Geolocation lookups in Linux (/Ubuntu)
Have written a short post on this before, but it seems that I've only scratched the surface 
For Ubuntu/Debian users, the APT package to install would be:
$ sudo apt-get install geoip-bin
MaxMind has (free and commercial) databases that can be queried using these command line tools in Linux. Installing the geoip-bin package installs the free version of the country database, but you don't need to stop there!
By default, the free IP-Country database is situated at /usr/share/GeoIP/GeoIP.dat. Do note that the APT package for it is NOT updated automatically, so you will need to update it yourself.
Grabbing hold of the other two free databases (they're updated monthly I think) and placing them the shared folder. IP-ASN is a nice way to quickly determine the ownership of an IP address, which you can follow up with actually looking through the WHOIS info should that be too generic. IP-City info comes with geolocation (lat-long coordinates!) info, which is very nice for plotting IP address lists on nice maps for analysis, or for the less technically inclined (or your bosses 
).
$ ls /usr/share/GeoIP/ GeoIPASNum.dat GeoIP.dat GeoLiteCity.dat
It appears that GeoIP and GeoIPASNum are queried automatically by default
$ geoiplookup 8.8.8.8 GeoIP Country Edition: US, United States GeoIP ASNum Edition: AS15169 Google Inc.
Now let's try querying for basic location information:
$ geoiplookup 8.8.8.8 -f /usr/share/GeoIP/GeoLiteCity.dat GeoIP City Edition, Rev 1: US, N/A, N/A, N/A, 38.000000, -97.000000, 0, 0
What are the MaxMind database versions currently "installed"?
$ geoiplookup 8.8.8.8 -v GeoIP Country Edition: GEO-106FREE 20120403 Build 1 Copyright (c) 2012 MaxMind Inc All Rights Reserved GeoIP ASNum Edition: GEO-117 20120402 Build 1 Copyright (c) 2012 MaxMind Inc All Rights Reserved $ geoiplookup 8.8.8.8 -f /usr/share/GeoIP/GeoLiteCity.dat -v GeoIP City Edition, Rev 1: GEO-533LITE 20120403 Build 1 Copyright (c) 2012 MaxMind Inc All Rights Reserved
If you want more verbose reporting (shows the IP address block that matched the query):
$ geoiplookup 8.8.8.8 -i GeoIP Country Edition: US, United States ipaddr: 8.8.8.8 range_by_ip: 8.7.211.0 - 8.14.223.255 network: 8.8.0.0 - 8.11.255.255 ::14 ipnum: 134744072 range_by_num: 134730496 - 135192575 network num: 134742016 - 135004159 ::14 GeoIP ASNum Edition: AS15169 Google Inc. ipaddr: 8.8.8.8 range_by_ip: 8.8.8.0 - 8.8.8.255 network: 8.8.8.0 - 8.8.8.255 ::24 ipnum: 134744072 range_by_num: 134744064 - 134744319 network num: 134744064 - 134744319 ::24 $ geoiplookup 8.8.8.8 -f /usr/share/GeoIP/GeoLiteCity.dat -i GeoIP City Edition, Rev 1: US, N/A, N/A, N/A, 38.000000, -97.000000, 0, 0 ipaddr: 8.8.8.8 range_by_ip: 8.7.228.0 - 8.8.37.255 network: 8.8.0.0 - 8.8.31.255 ::19 ipnum: 134744072 range_by_num: 134734848 - 134751743 network num: 134742016 - 134750207 ::19
Cooking all of this with a little CLI script-fu for mass lookups!
$ output=outputfile.csv; echo "ip,country" > $output; for i in $( cat /path/to/list-of-ips.txt ); do echo "$i,\"$( geoiplookup -f /usr/share/GeoIP/GeoIP.dat $i | cut -d' ' -f4-99 )\"" >> $output; done
HTH, and have fun!
Doing geolocation lookups in command line
Did you know that it's possible to do your own geoip lookups from the linux command line?
You need to install the geoip-bin package in Ubuntu/Debian's APT system:
sudo apt-get install geoip-bin
Then after which, lookups can be done as simply as:
$ geoiplookup 8.8.8.8 GeoIP Country Edition: US, United States
Note that the lookups are based on the GeoLite Country database. For more detailed geoip lookups you will need to buy the better databases.
Converting IDNs in Ubuntu
With the start of Internationalized domain names (IDNs) it sparked my interest since it requires conversion to punycode in order to continue working with existing DNS systems/applications, which work with ASCII.
Taking a search through Ubuntu's APT system, to see whether any IDN related tools are available...
$ apt-cache search punycode libidn11 - GNU Libidn library, implementation of IETF IDN specifications libidn11-dev - Development files for GNU Libidn, an IDN library idn - Command line and Emacs interface to GNU Libidn libidn11-java - Java port of the GNU Libidn library, an IDN implementation libidna-punycode-perl - encodes Unicode string in Punycode
There's the idn package! Which allows encoding of IDNs in punycode in the command line...
Doing an install...
$ sudo apt-get install idn -y
And trying it out!
$ idn правительство.рф libidn 1.15 Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Simon Josefsson. GNU Libidn comes with NO WARRANTY, to the extent permitted by law. You may redistribute copies of GNU Libidn under the terms of the GNU Lesser General Public License. For more information about these matters, see the file named COPYING.LIB. xn--80aealotwbjpid2k.xn--p1ai
And resolving the domain...
$ nslookup xn--80aealotwbjpid2k.xn--p1ai Non-authoritative answer: Name: xn--80aealotwbjpid2k.xn--p1ai Address: 95.173.135.62
Note that resolving the domain directly results in rubbish!
$ nslookup правительство.рф Non-authoritative answer: Name: \208\191\209\128\208\176\208\178\208\184\209\130\208\181\208\187\209\140\209\129\209\130\208\178\208\190.\209\128\209\132 Address: 67.215.65.132
So, basically from this we understand that applications will need to use the punycode encoded version of the IDN, NOT the original IDN, when resolving. And there're tools out there already can do that for us.
Since Ubuntu has these packages, Debian would also have the corresponding packages available too.