Geolocating an IP address

Identifying the location of an IP address helps system administrators in many situations, such as when tracing the origin of an attack, a network connection, or a harmless poster in their forums.

Gorjan Petrovski submitted three Nmap NSE scripts that help us geolocate a remote IP address: ip-geolocation-maxmind, ip-geolocation-ipinfodb, and ip-geolocation-geobytes.

This recipe will show you how to set up and use the geolocation scripts included with Nmap NSE.

Getting ready

For the script ip-geolocation-maxmind an external database is needed. Download Maxmind's city database from http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz and extract it to your local Nmap data folder ($NMAP_DATA/nselib/data/).

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.