I am trying to geo-locate 500 or so IP Addresses. Several online services say that for, for example, 50 addresses, 50% are in California and the other 50% in Colorado.
How do you accurately geolocate an IP address and why are some of them so off?
Thanks!
Maybe this Question is what you're looking for:
How does IP geolocating work?
The Reason why some Addresses are concentrated on single points, could be that if for a specific IP Address no entry exists, they match it to a predefined point, for example the country or town the ISP belongs to.
There is no way to get real accurate information (as mentioned in the link).
Related
I am working on a project in which I need to analyse the rib-dumps from the Oregon Routeviews Project.
I download the .bz2 file from here for a specific time and date for a specific node. These files are generated every 2 hours.
Then I unzipped and parsed using a zebra parser.
In the end, I get a text file with almost a million entries in the following format
194.33.63.0/24 58511 8468 31493 31493
There are also a lot of entries with the same last number but different IP in the beginning.
For example
194.28.28.0/22 58511 31500 50911
194.28.28.0/23 58511 31133 50911
My inference is that these numbers are Autonomous System numbers and they somehow denote BGP Hops, but I am not clear how they relate to the IP address in the starting. And what exactly is the source/destination AS?
I really think you should go and do some reading on how BGP works and what the routeing information carried by the BGP messages you are looking at is and means.
To get you started...
...a route in BGP speak is a prefix and some attributes. Key among the attributes are the next-hop and the AS-Path. In announcing a route to a BGP peer (neighbour) the BGP router is saying that it can reach the prefix and if packets with destinations in the prefix are forwarded to the next-hop, they will be forwarded on towards their destination. The AS-PATH lists the ASes through which packets are (expected to) travel on their way to the destination.
So what you are seeing is reachable prefixes and the AS-PATH attribute for each one. I'm guessing you left out the next-hop (for eBGP, that will generally be the/an address of the BGP router which is advertising the route -- but in any case all eBGP routes will generally have the same next-hop).
The AS-PATH can be read from left to right: the first AS is the one from whom the route was learnt, the last AS is the one that contains the prefix. Packets forwarded to the next-hop are (currently) expected to travel through those ASes, in that order, on their way to their destination. So the first AS would be the source -- the immediate source of the route. The last AS can be called the destination, but is also known as the origin -- the origin of the route.
[Technically, the AS-Path should be read from right to left, and lists the ASes which the route has traversed this far. Most of the time that's the same as reading left to right for packets traversing the network towards their destination.]
as-50911 origin or destination,
as-58511 source
194.28.28.0/22 should be the owner of as-50911 origin
I think you are confused about /23 or /22. 194.28.28.0/23 its not different IP. Its actually the same IP with different prefix length, i.e., /23. The autonomous systems registered their IP addresses with prefix lengths in IRR. Less specific, i.e., /22 means more end node. More specific, i.e., /23 means less end node. Moreover, You should read about prefix length.
Let's say you had to answer this question and can NOT write anything down or use any calculator as 99% of the solutions I see include one of these which are not possible in this scenario:
Find the broadcast address for 192.156.68.71/21
I'm studying IP classes and the topic of subnetting is confusing me.
I'm doing some practice questions and the question I'm stuck on requires me to find number of addresses under each subnet.
What I have so far is, a block 211.17.180.0/24 from which I was able to obtain subnet mask /24 = 255.255.255.0. And that there's 32 subnets. I'm not too sure how to proceed from this point. Normally, I would say there's 254 usable addresses (excluding 211.17.180.0 and 211.17.180.255) but I'm not sure how to deal with 32 subnets.
Ok, I may have figured out how to solve this problem
Since there are 32 subnets, I multiply by 2, getting 64 addresses(multiply because there are 2 unusable address per every subnet)
Then, 256-64=192/32=6, so, there are 6 addresses per every subnet in this block.
I'm not sure if this is the right way to solve this problem, some confirmation would be really appreciated!
From what I understand, the problem mentions that there are 32 subnets inside the /24 block.
Your answer is correct, here's an alternative way to think about it if you think this is confusing:
If there are 32 subnets, it means you'll need 5 bits to encode subnet identification (211.17.180.0/29 through 211.17.180.31/29), which leaves you with 3 usable bits for the host IP on each subnet; since 2 addresses are unusable on each subnet, we get at most 2^3-2 = 6 usable addresses per subnet.
I have a general question about IP Addresses. I am not sure if this question is better suited for another S/O Network (like Server Fault), but I thought I'd ask it here.
I want to try to hone in on the relationship between an IP Address and a Country. Is it fair or accurate to say that an IP Address like 100.*.*.* relates to ISPs in the US solely or is it possible that one of the octets with the 100.*.*.* range gets assigned to other Countries?
