Geolocating an IP address

Identifying the location of an IP address helps system administrators in many situations, such as when tracing the origin of an attack, a network connection, or a harmless poster in their forums.

Gorjan Petrovski submitted three Nmap NSE scripts that help us geolocate a remote IP address: ip-geolocation-maxmind, ip-geolocation-ipinfodb, and ip-geolocation-geobytes.

This recipe will show you how to set up and use the geolocation scripts included with Nmap NSE.

Getting ready

For the script ip-geolocation-maxmind an external database is needed. Download Maxmind's city database from http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz and extract it to your local Nmap data folder ($NMAP_DATA/nselib/data/).

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nmap 6: Network Exploration and Security Auditing Cookbook by Paulino Calderon Pale

Geolocating an IP address

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly