Hay en estas esquinas un rumor...

Contents

Geolocation of IP

One of the many IP resolvers [1] to let you know the whereabouts of an IP.

It is straightforward with many online tools to provide a location of an IP address. You'll find a lot of IP resolvers like whatsmyip.org, whatismyipaddress.com or other findmyipaddress.info to let you know that.

Once you know the longitude and latitude of the IP, it is also easy to locate it on a map, e.g., with Google maps.

This page is about generalizing geolocation of IPs to a numerous number of them, say, hundreds, that you would not be able to tackle on an individual basis with the above tools.

The input

We assume we have a list of IPs, e.g., from a website statistics. For illustrative purposes, we shall consider the following input (actually coming from a random sampling of this website traffic statistics).

81.102.87.123
195.88.33.108
82.113.121.184
88.0.91.95
95.108.150.235
70.36.100.147
189.15.20.120

Resolving locations

Our first task is to translate each IP into its actual location.

The best location I know to do so is ipinfodb.com, a website that provides for free (they accept donations) databases of IPs, with various degrees of location accuracy.

They inherit their services from Maxmind (Geolite City), that you might want to visit as well, but I found ipinfodb to provide sufficient services. They provide in particular a bash script to resolve IPs, that you can tweak to bring you the following information:

81.102.87.123,OK,GB,United Kingdom,Z1,Swansea,Swansea,,51.6333,-3.9667
195.88.33.108,OK,LV,Latvia,22,Preilu,Livani,,56.3667,26.1833
82.113.121.184,OK,DE,Germany,02,Bayern,Munich,,48.15,11.5833
88.0.91.95,OK,ES,Spain,54,Castilla-La Mancha,Toledo,,39.8667,-4.0167
95.108.150.235,OK,RU,Russian Federation,48,Moscow City,Moscow,,55.7522,37.6156
70.36.100.147,OK,US,United States,06,California,Los Angeles,90017,34.053,-118.264
189.15.20.120,OK,BR,Brazil,15,Minas Gerais,Uberlândia,,-18.9167,-48.3

They put you in a queue if your rate of queries is too high, but it's still good enough to get your results in hours for several thousands of IPs. If it's not fast enough, you can use their database locally.

Placing locations on a map

From the latitude (that's 51.6333 of our first input) and longitude (that's -3.9667), you can create, e.g., a kml file, that you can pass to Google map.

<?xml version="1.0" encoding="UTF-8"?>
<kml xmlns="http://www.opengis.net/kml/2.2">
<Placemark>
  <name>New York City</name>
  <description>New York City</description>
  <Point>
    <coordinates>-74.006393,40.714172,0</coordinates>
  </Point>
</Placemark>
<Placemark>
  <name>New York City 2</name>
  <description>New York City 2</description>
  <Point>
    <coordinates>-74.0,40.71,0</coordinates>
  </Point>
</Placemark>
</kml>

If you are using MediaWiki, as I'm doing right now, you can use Evan Miller's wonderful extension to display the result:

<googlemap lat="32.82422" lon="48.481141">
32.81134, 48.498341, One of many [[gas stations]] in town
32.82448, 48.504848, The [[town hall]]
</googlemap>

That gives:

<googlemap lat="32.82422" lon="48.481141"> 32.81134, 48.498341, One of many gas stations in town 32.82448, 48.504848, The town hall </googlemap>

Accuracy

The technique I've shown resolves up to the city only, not to the street as is sometimes feasible with IPs. It's not too much of a nuisance, but a freak control would like to get as much of it as possible. If you know databases more accurate than the ones I have proposed, please contact me.

With online tools, one can resolve the hostname of an IP, which sometimes gives more information. For instance, for the IPs selected above:

cpc5-sket1-0-0-cust890.swan.cable.ntl.com
no reverse DNS for this IP
184.121.113.82.net.de.o2.com
95.Red-88-0-91.dynamicIP.rima-tde.net
sticker00.yandex.ru
no reverse DNS for this IP
189-015-20-120.xd-dynamic.ctbcnetsuper.com.br

so, in this case, there's little added, but otherwise the IP may come from a university or even a laboratory, a bot, etc.

Because of this city coarse graining, you should script it so that different IPs that resolve to the same city do not generate more than one marker. The following code does just this. It creates a kml file with description the list of IPs.