I am looking for a way to relate IP Address ranges, at their highest level, to Countries on a one-for-one basis.
Thanks.
I don't think there's an explicit rule for that. Check here.
Strictly-speaking, it is my understanding that location roughly correlates with location via IPv4 address blocks. There's a Wikipedia reference for these here.
However, more often than not this isn't particularly accurate - from personal experience relying on these results in more false results than positive. Part of the problem is that these addresses tend to shift with time and use.
MaxMind offer a free geoIP database called GeoLite 2 (link here) which I've used on a few occasions to detect an IP's origin country with a really high success rate, you just have to make sure that you update the database fairly regularly to keep up-to-date.
I'm trying to make a list of all MAC addresses that are reserved, do not exist, should not be used, should only be used locally etc. (Just like the list of reserved IP-addresses on Wikipedia, but for MAC.) Basically I want to loop over all MAC-addresses from a switch and filter out the "real" ones.
This page suggests all addresses starting with 00-00-5E or 01-00-5E are reserved, but when I look them up it seems like 00-00-5E is also assigned to the Information Sciences Institute (part of a university in California).
So 2 questions:
1) Is there any place I can find a list of reserved MAC-adresses?
2) What's up with 00-00-5E? Is only part of that range reserved, or is there some reason they assigned it to ISI?
I was just looking into this myself recently. I believe that the IANA (which you refer to in one of your links) will give the most authoritative answer: IANA Ethernet Number Assignments
I don't think that this means that these addresses can never be used though. According to RFC5342, Section 2.1
"The 2**8 unicast identifiers from 00-00-5E-00-00-00 through 00-00-5E-00-00-FF are reserved and require IESG Ratification for allocation (see Section 5.1)."
So basically, it appears you need special permission from IESG (Internet Engineering Steering Group) to get an address in that range, which I suppose the ISI has obtained somehow.
Section 2.1 of RFC5342 deals with 48-Bit MAC Identifiers and OUIs, and it doesn't make any mention of any address ranges that are strictly forbidden or permanently reserved from what I've understood.
The following OUI are reserved as per RFC 5342:
OUI 01:00:5E:(00:00:00-7f:ff:ff) - Used for IPV4 Multicast and MLPS Multicast.
OUI 00:00:5E:(00:01:00 – 00:01:FF) - Used for Virtual Router Redundancy Protocol (VRRP) IPV4
OUI 00:00:5E:(00:02:00 – 00:02:FF) - Used for Virtual Router Redundancy Protocol (VRRP) IPV6
OUI 33:33:00 – 33:33:FF - Reserved for IPV6 Multicast
OUI CF:00:00 – CF:FF:FF - Reserved by IANA for PPP(Point to Point Protocol)
OUI 00:00:5E (00:00:00 - 00:00:FF) - Requires IESG Ratification for allocation.
Was looking into this myself.. I know it's been a while since the post was active.. but I found these to be ok to use locally:
x2-xx-xx-xx-xx-xx
x6-xx-xx-xx-xx-xx
xA-xx-xx-xx-xx-xx
xE-xx-xx-xx-xx-xx
Source: https://honeywellaidc.force.com/supportppr/s/article/Locally-Administered-MAC-addresses
The registration authority for MAC addresses is the IEEE. It hands out OUIs (Organizationally Unique Identifiers), which give you a three byte prefix, and 2^24 addresses within it, for a fee (currently 2 995USD). You also get the rights to the corresponding multicasts, which have the prefix with the lowest bit of the first byte set. For instance, 00:80:C2 is allocated to the IEEE 802.1 committee, which uses 01:08:C2:00:00:00 for Spanning tree.
So, there isn't really a list of reserved addresses. There is a list of OUIs that have been allocated, unless the buyer has paid (a lot) extra for privacy. You can use any address that has the local bit set freely. A tiny fraction of multicast addresses have a significant meaning because heavyweights like IEEE, Cisco, IANA assign meanings to them. From the IEEE registration point of view, there is no particular significance to these blocks (except possibly to those it has allocated to itself).
Now, how did the 01-00-5E range end up allocated to the Information Sciences Institute? The simple
answer is that they paid for it. So, really the question should be 'how did the Internet get to use part of the range allocated to ISI?'. The answer is that the IANA used to be run from an office in ISI: specifically IANA was the legendary Jon Postel
Bottom line: you are on a bit of a fool's errand. You can distinguish local addresses and multicast addresses, and make some attempt to tie up allocated unicast addresses to vendor blocks. And you can probably do a bit more with well-known multicast addresses but only by tracking down individudal vendor's documentation (IANA is obviously an important one but only definitive for 1 of the 2^22 available blocks). One of the best places to start is probably the Wireshark codebase.