CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Downloads | Documentation | Wiki | Tooltips
SiLK 2.1.0 | YAF 1.0.0.2 | IPA 0.4.0 | fixbuf 0.8.0 | Portal 0.9.0 | RAVE 1.9.16 | iSiLK 0.1.6
SiLK - Documentation - rwip2cc
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwip2cc - Maps IP addresses to country codes

SYNOPSIS

  rwip2cc { --address=IP_ADDRESS | --input-file=FILE }
        [--map-file=PMAP_FILE] [--print-ips={0,1}]
        [{--integer-ips | --zero-pad-ips}] [--no-columns]
        [--column-separator=CHAR] [--no-final-delimiter]
        [{--delimited | --delimited=CHAR}]
        [--output-path=PATH] [--pager=PAGER_PROG]
  rwip2cc --help
  rwip2cc --version

DESCRIPTION

rwip2cc maps from IP address to Country Code using the specified PMAP_FILE. PMAP_FILE must be a specially created data file as described in the ccfilter(3) man page.

Either the --address or --input-file switch is required. The --address switch looks up the country code of a single IP address and prints the country code to the standard output. The --input-file switch reads data from the specified file (use stdin or - to read from the standard input) and prints, to the standard output, the country code for each IP it sees. Blank lines in the input are ignored; comments, which begin at the # character and extend to the end of line, are also ignored. Each line that is not a blank or a comment should contain an IP address or a CIDR block; rwip2cc will complain if the line cannot be parsed. Note that for CIDR blocks, the CIDR block is exploded into its constituent IP addresses and the country code for each IP address is printed.

The --print-ips switch controls whether the IP is printed with its country code. When --print-ips=1 is specified, the output contains two columns: the IP and the country-code. When --print-ips=0 is specified, only the country code is given. The default behavior is to print the IP whenever the --input-file switch is provided, and not print the IP when --address is given.

When the --map-file switch is not provided, rwip2cc will look for the prefix map file in the following locations. ($SILK_PATH is value of the SILK_PATH environment variable, if it is set; the use of /usr/local/ assumes the tool exists in the /usr/local/bin/ directory.)

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--address=IP_ADDRESS

Print to the standard output the country code for the single IP_ADDRESS.

--input-file=FILE

Print the IP and country code for each IP address in FILE; use stdin to read from the standard input.

--map-file=PMAP_FILE

Use the designated prefix mapping file instead of the default.

--print-ips={0|1}

Controls whether the IP is printed. When the value is 1, the output contains two columns: the IP and the country-code. When the value is 0, only the country code is given. When this switch is not specified, the default behavior is to print the IPs only when input comes from a file (i.e., when --input-file is specified).

--integer-ips

Enable printing of IPs and print the IPs as integers. By default, IP addresses are printed in their canonical form.

--zero-pad-ips

Enable printing of IPs and print the IP addresses in their canonical form, but add zeros to the IP address so it fully fills the width of column. For IPv4, use three digits per octet, e.g, 127.000.000.001.

--no-columns

Disable fixed-width columnar output.

--column-separator=C

Use specified character between columns and after the final column. When this switch is not specified, the default of '|' is used.

--no-final-delimiter

Do not print the column separator after the final column. Normally a delimiter is printed.

--delimited
--delimited=C

Run as if --no-columns --no-final-delimiter --column-sep=C had been specified. That is, disable fixed-width columnar output; if character C is provided, it is used as the delimiter between columns instead of the default '|'.

--output-path=PATH

Determines where the output of rwuniq (ASCII text) is written. If this option is not given, output is written to the standard output.

--pager=PAGER_PROG

When output is to a terminal, invoke the program PAGER_PROG to view the output one screen full at a time. This switch overrides the SILK_PAGER environment variable, which in turn overrides the PAGER variable. If the value of the pager is determined to be the empty string, no paging will be performed and all output will be printed to the terminal.

--help

Print the available options and exit.

--version

Print the version number and information about how SiLK was configured, then exit the application.

EXAMPLES

A single address using the default country code prefix map:

  $ rwip2cc --address=10.0.0.0
  --

A single address using an older version of country code prefix map:

  $ rwip2cc --map-file=old-addresses.pmap --address=128.2.0.0
  us

Multiple addresses:

  $ echo '10.0.0.0/31' | rwip2cc --input=stdin
  --
  --

SEE ALSO

ccfilter(3), rwgeoip2ccmap(1)

BUGS

Neither rwip2cc nor prefix map files support IPv6 addresses.

SiLK | YAF | IPA | fixbuf | Portal | RAVE | iSiLK
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2009 Carnegie Mellon University