[HLUG] Router log IP lookup
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
Sat Jun 27 19:57:06 UTC 2009
Quoting Meijin <meijin.linux at googlemail.com>:
> Matthew Macdonald-Wallace wrote:
>> Quoting Meijin <meijin.linux at googlemail.com>:
>>
>>
>>> Evening All.
>>>
>>> Can any of you recommend a tool / script for running through router
>>> logs, pick out IP addresses and perform lookups on those to find domain
>>> info, etc ?
>>>
>>
>> Can't think of a tool of the top of my head, however if you can
>> export the logs you could probably script it in bash.
>>
>> What are you trying to achieve with this information?
>
> Just curious about what / who may be looking at my router
OK, if you've only got a few IPs that you want to check, you can run
the following from a linux command-line:
dig -x (IP ADDRESS)
which will give you an indication of where that IP Address resolves
to. If you're seeing a lot of traffic from a particular network, then
the next command will give you the owner of that netblock and who to
contact about hacking attempts.
If you can past a couple of lines from one of the logs, I'll try and
come up with a one-liner that will check them and pace the output in a
faile for you?
M.
--
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
http://www.truthisfreedom.org.uk/
More information about the Herefordshire
mailing list