CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Documentation | Downloads
YAF 0.8.1 | NAF 0.6.0 | SiLK 1.0.1 | RAVE 1.9.9
fixbuf 0.7.3 | ipa 0.2.1 | airdbc 0.2.2 | airframe 0.7.2 | Portal 0.8.0
SiLK - Documentation - rwip2cc
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwip2cc - Maps IP addresses to country codes

SYNOPSIS

  rwip2cc { --address=IP_ADDRESS | --input-file=FILE }
        [--map-file=PMAP_FILE]

DESCRIPTION

rwip2cc maps from IP address to Country Code using the specified PMAP_FILE. PMAP_FILE must be a specially created data file as described in the ccfilter(3) man page.

Either the --address or --input-file switch is required.

The --address switch looks up the country code of a single IP address and prints it the standard output.

The --input-file switch reads data from the specified file (use stdin to read from the standard input) and prints, to the standard output, the country code for each IP it sees; the source IP is not printed. Blank lines in the input are ignored; comments, which begin at the # character and extend to the end of line, are also ignored. Each line that is not a blank or a comment should contain an IP address or a CIDR block; rwip2cc will complain if the line cannot be parsed. Note that for CIDR blocks, the CIDR block is exploded into its constituent IP addresses and the country code for each IP address is printed.

When the --map-file switch is not provided, rwip2cc will look for the pmap file in the following locations. ($SILK_PATH is value of the SILK_PATH environment variable, if it is set; the use of /usr/local/ assumes the tool exists in the /usr/local/bin/ directory.)

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--map-file=PMAP_FILE
Use the designated prefix mapping file instead of the default.

--address=IP_ADDRESS
Print to the standard output the country code for the single IP_ADDRESS.

--input-file=FILE
Print the country code for each IP address in FILE; use stdin to read from the standard input.

EXAMPLES

A single address using the default country code pmap:

  $ rwip2cc --address=10.0.0.0
  --

A single address using an older version of country code pmap:

  $ rwip2cc --map-file=old-addresses.pmap --address=128.2.0.0
  us

Multiple addresses:

  $ echo '10.0.0.0/31' | rwip2cc --input=stdin
  --
  --

SEE ALSO

ccfilter(3), rwgeoip2ccmap(1)

BUGS

Neither rwip2cc nor prefix map files support IPv6 addresses.

YAF | NAF | SiLK | RAVE | fixbuf | ipa | airdbc | airframe | Portal
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2008 Carnegie Mellon University