On Wed, 2003-10-01 at 10:46, David wrote: > Thanks for suggestions. I guess I should not have been so cryptic in my > question. Whois is not really an option because I'm trying to analyse a > http log with thousands of entries. It's useful to know if the hit is > local or foreign. > > It's not hard to find out where a given ip number comes from, but I was > looking for a simple generic test - eg: all .au numbers are in the range > 203.1.0.0
It's not possible to tell where a host is coming from based upon its IP address and the entry in whois. For example, IBM have a single allocation, they use that for their entire global network. Similarly for other multinationals. The records are also not maintained particularly well -- you'll find most users of the Internet >7 years are all registered in the US. But why look at the IP address? TCP maintains an estimate of the round-trip time for a connection. Australia pretty much only connects to other countries through the west coast of the USA, a latency of >90ms. So any TCP connection with a RTT ~> 200ms is pretty certain to be foreign. The Web100 project has kernel hacks to let you get this data from the kernel and utilities to let you log all TCP connections. Alternatively, you could use you ISP's BGP routing table. Most ISPs mark routes with a community stating what PoP learned the route. So if you pull in a feed you can look up the IP address and see if it was learned by one of their overseas PoPs. Both of these methods are non-trivial to implement. Which is usually about the stage that most people decide that they don't need geographic web stats. We use something like the second tactic to prevent overseas hosts from using mirror.aarnet.edu.au (since there's another copy of the software 14,000Km closer). It's not perfect as some Australian ISPs like to route data from their Australian customers through the USA. -- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Network Engineer Email: [EMAIL PROTECTED] Australian Academic & Research Network www.aarnet.edu.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
