zerotoroot - My Journey to Becoming a Hacker

zerotoroot - My Journey to Becoming a Hacker


Follow the path to becoming a hacker!

Julius
Author

Share


Subscribe to zerotoroot - My Journey to Becoming a Hacker


Subscribe to my newsletter to receive article notifications and regular updates.

Tags


zerotoroot - My Journey to Becoming a Hacker

How to Track Someone's IP Address to a Geographical Location

How do you trace an IP address to a physical location? That's one question that recently entered my mind. Another question on the road to seeking answers...

JuliusJulius

How do you trace an IP address to a physical location? That's one question that recently entered my mind. Another question on the road to seeking answers...

Before we can move on, let's define how you can link an IP address to a location.

Stumbling Upon Geolocation Services

Geolocation services enable you to either identify or estimate a geographical location using one, or multiple, criteria. The IP address is one of them. Others include the RFID, mac address, hardware embedded article number and much more.
Geolocation

The identification or estimation of the real-world geographic location of an object, such as a radar source, mobile phone, or Internet-connected computer terminal.
- Wikipedia

Now, although geolocating IP addresses might seem trivial, it's absolutely not. It requires good data quality ...That's why a lot of companies have emerged that offer these geolocation services.

How to Match an IP Address to a Location?

Now, to make good use of the technology provided by third-party companies, we, first, need to understand how they work. It will help us evaluate whether the result is accurate or pinpoint what issues could have caused it from being accurate.

Geolocation services basically are data companies. They connect an IP address, or another criteria, to a location. All this is contained in a database.

Geolocation Data Sources

Because IP addresses, inherently, do not carry any geographical information, the question then becomes:

Where do they get their data?

The answer is manifold:

The main source of IP address data are the regional internet registries (APNIC, ARIN,...), which allocate and distribute IP addresses amongst organizations.
Secondary sources:

  • Data mining activities. For example, a weather web site might ask visitors for a city name to find their forecast
  • Data contributed by ISPs.
  • Guesstimates from adjacent Class C range or found from network hops[1].

Geolocating that IP Address

The way we geolocate an IP address is by relying on one or multiple services. For the sake of this post, I will show you two, with slightly different approaches and programming effort:

  1. MaxMind database
  2. ipstack's API

1. Locating an IP address via MaxMind

With the first method, we will simply use Python together with a geolocation database. This will allow us to learn the principles of geolocation in Python.

$ wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
$ unzip GeoLite2-City-CSV_20180501.zip
$ pip install geoip2

With the database and the additional Python module, all we need to do is query the geolocation database and output its reply. Here is my sample code:

#!/usr/bin/env python

import geoip2.database
import sys

ip_address = ''
if sys.argv[1]:
	ip_address = sys.argv[1]
else:
	sys.exit(1)

# Needs to be the absolute path to the database file, not the relative one
reader = geoip2.database.Reader('/path/to/GeoLite2-db.mmdb')
response = reader.city(ip_address)

print "[*] Geolocating " + ip_address + "...\n"
print "Continent: " + response.continent.name
print "Country: " + response.country.name
print "City: " + response.city.name
print "Postal code: " + response.postal.code
print "Latitude: " + str(response.location.latitude)
print "Longitude: " + str(response.location.longitude)
print "Accuracy radius: " + str(response.location.accuracy_radius) + " km"
print "Confidence level: 67%" 

reader.close()

When run against a real-world IP address, it simply outputs the associated geolocation.

$ python ip2geo_location.py 77.136.85.55
[*] Geolocating 77.136.85.55...

Continent: Europe
Country: France
City: Bondy
Postal code: 93140
Latitude: 48.9018
Longitude: 2.4893
Accuracy radius: 200 km
Confidence level: 67%

That wasn't too difficult, was it?

2. Locating an IP address via ipstack

Using ipstack to get the location of an IP address, is as easy as one HTTP request. To do so, you need to sign up for a free account, which will provide you with an API key.

To get the geolocation, use the following URL and simply fill in the IP address and the api key.

http://api.ipstack.com/<ip-address>?access_key=<api-key>&format=1

Once done, use a program like curl to query the service:

$ curl http://api.ipstack.com/1.1.1.1?access_key=11112222&format=1
{
  "ip": "77.136.85.55",
  "type": "ipv4",
  "continent_code": "EU",
  "continent_name": "Europe",
  "country_code": "FR",
  "country_name": "France",
  "region_code": "IDF",
  "region_name": "\\u00cele-de-France",
  "city": "Bondy",
  "zip": "93140",
  "latitude": 48.9018,
  "longitude": 2.4893,
  ...
}

It's important to note that both, ipstack and Maxmind, provide the same location.

Whois the IP Address

After all this, a simple whois will tell us who the company behind the IP address is. Who does it belong to? To which company is it registered? This can provide us with further clues, as to whether the found out location does, ultimately, lead us to the user.

Simply head to https://www.whois.com/whois/77.136.85.55, or replace the last part of the URL with your IP address. The site provides you with the additional details.

...
role:           SFR Legal Contact
address:        Campus SFR
address:        12 rue Jean-Philippe Rameau
address:        CS 80001
address:        93634 La-Plaine-Saint-Denis Cedex
address:        France

In this case, the information tells us that the IP address belongs to SFR, which is a French internet and cellular network provider. Based on this data, one could guess that the person behind the IP address is an SFR customer and lives around Paris.

Accuracy of Geolocation Services

Last but not least, it's important to keep in mind the accuracy of the services we are using. Maxmind has created a nice summary table, showing how accurate their data is. Play around with the distance settings, e.g. changing it from 50 to 25km, and see how the accuracy changes.

maxmind-accuracy-table

In general, geolocation services claim the following accuracy:

Country: 95% accuracy
Region/State: 55 - 80% accuracy
City: 50 - 75% accuracy

It largely, however, depends on the definition of accuracy. Even if we are talking about a 200km radius, I don't think it's accurate.

I am quite skeptical after having done my own research. I have a contract with a French cellular network provider. When I was in Germany with my cellphone, I got assigned a French IP address, which then of course resolved to a French address. I will check this in other countries, but so far this is absolutely inaccurate.

And I'm not the only one.

So let's be skeptical of what companies claim their product to be capable of.


  1. Additional information on geolocation software, and where its data stems from. ↩︎

Julius
Author

Julius

View Comments