You have probably noticed different services on the Internet which automatically know roughly where you are in the world. From music and video stream services to online stores, these services use a technique, called IP geolocation, which matches your approximate physical location with the IP address you are using. Whenever you connect to the Internet, your device is assigned an IP address from a pool of addresses which are allocated to the different telecommunication companies. The way these addresses work can be quite complicated, but because they are assigned in blocks, it is possible to build a database which maps a block of addresses to a country or even a particular area or city.
The good news is that doing these geolocation lookups isn’t only for the big corporate and mega websites. There are a number of free online services and even a command line tool for Linux which allows you to lookup IP addresses and get information about where that address is assigned. This can be very useful when you are investigating a suspicious email or strange comments left on a blog. It is also useful when using services that mask your IP address, like a VPN, to ensure that they are working as advertised.
To look up an IP address from the Linux command line, you need to install the “geoiplookup” tool. For Ubuntu and Raspbian use:
sudo apt-get install geoip-bin
To lookup an IP address type the following:
Replace 188.8.131.52 with the address you want to look up. In this example, the address 184.108.40.206 (which is one of Google’s DNS servers) is correctly reported as an address from the USA.
The database provided with your Linux distribution is probably out of date; you can check to see when it was created using the
geoiplookup -v 220.127.116.11
In this case, we see that the database was created in August 2013.
The geolocation database is provided by MaxMind, and the company refreshes its databases every month. You can update the database by downloading the latest files directly from MaxMind.com.
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz gunzip GeoIP.dat.gz sudo cp GeoIP.dat /usr/share/GeoIP/
You can now query the database again for its build date:
geoiplookup -v 18.104.22.168
The tool now reports that the database was created in April 2014.
MaxMind also provides a City database, which in many cases gives greater accuracy. To install it, use the following commands to download the database and copy it to the GeoIP directory:
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz gunzip GeoLiteCity.dat.gz sudo cp GeoLiteCity.dat /usr/share/GeoIP/
To get the city information, you need to tell the “
geoiplookup” tool to use the city database:
geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat 22.214.171.124
This time, geoiplookup tells us the address is in Florida and more specifically in Summerfield, Florida.
As well as the geoiplookup tool, there are a number of online services which can provide geolocation information. For example, if you open geoiptool.com in your web browser, the site will give you information about your current location.
Another site freegeoip.net has an API which is designed to be used in the backend of websites or from within applications. However, it can also be used from the command line using “
curl.” First, ensure that you have “
sudo apt-get install curl
To get geolocation information in XML format, use:
The XML output reveals that the IP address 126.96.36.199 is used in Evansville, Indiana. You can also get the same data in CSV or JSON format by changing the “xml” part of the URL to “csv” or “json” respectively.
The geoiplookup tool and the online services can be very useful. If you have any questions about using them, please ask in the comments section below.