NewsForumsCodeLogsGallerySpecsSearch

How to locate a server?

Community Forums/General Help/How to locate a server?

Happy Sammy(Posted 2009) [#1]
Hi all,

Given a web site(eg. www.abcdefg.com), how could we know the country the server located (eg. USA, UK, etc.)

Thanks in advance


TaskMaster(Posted 2009) [#2]
Go to a site like this and research it...

http://www.dnsstuff.com/tools


xlsior(Posted 2009) [#3]
It's a bit cumbersome, but this is what it boils down to:
- Each domain name has an IP address associated with it
- These IP addresses are handed out / governed by several agencies, depending on the continent they are on. These are registred in apublic database that can be queried.

For Example:
ARIN -> North American
RIPE -> Europe
APNIC -> Asia/Pacific
AfriNIC -> Africa

Each of these run so-called WhoIs servers, which can be queried for extended information on the IP address (or block) in question.

WHOIS is a very, very simple protocol: All you need to do is connect to port 43 of a whois server, and send the domain name or IP address for the site in question. 'normal' whois servers that can only look up domain names, to find out the geographical location you're going to have to query the whois servers of ARIN and the likes, and you'll need the IP for that.

- Open a TCP connection to port 43 on whois.arin.net
- Send the IP address you're curious about
- Parse the results.

for example: if you send 4.4.2.2 to whois.arin.net, you'll get a bunch of information, among which is the following:

OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

NetRange: 4.0.0.0 - 4.255.255.255
CIDR: 4.0.0.0/8
NetName: LVLT-ORG-4-8
NetHandle: NET-4-0-0-0-1
Parent:
NetType: Direct Allocation



and looking at the Country: field, you can tell that the server on IP 4.4.2.2 is in the US.

Now, if we try to look for example yahoo.jp, which we'd guess is probably in Japan, we do the same thing: Resolve the domain name to an IP: 124.83.139.192

However, now when we ask whois.arin.net about 124.83.139.192, it returns different information:


OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 124.0.0.0 - 124.255.255.255
CIDR: 124.0.0.0/8
NetName: APNIC-124
NetHandle: NET-124-0-0-0-1
Parent:
NetType: Allocated to APNIC



As you can see, it's allocated to one of the other registries, and lists a ReferralServer: whois.apnic.net.
That means you'll need to do a SECOND query, against the whois.apnic.net server on port 43 as well.

It returns the following:

% APNIC found the following authoritative answer from: whois.apnic.net
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 124.83.128.0 - 124.83.255.255
netname: YAHOO-NET
descr: Internet Content Provider
country: JP
admin-c: YJ982-AP
tech-c: YJ982-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-AP-YAHOO-JP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@... 20060221
changed: hm-changed@... 20070608
source: APNIC
role: YAHOO JAPAN



As you can tell, it shows 'Country: JP', which means Japan.

Now, things may get a little murky when you are talking about large ISP's that span across national borders and/or run web proxy servers, but for the vast majority of cases the returned information will be accurate.

(you can do a quick test and see for yourself simply by opening a command prompt on your PC, and type:
telnet whois.arin.net 43

This will give you a blank screen with blinking cursor. Type the IP address you want to know about, hit enter, and bam -- you should see the results.


TaskMaster(Posted 2009) [#4]
WhoIs gives ownership, not actual location. Some other tools are capable of giving actual location, down to the city. I have never really researched how they do it, so I do not know the specifics.


BlitzSupport(Posted 2009) [#5]
Just out of curiosity, I thought I'd try xlsior's whois explanation in BlitzMax (the initial lookup anyway):

SuperStrict

Local socket:TSocket = CreateTCPSocket ()

If socket

	If ConnectSocket (socket, HostIp ("whois.tucows.com"), 43)
	
		Local stream:TSocketStream = CreateSocketStream (socket)
		
		If stream
		
			WriteString stream, "bbc.co.uk" + Chr (13) + Chr (10)
			
			Local result:String
			
			While Not Eof (stream)
			
				result = ReadLine (stream)
				Print result
				
			Wend
			
			CloseStream stream
	
		EndIf
		
		CloseSocket socket
		
	EndIf

EndIf



_PJ_(Posted 2009) [#6]
This was kinda helpful, seems you'd need to do a few different checks to various administrative/registration co's.

http://www.private.org.il/IP2geo.html