Does any know how to trace route and geolocate an IP Address

[matthew...@network.rca.ac.uk]

I am doing a research project on Trace routing my IP address and trying to map the physical  infrastructure behind it. I have run a trace route on my computer a swell as through various websites however the results are a little difficult to understand 

Is any one familiar with this or has done a similar exercise

Any help advice much appreciated 

[dave.l...@gmail.com]

http://www.maxmind.com/ provide a database for looking up the latitude and longitude for an IP address. There's a free downloadable database, probably with restrictions, and a pay for one with more detail. They also have an online looking for demonstration purposes.

Dave

--
Sent from a tiny keypad.

---

From: matthew...@network.rca.ac.uk

Sender: london-h...@googlegroups.com

Date: Tue, 12 Nov 2013 11:43:30 -0800 (PST)

To: <london-h...@googlegroups.com>

ReplyTo: london-h...@googlegroups.com

Subject: [london-hack-space] Does any know how to trace route and geolocate an IP Address

I am doing a research project on Trace routing my IP address and trying to map the physical  infrastructure behind it. I have run a trace route on my computer a swell as through various websites however the results are a little difficult to understand 

Is any one familiar with this or has done a similar exercise

Any help advice much appreciated 

--
You received this message because you are subscribed to the Google Groups "London Hackspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to london-hack-sp...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[andyf...@gmail.com]

#nmap --script ip-geolocation-* ip.to.scan

do this for every hop in the traceroute output.
if you know awk you may beable to automate this by piping the output of traceroute to awk to extract the ip address's and piping that into nmap, this can be further processed by awk and piped to a text file.

http://www.binarytides.com/information-gathering-nmap-scripts/

Andy

[matthew...@network.rca.ac.uk]

Many thanks for this will this be any more accurate than running the IP information i get via a IP geo locate website. the dicciculty i am getting is pin point exact location of the jumps 

Please find below the trace route i get . Many thanks for you help so far 

 1  [AS10223] 192.168.1.1 (192.168.1.1)  7.334 ms  6.362 ms  2.027 ms

 2  [AS13285] host-78-149-16-1.as13285.net (78.149.16.1)  43.997 ms  53.310 ms  32.317 ms

 3  [AS13285] xe-11-2-0-bragg002.bre.as13285.net (78.151.225.41)  43.134 ms  41.000 ms  83.787 ms

 4  [AS13285] host-78-151-225-236.static.as13285.net (78.151.225.236)  43.884 ms *

    [AS13285] host-78-151-225-228.static.as13285.net (78.151.225.228)  31.565 ms

 5  [AS13285] host-78-144-11-121.as13285.net (78.144.11.121)  30.647 ms

    [AS13285] host-78-144-11-131.as13285.net (78.144.11.131)  30.548 ms

    [AS13285] host-78-144-11-107.as13285.net (78.144.11.107)  32.217 ms

 6  [AS15169] 72.14.222.103 (72.14.222.103)  79.316 ms

    [AS15169] 72.14.214.222 (72.14.214.222)  44.686 ms  81.195 ms

 7  [AS15169] 209.85.255.76 (209.85.255.76)  32.112 ms

    [AS15169] 209.85.252.188 (209.85.252.188)  82.460 ms  33.877 ms

 8  [AS15169] 209.85.253.175 (209.85.253.175)  42.807 ms  31.652 ms  30.737 ms

 9  [AS15169] lhr14s22-in-f6.1e100.net (173.194.34.166)  30.221 ms  89.478 ms  42.360 ms

[Process completed]

[Callum Finlayson]

Matthew, I'm a bit puzzled by what you're trying to achieve as IP addresses don't really have any strict location associated with them below the regional/national registry level. 

Obviously an operator could provide additional information if they wanted to, but certainly that's not going to be particularly precise even for permanently allocated address ranges. IP geolocation databases are notoriously inaccurate, and even at a "town" level are often more guesstimate than anything. As for what you're trying to achieve -- "pin point exact location" & "map the physical  infrastructure" -- that's going to raise eyebrows among network & datacenter operators if you're looking at much more detail than something along the lines of "x% of traffic goes via LoNAP at Telehouse North".

