... there you go...
Now, to wrap this up in a script should not be that much of a problem 
anymore. You might need to get the scoop on how the larger IP-Assignees 
handle their internal whois, but that's easy, too.
For *NIX there is a rwhois client available, which follows referrals,
simplifying access to RWHOIS data:
http://www.rwhois.net/ftp/rwhois-client-1.6.1.tar.gz
Another way would be to query the RADB (Router Arbiter Database):
http://www.radb.net/cgi-bin/radb/whois.cgi?obj=216.34.142.180
Result:
route:         216.34.128.0/20
descr:         NET-EXODUS-SantaClara-IDC1
origin:        AS3967
mnt-by:        MAINT-AS3967
changed:       radb@bengi.exodus.net 19991015
source:        RADB
Of course, RADB also offers a whois interface:
whois -h whois.radb.net 216.34.142.180
You could then, again, query ARIN for the AS and/or do a complimentary 
traceroute.