I have our customers iso generated ip addresses where I like to do some analysis to see where our most customers are accessing our site.
I tried to do api calls to
http://ip-api.com/<ip address>
to retrieve the state where the ip address generated but there are over 4 million ip addresses to process and this will take some time.
Are ip addresses designated by State in the US? If first octets are designated to the states, I can then write a script to parse out the ip addresses. Other than api calls to determine the location of the ip address?
I recommend using something like Maxmind that can get the geo-location(city,State) of the IP addresses. They have an API that you can implement into your code to find the location of all IP's in a database.
Related
The user is reporting the issue has an IP address of 10.10.15.67/20. The server has an IP address of 10.10.16.1/20. The user's machine has an IP address of 10.10.25.197/20. Can anyone explain to me based on this why he can't get to the file? This users has full permissions.
The first IP address belongs to network 10.10.15. The other two, to 10.19.16.
Do the first machine not being in the same subnet cannot talk to the two others. Use ping to confirm that.
You can use the subnet calculator here: https://www.calculator.net/ip-subnet-calculator.html
I have a theoretical question here on IP's.
We all know how to do a simple trace on a IP address ether in the cmd or via a web application to find a Physical Geo location linked to that ip. My Question is can this be reversed?
For example if i know the address of my house and i am on holiday how would i find my ip?
My line of thought is that there is a massive data base of ip to Geo location can you just reverse the search ? if not why and what would be the kinda of problems to overcome. Is there another way of doing it?
There is no way you can do it, because it is one-directional relationship. IP address does not depend directly on your physical location. Think about it that way: if you connect to your wifi from your neighbour's home, does it mean that your IP has changed? Your address depends on location only in the way that your ISP operates within certain area only and some IP address range is reserved for him.
In theory you could determine the IP address based on physical address if you had access to your ISP's customers database, but unless you are e.g. a police officer working on some case, you have no legal access to it.
The problems to overcome would be breaking into databases of every ISP in the world ;)
If you want to have access to your computer while on holiday, it's enough to have a static IP or use a service like dyndns.
Why is a website assigned the same ip address each time?
Discuss with a suitable example whether a server can be assigned two different IP addresses.
Would appreciate some help in these two questions.
Thanks
Question #1:
Short answer: websites are assigned the same IP address so that Web clients will send requests to the proper system.
Long answer: Web clients rarely connect to servers using IP addresses directly. Instead, clients use domain names like www.google.com. DNS software then maps the name to the address.
Thus changing a Web server address should be easy - just change the name mapping. But for performance reasons, name mappings are cached. So if the mapping is changed, some caches will have the old mapping for a period of time (called the Time To Live, or TTL). So changing a Web server address isn't trivial.
Question #2:
There are a number of circumstances where a server can have more than one IP address:
The server is hosting multiple VMs. Each VM has its own IP address.
The server is hosting websites for multiple companies. Each website has its own IP address.
The server is doing routing between two subnets. It will have separate IP addresses for each subnet it is on.
When analyzing network traffic in Wireshark, it would be helpful on occasion to look at a string variable representing an IP address instead of the actual IPv4/6 address.
In the IP source or destination column, instead of seeing 192.168.1.44, I would like to see "tom's laptop" or "smtp-server". Is this possible? Some type of IP-to-String aliasing?
I understand there is an option to enable name resolution for the Network Layer, this would translate a public IP into its registered domain name. Specifically when dealing with private IP addresses, this would not be helpful.
can one location have more than 1 IP address? I have 2 IP addresses and need to know if they originate from the same source. Thanks
You're missing clear definitions of "location" and "source" in your question but lets go with the assumption that you mean "physical machine" for both (as it's obvious that multiple machines will have different addresses and that a single machine can change its IP address over time).
In that case, the answer is yes. The operating system may bind as many IP addresses to a physical network port (and a single MAC -- the physical addressing used by Ethernet) as it wishes.
Binding multiple IP addresses was the standard way of doing "virtual web hosting" before HTTP/1.1 arrived with the "Host" header. The provider would use DNS to map different host names to different IPs on the same network (usually the same subnet as well) and then assign all of them to the same interface. The webserver would get address information from an incoming connection and based on the local IP address would know which virtual host was being accessed.
This led to a higher-than-typical use of public IP addresses but the practice is now gone with the proliferation of HTTP/1.1.
I'm not sure how Windows presents it, but Linux will present a physical interface with multiple IP addresses as multiple logical interfaces such as "eth0", "eth0:1", "eth0:2", etc. Each logical interface has a unique IP address even though they share the same physical interface.
This is hard to tell. Especially it is hard to tell if these IP addresses are from different times. Today I may have a different IP address than tomorrow.
Even they are from the same time, a load balancer im my internal equipment might send my packets over the fail-over line if the 1st one is overloaded or broken down.
One network adapter normally has only one IP address at once and a typical end user only has one network connection active, but even then the IP address can change. The user could switch from wireless to wired and back or a power outage might reset the ISP's DHCP server (assigning everyone a new IP address).
If you want to identify the user even if his IP address changes, you need to identify the user by his session id, stored in cookies. As two users can have the same IP address (a whole company could be behind a NAT), you should never rely on IP addresses for identification.