C

--

[matthew...@network.rca.ac.uk]

Callum thanks for this 

To try and explain why and what i am hoping to achieve ?

 I am trying to map the journey my Ip address takes and the buildings or infrastructure it travels to/through. I am narrowing my investigation to the UK before it leaves via various undersea cables.  I can appreciate that this allot to do with guess work and the  journey may be different every time  but what i am interested in is what 'company' holds / is in possession of my IP address. there fore i am trying to use a traceroute to get a better understanding of who and where. 

I am of the understanding there is various of levels of privacy and data protection issues associated with your IP address ad whether it is classed as personal data or not and what they are being used /  stored for.  Be it my ISP holding it or larger co-orperations like Google Facebook? therefore where are my ISP servers or data center ?where is this information being stored. 

I am presuming my IP address travel to a local POP and then onto Several IEX points before then heading to Telehouse then onto the landing stations before taking TAT14 cable to America "in a typical traceroute to search for google" 

I am also looking at Data centres something so private and inconspicuous but public in the sense of the traffic and information stored within them

Any help or clarity on my above as well as any advice much appreciated 

Matt

[tgreer]

As Callum says, you're unlikely to get that sort of information out of anything more than maybe the rDNS hostname... IPs aren't tied to a physical location.

At most you can do a trace route and take a guess at the path using the hostnames... but that's about your limit. Unless you submit information requests to the transit providers, which being one, I can assure you I wouldn't be telling you where my equipment is.

Your IP is actually owned by your ISP (Well technically it's leased to them by the RIR, but thats a technicality), not you, so it's not personal data. Also you have no right to request information on where your service physically routes through. The fact of the matter is your traffic doesn't always take the same route to get to the same place... Routing Protocols means the route can change in a split second. It'd be very hard even if you could ask the ISP where it goes for them to tell you as it's all dependant on the internet(citation needed) and how the routing tables look.

The IP you are using is stored in a routing table at your ISP, who routes it down your internet connection, after that it's aggregated into blocks and routed to transit providers via things like BGP[1]. Facebook doesn't know where your IP is. It only knows to get to the larger block of IPs which contains yours it needs to traverse AS (Autonomous System)[2] x, y and z

[1] http://en.wikipedia.org/wiki/BGP

[2] http://en.wikipedia.org/wiki/Autonomous_System_Number

If you have more questions feel free to pop into the space at some point and I can try and talk you through it in a bit more detail.

[matthew...@network.rca.ac.uk]

Thanks for your reply - Very Helpful 

I am due to call into the center on Tuesday if your around. Would be great to discuss this. My knowledge is very limited on this sort of thing. Would very much appreciate your help and time 

In terms of IP6 being introduced. Would ? could this lead to static IP address's being assigned to customers ?therefore our location becoming even more exposed. Also because of Google  wireless network could you argue that IP address are identifiable to a location, well at least ours the customers ?  So is my ISP storing my IP  at one of there data centres ? Also my understanding is the pulverised packets of information sent to these sites will contain my IP address so the information can be sent back.

Thanks. Matt 

[tgreer]

On Friday, 22 November 2013 10:57:48 UTC, matthew...@network.rca.ac.uk wrote:

Thanks for your reply - Very Helpful 

I am due to call into the center on Tuesday if your around. Would be great to discuss this. My knowledge is very limited on this sort of thing. Would very much appreciate your help and time 

In terms of IP6 being introduced. Would ? could this lead to static IP address's being assigned to customers ?therefore our location becoming even more exposed. Also because of Google  wireless network could you argue that IP address are identifiable to a location, well at least ours the customers ?  So is my ISP storing my IP  at one of there data centres ? Also my understanding is the pulverised packets of information sent to these sites will contain my IP address so the information can be sent back.

Yes but the IP alone isn't personal information as I previously stated. v6 is the same boat... 

