I've been setting up data visualizations for my Fortigate device, and logs from the device just give the destination IP of the app the user is accessing. I want to know if it is possible to know the website url of each destination ip supplied by the raw logs of the device. Thank you
You can get the hostnames for the given IP address using the reverse IP lookup tools.
Looking up for URLS is something not supported off the shelf, however you can do further some lookups once you know the hostname.
Related
I am now just starting to understand Httpcontexts and server side logic. Total beginner.
I have understood how to read the http requests from a client and get the remote IP etc.
I came across the hostname property.
I believe hostname and domain are completely different.
My undersanding is that stackoverflow is the domain name.
Given its widespread reach, stackoverflow can have multiple servers and hence multiple ip addresses.
So is there a way to determine to which server a client is requesting to in asp.net core 2.0?
You are correct that stackoverflow.com is a domain name. A domain name points to an IP address. That's called DNS. stackoverflow.com points to one single IP address not multiple. There's probably a load balancer at that IP address which then points you to an available server, which is internal you can't see that, but that's another story.
If you ping stackoverflow.com you get:
The whole point of DNS is to not use IP address but a domain name.
I'm not sure why you would want to see the IP. Maybe this stackoverflow question can help: Resolve HostName to IP
I have a hardcoded DDNS URL in an application that I can no longer modify the code for. It currently points to a server using its IP address and I'm trying to move over to Firebase.
My problem is that I need to update the DDNS URL with an IP address but I've only got a hosting URL like https://myapp-123q4.firebaseapp.com/.
My understanding is (from this Google Groups post) that because the entire system is shared, there are some specific IP addresses that can be used. Is there any way to access my own firebase hosting URL using an IP address?
(Pinging my firebase URL gave me the IP 151.101.1.195 which is one of the ones mentioned on the above linked post.)
You should not depend on direct IP addresses for accessing Firebase Hosting. There are simply not enough IPv4 addresses available for everyone to have exclusive access to one. You need to use the host name in the HTTP request so that the server can route the request to the correct content.
I am logging every user's IP when they access the company's page.
There are two ways to access the page from inside the local network:
http://company/webpage
and
https://webpage.company.com
What bugs me is that even when the users use the https global IP, their accesses are still recorded on database with their IP as 10.50.1.12 or 10.50.1.100.
Does that means that the browser or something else is redirecting the https://webpage.company.com to company/webpage? Or does that mean that I'm using a flawed method to log the users IP?
Another way to ask my question (just to make sure I'm being clear): if I'm accessing my Internet web page from inside the LAN network, am I effectively going outside my network and then back? If not, where am I going wrong with my logging?
Code used to log user's IP:
user.LastIP = HttpContext.Current.Request.UserHostAddress;
I'm curious about this because I want to make sure the users inside the company will access the page using exclusively the LAN Network. The goal is to save bandwidth usage, which is scarce.
Edit:
Pinging the https://webpage.company.com from inside the LAN network will result in a reply from a global IP address like 194.xxx.xxx.xxx. So I'm clearly getting the user's IP wrongly. What would be the ideal way of retrieving the IP from the page accessing entity?
Access to http://company/webpage will result in a DNS lookup of the host name "company". To resolve this, DNS will need a fully qualified domain name (fqdn), so it will add a top level domain (according to the configured search list in the client). In this example, it seems fair to assume that the fqdn will be "company.com". This, in turn, may very well resolve to the same IP address as the "webpage.company.com". You can check this by using dns lookup utilities like 'nslookup' and 'dig', or simply by using 'ping company' and 'ping webpage.company.com'.
The users IP addresses you mention, 10.50.1.12 and 10.50.1.100, seems to be the local IP addresses of the client hosts. I base this assumption on the fact that these IP addresses come from the RFC-1918 address range which is used for internal addresses. My guess is that these are the correct IP addresses, and that your logging works fine.
The users IP address you will log from accessing 'http://company/webpage' and 'https://webpage.company.com' should in most cases be the same. You can see it this way: it doesn't matter what the target URL is, traffic is still coming from the same host, the same IP address.
In any case, you most probably don't need to worry about any traffic leaving your local network.
I need the client IP address to find the client location so that I could list the details of that area to he client. I used this code to find the IP address.
$this->container->get('request')->getClientIp();
But I'm getting the IP as 127.0.0.1.
How can I get the client IP address? Can someone give me a complete working code?
It's 127.0.0.1 because your server is installed on your machine (I guess).
But $request->getClientIp() is the right way to get the user ip.
For the geolocation, I suggest you to take a look at the geocoder library and his bundle.
Say if i have the IP of a user x.x.x.x , then using the IP can i track all the activities that the user is doing ? How can i do this ?
how can i check which web pages is the user opening or something similar
please guide
No, you cannot. Traffic is point-to-point and knowing the address of a point is not enough to know the traffic going to/from that point. It's like asking if you can read someones (snail) mail just because you know their house address.
In order to "snoop" that fully, you need to be in the middle where all traffic passes through your node (liking having the postman give you the mail and then you giving it to the owner of the house).
If you have a machine, the traffic from the user is reaching it (e.g. you're connected to the same switch) then probably yes. The most trivial way is using network sniffer (Wireshark for windows, tcpdump for Linux).
However if the used surf SSL secured site (a.k.a https) than you will see only encrypted content
Geolocation is not accurate because the primary source for IP address data is the Regional Internet Registries. They do not hold a database for information about individual IP addresses, but information about ranges of IP addresses that have been assigned to certain organizations. Such an organization has free reign over the IP addresses they get and they do not need to give location information to the RIRs. In other words, only your ISP knows your exact location. If you want to find the location of a user you will have to ask your ISP, and they will most probably deny your request.
You can't sniff packets sent from someone, unless you are part of the same subnet - you would have to be connected to the same switch and be on the same Virtual LAN as that user. Even if you somehow find the physical location of a user and connect to the same switch, the ISP has most likely sat up port security, which would deny access to your MAC address.
In conclusion, unless you are already connected to the same switch, you can't track that user's activities.
If you are connected to the same switch, you can install one of the popular packet sniffer utilities such as Wireshark and set it to promiscuous mode.