Um... AS-list.txt.gz
You are misreading the messages - AS works fine, within the
limitations of the data it is given... which is crud.
Why?
(1) AS->IP data doesn't exist or isn't freely available
to us.
(2) Even what we can get isn't very
good.
(3) Trying to create it yourself will probably get you
banned from various servers - because it's a nasty process.
#2?
Remember, each 'provider' of AS 'data' is seeing it from
different points with different aggregation - there's no such thing as a master
list. Nor is the mapping between AS' and IP very good.
Read the line in the page @ cidr-report.org:
"This report is generated from
an analysis of theBGP routing table
within AS4637 (Reach), and was produced at Mon Apr 10 23:47:17 2006 AEST."
Unless you have
the same ISP and are part of the same block, even that data (and it's one of the
best sets) may not be very useful.
Surprised?
Think about it...
Joe-Bob's Gas, Bait and
Sandwich shop - with whom you are undertaking a major international
franchise rollout - may just have a block of 32 delegated addresses from
Billy-Bob's ISP and Fence Post company (AS9999). Even if Joe-Bob has an
assigned AS number (AS10101) it's only used for internal BGP routing within
the ISP.
Billy-Bob won't report those
32 addresses via BGP to the world, but rather will aggregate things and report
their whole 256 block.
So - to the outside world,
Joe-Bob's web server is part of Billy-Bob's AS9999 block, not Joe-Bob's
AS10101...
Different ISP, different
mapping from IP address -> AS...
For example,
here's an old report about Reach: http://www.fixedorbit.com/AS/4/AS4637.htm,
which shows 158 peers. One of those is Cisco's AS109 , which (http://www.fixedorbit.com/AS/0/AS109.htm)
says has control of "Control of approx 425,973
IP addresses (0.04%) in 11 groups".
Potential problem #1 search
the AS database for 'Cisco' and you will find a bunch of other AS's which MIGHT
be the same Cisco (or might just be a hit on the specific letters somewhere in
the descriptions). So you can't say that AS109 ==
Cisco.
Poke around the AS109 data and you'll see that Cisco has
a bunch of peering relationships with tier 1 ISPs and so probably owns it's own
address space. And so there's a decent likelyhood that your ISP has a BGP
entry for AS109 -> Cisco. So any lookups you do on AS109 to figure out
which IP addresses are in it is probably pretty good.
Try querying AS109 from different top level
registries:
$ whois -h whois.ripe.net
AS109
vs
$ whois -h whois.arin.net
AS109
The contact info is completely different!
You can use nslookup, dig, et al to get an IP address
for Cisco's web server, but you can't map that back to an AS from the normal
(authoritative registries). You can though an alternative provider, e.g. $
whois -h whois.cymru.com
$ whois -h whois.cymru.com
198.133.219.0/24
[Querying whois.cymru.com]
[whois.cymru.com]
AS | IP | Info | AS Name
109 | 198.133.219.0 | /24 | CISCO-EU-109 Cisco Systems Glo
[Querying whois.cymru.com]
[whois.cymru.com]
AS | IP | Info | AS Name
109 | 198.133.219.0 | /24 | CISCO-EU-109 Cisco Systems Glo
So that's one's pretty good. Try something in the
Cable modem /8, and - Potential problem #2
- it's not so clear
cut...
There's no easy, automated way to do figure out the
AS->IP mapping. Plus it's only as good as your data source's view of
the Internet... The registries publish some of this data (e.g. ) but it's
often aggregated. Some of the Tier1 ISPs used to put out updates or
elaboration files (for example Cable & Wireless) but as the players get
swapped around as pieces of bigger companies it's disappeared. So
the C&W data is no longer available through
Savvis.
The deeper you dig the worse it
gets...
I've got scripts that recursively query
the database to figure out each /24 or above's AS #, but run them and you'll get
banned by the providers because it's an 'abusive' query of the database.
(The Cable Modem blocks are especially nasty - these are /8s which are
redelegated at the /18 or below level). Plus they run for days and
frequently breakdown.
We used to have a user (Anon E. Mouse) who provided us
with updates. Since he's no longer doing this, we haven't updated the ntop
file.
Any
takers?
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John M. Livingston
Sent: Friday, April 07, 2006 12:57 PM
To: [email protected]
Subject: [Ntop] AS-list.txt help
Hi Everyone,
I just installed the most recent version of NTOP on a FC3 linux system, and
I'm having problems getting Autonomous Systems statistics. The AS-list.txt
file wasn't included in the rpm for install, and I can't find the file-format
anywhere. I've browsed a years worth of the archives for the mailing list
as well as spent hours doing Yahoo! and Google searches but haven't found
anything that helps. I've got the list of AS and IP blocks being
advertised from www.cidr-report.org but
I think that I need the file format to so NTOP can actually use it.
My employer runs a pretty busy website and we have occasional significant
bandwidth spikes which consume nearly all our available bandwidth. If I
can get NTOP to show me the top 10 or top 20 AS numbers, I can re-route that
traffic over another link and keep our website from crashing. If NTOP
can't get me that info, is there any other freeware or open-source application
that can? One thing I've seen doing my research are a few messages that
indicate the AS functionality in NTOP doesn't work too well.
Thanks,
John Livingston
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