[Pawan Sharma]

You also use this free GeoTrace tool to find the geographical location of any IP upto city level.. in some countries even street level - http://www.ebrahma.com/tools/

[Mark Steward]

You're always limited to doing detective work based on looking each line up in DNS/whois/Google. Use mtr to get more accurate, averaged round-trip times, and try tcptraceroute if some hops don't show up. You can make some inferences based on the round-trip time, but bear in mind that a router might take significantly longer to send the failure packet than to forward onto the next hop, so they're an upper bound only. Unfortunately, you'll also have to work against the fact that TalkTalk haven't set useful hostnames, and are using various routes inside their network. Here's[1] an example of how hostnames can help if they're set correctly.

From the hop time, my guess would be that the uselessly named box at hop 2 is the router at the other end of an ADSL connection. TalkTalk may well be using LLU in this case, but if they were using BT infrastructure this hop would be tunnelled all the way across BT's network, and there'd no way of determining how it travelled there.

Hop 5 is somewhere in an exchange in London, given the next hop is apparently allocated to Google.

Hop 4 is probably TalkTalk's internal interface inside the exchange in London.

Hop 3, which actually has a hostname, is therefore probably a large PoP for TalkTalk near London (Brentford?), and is an aggregation router of some sort. This is probably geographically between you and the exchange in London, but saying more would require more knowledge of how TalkTalk's network is set up.

Hop 6 will be Google's side of the exchange in London.

Hops 7 and 8 also belong to Google, and are not in Mountain View, despite what the allocation says. I can't ping them from my connection, so they're route-specific, and probably the two ends of a link between the exchange and the Heathrow datacentre.

Hop 9 is an IP in Heathrow belonging to Exponential-E. This will be Google's server.

As tgreer has said, all of this is educated guesswork, but you can learn more by trying to reach the IPs above from different parts of the world, to build up a picture of how the networks are arranged. Trying to traceroute backwards (from a looking-glass server to your IP) is usually interesting.

Mark

[1] http://serverfault.com/a/346206/1989

[Jim MacArthur]

I'd recommend trying out http://www.ebrahma.com/tools/ with a few IP
addresses, as a demonstration of just ow inaccurate this can be. Both
my work and home IP addresses show up as London. They're both actually
in Manchester.

[Richard Patterson]

Absolutely. You can do your best to surmise rough locations of IPs, but ultimately it's just a guess based on information the ISP wishes to give you.

ie. rDNS, accurate location details in RIPE/APNIC/etc. all of which they don't have to provide or keep accurate.

Not to mention network architecture can mask topology.  A centralised BNG/BRAS farm, or purposefully masking IP hops through an MPLS network by not copying the IP TTL into the MPLS header.

Even the end user could hide their location by using a VPN/tunnel to a different country.  (have a look at TOR).

tl;dr You can make educated guesses but you won't be able to provide 100% accurate locations, especially if "they" don't want you to.

[Bernard Tyers - ei8fdb]

Hi Matthew,

You might be interested in these two projects:

1. http://apps.opendatacity.de/prism/en

Description:
"Our visualization shows examples of how Internet packets wander around the Internet cables while we use some of the most popular Internet services. Each country your data packets visit offers an opportunity for snooping.”

Currently available for .DE/.FR/.CH

2. http://www.ixmaps.ca/about.php

Description:
"IXmaps is an interactive tool that enables internet users and researchers to study the route(s) that data packets take across the internet, with surveillance and other 'interesting' sites highlighted along the way. It also provides transparency and privacy ratings of Canadian carriers”

Bernard

--------------------------------------
Bernard / bluboxthief / ei8fdb

IO91XM / Contact me: me.ei8fdb.org

[Nigel Worsley]

> I'd recommend trying out http://www.ebrahma.com/tools/ with a few IP
> addresses, as a demonstration of just ow inaccurate this can be. Both
> my work and home IP addresses show up as London. They're both actually
> in Manchester.

My work address is in Oxfordshire, but that site says it is in the Netherlands!
I think this would be the same for all BT openworld customers.

Most GeoIP services at least get my country right, that website is crap.

Nigle