Yet, doing some detective work could help. Try following methods :
- Note the following links for reference :
A complete list of country codes
http://www.iana.org/domain-names.htm
http://www.ics.uci.edu/pub/websoft/wwwstat/country-codes.txt
A complete list of U.S. state abbreviation
http://www.usps.gov/ncsc/lookups/abbr_state.txt
A complete list of airport codes
http://www.aviationjobsonline.com/airports/citycode.html
Microsoft's TerraServer - satellites pictures of geographical areas
http://www.terraserver.microsoft.com/ - Use reverse DNS to find out the host's name. This item could supply some clues that could help.
E.g. given the IP address 132.74.18.2, the command 'nslookup 132.74.18.2' translates the address to construct.haifa.ac.il gives two hints -- The TLD is .il, which hints the host is in Israel.
- The next two domains are haifa.ac, so this host belongs to the 'haifa' academical institute (a university, in this case). The Haifa university happens to be in the city Haifa.
Reverse DNS translation doesnt always work - it depends on the host's [the host with the given IP address] DNS server's correct configuration.
Another trick is to execute a whois request on the IP address. Try to direct the whois query to whois.arin.net - if it doesn't have the reply it will tell you to query either whois.apnic.net or whois.ripe.net
Notice that a host in one domain might be hosted in another country. This is due to both virtual hosting, where a domain of a company from one country or region, might be hosted where hosting is cheap.
Also notice that the .org, .com, and even .edu domains does not imply the host is in the U.S., as many of those domains belong to companies that are either not U.S. based, or are international, and might have some hosts all over the world. - The TLD is .il, which hints the host is in Israel.
- Some hosts support a DNS extension which allows for hosts to enter their geographical location into their DNS record, based on an extension to DNS described in RFC 1876.
For further information see - http://www.ckdhr.com/dns-loc/
Another attempt to express a host's geographical location via DNS is done in RFC 1712. Both RFCs define a DNS Resource Record to contain the geographical location. - Visit the host's web server. A web site will sometimes contain hints regarding the site's location.
E.g. for construct.haifa.ac.il, you can find info at both http://www.haifa.ac.il/ and http://www.ac.il/ - Use whois. The whois database contains administrative contact info for all domains, filled in during domain registration time, and updated from time to time. This admin info could give some hints.
The whois database is not highly reliable - if an address belongs to a large & responsible company, the company will supply reliable info and update it, but as domain name registrators do not insist on keeping the database accurate and current, the data might be incorrect.
The IP to Lat/Long page will attempt to display the same information in a graphical representation.
http://cello.cs.uiuc.edu/cgi-bin/slamm/ip2ll/
The Allwhois.com page allows whois requests for many countries.
http://www.allwhois.com/
A list of whois servers, collected by Matt Power, is available at ftp://sipb.mit.edu/pub/whois/whois-servers.list
Note that the data is usually given for the owners' main branch or contact points, but the IP addresses might be allocated to hosts that may be located at a different location(s). - Use traceroute. The names of the routers through which packets flow from your [or any] host to the host with the given IP address might hint at the geographical path which the packets follow, and at the final destination's physical location.
E.g. > traceroute www.mit.edu
traceroute to DANDELION-PATCH.MIT.EDU(18.181.0.31), ...
1 teg.technion.ac.il (132.68.7.254) 2 ms 1 ms 1 ms
2 tau-smds.man.ac.il (128.139.210.16) 5 ms 5 ms 5 ms
3 128.139.198.129 (128.139.198.129) 9 ms 11 ms 13 ms
4 TAU-shiber.route.ibm.net.il (192.115.73.5) 535 ms 549 ms 513 ms
5 fe7507.tlv.ibm.net.il (192.116.177.1) 562 ms 596 ms 600 ms
6 165.87.220.18 (165.87.220.18) 1195 ms1204 ms
7 nyc28-16-sar1.ny.us.ibm.net (165.87.28.19) 1208 ms1216 ms1233 ms
8 198.133.27.5 (198.133.27.5) 1210 ms1239 ms1211 ms
9 sprint-nap.bbnplanet.net (192.157.69.51) 1069 ms1087 ms1122 ms
10 nyc1-br2.bbnplanet.net (4.0.1.25) 1064 ms1109 ms1061 ms
11 cambridge1-br1.bbnplanet.net (4.0.1.122) 1185 ms1146 ms1203 ms
12 cambridge2-br2.bbnplanet.net (4.0.2.26) 1185 ms1159 ms1073 ms
13 ihtfp.mit.edu (192.233.33.3) 1052 ms 642 ms 658 ms
14 W20-RTR-FDDI.MIT.EDU (18.168.0.8) 640 ms 665 ms 674 ms
15 DANDELION-PATCH.MIT.EDU (18.181.0.31) 702 ms 915 ms 868 ms
The 3rd hop takes the path to the academic network [checked by local whois lookup], the fifth hop takes the path to New-York [on the east coast], and the 10th hop takes the path to Cambridge [in Massachusetts, on the coast, northern to New-York].
There is a utility named VisualRoute (http://www.visualware.com/visualroute/index.html) which traceroutes a host, and displays the route on a map of the world. The host's location on the map is based on the whois query, which may be wrong - an Israely domain might be displayed as being in Israel though it is hosted in another country. - Some of the services available on the host might give further info.
E.g. telnet construct.haifa.ac.il 13 <== Time of day service
Trying 132.74.18.2...
Connected to construct.haifa.ac.il.
Escape character is '^]'.
Wed Jan 21 08:32:53 1998 <== Time difference hints at the
host's time zone. - Naming conventions of ISPs and back-bones
AT&T dialups : <port>.<router-location>.<state>.dial-access.att.net
Port is 2-254 for the dial-up ports, and 1 for the router itself. location: example: "los-angeles-2" (city and router #). state: 2-letter abbreviation.
uu.net dialups :
A. <port>.<device>.<city>.<state>.<iu>.uu.net
B. <port>.<device>.<airport>.<iu>.uu.net
iu = intended use (meaningless), state is per USPS ZIP code, deviceis Ascend 'TNT' # or Ascend 'MAX' #.
No comments:
Post a Comment