gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57851100.hantslug.org.uk.31402': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Wed Oct 15 11:16:39 2008 BST
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Wed, Oct 15, 2008 at 10:59:52AM +0100, Victor Churchill wrote:
> Hi,
>
> what tools do people prefer to use to do IP address lookups? I am
> often in the situation where I see something a bit curious in an
> Apache server log and want to see where a browser client is coming
> from.
>
> I copy/paste the IP address (e.g. 123.123.123.123) into a shell window to run:
>
> $ whois 123.123.123.123
>
> $ nslookup 123.123.123.123
>
> $ dig 123.123.123.123
>
> One of these may come up with something useful such as the
> organisation or originating country or something to satisfy my
> curiosity and soothe (or raise) my concerns.
> But the above set of commands include a load of output that I don't
> understand and do not always agree on who/where a connection is coming
> from.
nslookup and dig do the same thing. whois is a different tool, and
does something different to the other two.
dig looks up things in the DNS. In this case, you may find the -x
option more helpful than without -- this will give you the reverse DNS
records for the IP address, if any. Often, this will give you some
clue as to who provides the connectivity. RDNS is usually, for
consumer connections, set to an FQDN controlled by the ISP.
whois queries the WHOIS database (duh!). This contains two sorts of
records: a whois query on an FQDN (e.g. "carfax.org.uk") will give you
details of the owner of the domain name, and the DNS registrar who
holds the tag. A whois query on an IP address will give you details on
who the IP range is allocated to -- this is usually an ISP.
So, in Europe, RIPE allocate large blocks of IP addresses to
organisations, and keep a record of who has what. If the ISP sells on
a fixed IP range to a customer, that also gets registered. So, for
example, you can query "whois 81.5.136.17" and see that the range
81.5.136.16 - 81.5.136.23 has been allocated to "Eclipse ADSL
Customer" (in this case, me).
"dig -x 81.5.136.17" will also tell you that it's an address
allocated from *.dsl.eclipse.net.uk -- again, pointing at the ISP. If
I'd set up RDNS records through Eclipse, it would show something like
"vpn.carfax.org.uk", and you would then be able to use "whois
carfax.org.uk" to find out who I am -- but in this case, you can't.
Hope that clears up some of the uses of the tools...
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- Nothing right in my left brain. Nothing left in ---
my right brain.
