├── IP_location.py ├── README.md ├── image ├── info.png ├── iplist.png └── pcap.png ├── iplist.txt └── out.pcap /IP_location.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #coding:utf-8 3 | import urllib2 4 | import json 5 | import time 6 | import sys 7 | import dpkt 8 | import socket 9 | from optparse import OptionParser 10 | 11 | reload(sys); 12 | sys.setdefaultencoding('utf-8'); 13 | 14 | url = 'http://ip.taobao.com/service/getIpInfo.php?ip=' 15 | 16 | def checkTaobaoIP(ip, fout1, fout2, fout3, fout4): 17 | try: 18 | response = urllib2.urlopen(url + ip, timeout=10) 19 | result = response.readlines() 20 | data = json.loads(result[0]) 21 | #sys.exit(1) 22 | 23 | if data['data']['country'] == "中国": 24 | print >>fout1, "%15s: %s-%s-%s" % (ip,data['data']['country'],data['data']['region'],data['data']['city']) 25 | #if data['data']['region'] == "四川": 26 | #print >>fout2, "%15s: %s-%s-%s-%s" % (ip,data['data']['country'],data['data']['region'],data['data']['city'],data['data']['county']) 27 | #if data['data']['city'] == "成都": 28 | #print >>fout3, "%15s: %s-%s-%s-%s" % (ip,data['data']['country'],data['data']['region'],data['data']['city'],data['data']['county']) 29 | if data['data']['city'] == "内网IP": 30 | return 31 | return "%15s: %s-%s-%s" % (ip,data['data']['country'],data['data']['region'],data['data']['city']) 32 | except Exception,err: 33 | print "[error] %s" % err 34 | print >>fout4, "%s" %ip 35 | return "%15s: time out" % ip 36 | 37 | def parseIPlistLocation(IPfile): 38 | try: 39 | f = open(IPfile, "r+") 40 | ips = f.readlines() 41 | f.close() 42 | fout1 = open("out_country.txt", "wb") 43 | fout2 = open("out_region.txt", "wb") 44 | fout3 = open("out_city.txt", "wb") 45 | fout4 = open("out_error.txt", "wb") 46 | 47 | f = open('ip-location.txt', 'w') 48 | for ip in ips: 49 | line = checkTaobaoIP(ip.strip(), fout1, fout2, fout3, fout4) 50 | if line: 51 | print line.encode('utf-8') 52 | f.write(line.encode('utf-8')+'\n') 53 | else: 54 | continue 55 | #print line 56 | #f.write(line+'\n') 57 | f.close() 58 | fout1.close() 59 | fout2.close() 60 | fout3.close() 61 | fout4.close() 62 | print "Done!" 63 | except Exception,err: 64 | print "[error] %s" % err 65 | 66 | def printPcap(pcap, if_srcIp, if_dstIP): 67 | flowList = [[] for i in range(20000)] 68 | counts = 0 69 | countFlow = [0]*20000 70 | isFlag = 0 71 | fout = open("out_IP.txt", "wb") 72 | for (ts,buf) in pcap: 73 | try: 74 | eth = dpkt.ethernet.Ethernet(buf) 75 | if not isinstance(eth.data, dpkt.ip.IP): 76 | #print('Non IP Packet type not supported %s' % eth.data.__class__.__name__) 77 | continue 78 | ip = eth.data 79 | if isinstance(ip.data, dpkt.icmp.ICMP): 80 | #print "Not UDP Packet" 81 | continue #filter tcp packets 82 | if isinstance(ip.data, dpkt.igmp.IGMP): 83 | #print "Not UDP Packet" 84 | continue #filter tcp packets 85 | src = socket.inet_ntoa(ip.src) 86 | dst = socket.inet_ntoa(ip.dst) 87 | 88 | udp = ip.data 89 | if counts == 0 : 90 | flowList[0].append(src) 91 | flowList[0].append(udp.sport) 92 | flowList[0].append(dst) 93 | flowList[0].append(udp.dport) 94 | counts = counts + 1 95 | countFlow[0] = 1 96 | '''if flowList[0][2] == '119.23.18.179':''' 97 | if if_srcIp == True: 98 | print >>fout, "%s"% (flowList[0][0]) 99 | print "%s"% (flowList[0][0]) 100 | if if_dstIP == True: 101 | print >>fout, "%s"% (flowList[0][2]) 102 | print "%s"% (flowList[0][2]) 103 | continue 104 | #print flowList[0][0],flowList[0][1],flowList[0][2],flowList[0][3] 105 | 106 | if if_srcIp == True: 107 | for i in range(0, counts): 108 | if flowList[i][0] == src: 109 | countFlow[i] = countFlow[i] + 1 110 | isFlag = 1 111 | break 112 | else: 113 | isFlag = 0 114 | continue 115 | 116 | if if_dstIP == True: 117 | for i in range(0, counts): 118 | if flowList[i][2] == dst: 119 | countFlow[i] = countFlow[i] + 1 120 | isFlag = 1 121 | break 122 | else: 123 | isFlag = 0 124 | continue 125 | 126 | if i == counts - 1 and isFlag == 0: 127 | flowList[counts].append(src) 128 | flowList[counts].append(udp.sport) 129 | flowList[counts].append(dst) 130 | flowList[counts].append(udp.dport) 131 | '''if flowList[counts][2] == '119.23.18.179':''' #filter some packets relying on dstIP 132 | if if_srcIp == True: 133 | print >>fout, "%s"% (flowList[counts][0]) 134 | print "%s"% (flowList[counts][0]) 135 | if if_dstIP == True: 136 | print >>fout, "%s"% (flowList[counts][2]) 137 | print "%s"% (flowList[counts][2]) 138 | 139 | countFlow[counts] = 1 140 | counts = counts + 1 141 | 142 | isFlag = 0 143 | except Exception,err: 144 | print "[error] %s" % err 145 | 146 | fout.close 147 | 148 | if __name__ == "__main__": 149 | 150 | #pcap_path = "./3.03.cap " 151 | #ip_path = "./iplist.txt" 152 | 153 | parser = OptionParser() 154 | parser.add_option( 155 | "--pcapfile", dest="pcapfile", 156 | action='store', type='string', 157 | help="special the pcap file path", 158 | default=None 159 | ) 160 | 161 | parser.add_option( 162 | "--IPfile", dest="IPfile", 163 | action='store', type='string', 164 | help="special the IP list file path", 165 | default=None 166 | ) 167 | 168 | parser.add_option( 169 | "-s", "--srcIP", action="store_true", 170 | help="parse pcapfile srcIP location", 171 | dest="srcIP", default=False 172 | ) 173 | 174 | parser.add_option( 175 | "-d", "--dstIP", action="store_true", 176 | help="parse pcapfile dstIP location", 177 | dest="dstIP", default=False 178 | ) 179 | 180 | (options, args) = parser.parse_args() 181 | 182 | '''print usage ''' 183 | #print "usage1, only parse ip-list location: python IP_location.py --IPfile==./iplist.txt " 184 | #print "usage2, parse srcIP location in pcap: python IP_location.py -s --pcapfile==./101.pcap " 185 | 186 | if (options.pcapfile is None) and (options.IPfile is None): 187 | print "please input the file path..." 188 | sys.exit(0) 189 | 190 | if options.srcIP == True and options.dstIP == True: 191 | print "either -s or -d, can not both" 192 | sys.exit(0) 193 | 194 | print "Let's start!" 195 | print "------------------------------" 196 | 197 | if options.IPfile is not None: 198 | parseIPlistLocation(options.IPfile) 199 | sys.exit(0) 200 | 201 | if options.pcapfile is not None: 202 | if (options.srcIP or options.dstIP) == False: 203 | print "choose -s or -d" 204 | sys.exit(0) 205 | f = open(options.pcapfile) 206 | try: 207 | pcap = dpkt.pcapng.Reader(f) 208 | except: 209 | print "it is not pcapng format..." 210 | f.close() 211 | f = open(options.pcapfile) 212 | pcap = dpkt.pcap.Reader(f) 213 | printPcap(pcap, options.srcIP, options.dstIP) 214 | parseIPlistLocation("./out_IP.txt") 215 | f.close() 216 | sys.exit(0) 217 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IP-location 2 | batch query IP location information,批量查询IP地理位置信息 3 | 4 | ### 测试环境 5 | Ubuntu 16.04 64bit 6 | 7 | ### 工具详细信息打印 8 | 运行程序:python IP_location.py -h 9 | ![Image test](https://github.com/scu-igroup/IP-location/blob/master/image/info.png) 10 | 11 | ### IP清单文件中IP地理信息的查询 12 | 运行程序:python IP_location.py --IPfile=./iplist.txt 13 | ![Image test](https://github.com/scu-igroup/IP-location/blob/master/image/iplist.png) 14 | 15 | ### 批量查询pcap文件中的IP地理信息 16 | 运行:python IP_location.py --pcapfile=./out.pcap –s 17 | ![Image test](https://github.com/scu-igroup/IP-location/blob/master/image/pcap.png) 18 | 19 | 20 | -------------------------------------------------------------------------------- /image/info.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NewBee119/IP-location/1ed95335b8700773c3032be3b189b48c8c2b2f30/image/info.png -------------------------------------------------------------------------------- /image/iplist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NewBee119/IP-location/1ed95335b8700773c3032be3b189b48c8c2b2f30/image/iplist.png -------------------------------------------------------------------------------- /image/pcap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NewBee119/IP-location/1ed95335b8700773c3032be3b189b48c8c2b2f30/image/pcap.png -------------------------------------------------------------------------------- /iplist.txt: -------------------------------------------------------------------------------- 1 | 79.166.237.196 2 | 151.237.76.4 3 | 86.115.8.114 4 | 39.90.172.72 5 | 58.40.80.48 6 | 61.170.136.100 7 | 175.146.13.86 8 | 88.250.25.192 9 | 182.151.200.18 10 | 111.9.44.141 11 | 119.4.113.79 12 | 183.220.184.107 13 | -------------------------------------------------------------------------------- /out.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NewBee119/IP-location/1ed95335b8700773c3032be3b189b48c8c2b2f30/out.pcap --------------------------------------------------------------------------------