MDLog:/sysadmin

The Journal Of A Linux Sysadmin

Use Geoiplookup to Quickly Find Out the Origin of Any IP

| Comments

For various reasons, I have to look from time to time at one particular IP and try to find out some information about it. Until I have found out about geoiplookup, this was something like: nslookup to get the reverse of the IP, and then whois to find out more details (maybe also traceroute/mtr, etc.). But now I will always start with geoiplookup as it instantly shows me the location (read country) of the respective IP.

Geoiplookup is included in the Maxmind C library that you will probably already have installed in case you are using any geoip related applications. This also includes the free GeoLite Country database that is used for the lookups. In case you don’t have the GeoIP C library already installed on a Debian system, you can install it very simple (you might have the libgeoip1 already installed but not geoip-bin; the later one includes the geoiplookup utility):

apt-get install libgeoip1 geoip-bin

Once installed you can use the geoiplookup utility from the command line to get the country of any IP (or hostname):

geoiplookup ipaddress|hostname

For example:

geoiplookup www.ducea.com
GeoIP Country Edition: US, United States

This shows me in one command line where the IP that resolves to that particular hostname is located. Normally this is used with the IP, but I didn’t wanted to include here any real IPs. The result will be identical.

The GeoLite Country database is quite accurate from my experience, but you should update it (they make available a new release each month). To see when the database you are using was build:

1
2
geoiplookup -v
GEO-106FREE 20060601 Build 1 Copyright (c) 2006 MaxMind LLC All Rights Reserved

Comments