Next Previous Contents

6. Analysis modules

6.1 How can I convert an IP address into an AS (Autonomous System) number?

Use the ASFinder perl module. The ASFinder module is a perl interface for routing-table-based IP to AS lookups. As such, ASFinder requires as input a preprocessed routing table (the output of show ip bgp on a Cisco router processed by parse_bgp_dump). See the answer to How do I get routing tables for ASFinder? for a description of how to get required routing table. A tool to parse the ASCII output from MRTD may be released someday if there is demand.

The crl_bycountry application shows the the amount of traffic flowing to and from networks, and between networks, ASes, and countries.

ASFinder can be built as a module independent of the rest of the CoralReef package.

6.2 How do I get routing tables for ASFinder?

Go to archive.routeviews.org, which has archived BGP dumps beginning with April 2001. Choose the directory for the month corresponding to the trace you wish to analyze, and then choose the file with the timestamp closest to the trace you wish to analyze. So if you took your trace at 2:00pm on August 8, 2001, you would choose 2001.08 to go to the August 2001 directory, and then choose oix-full-snapshot-2001-08-08-1401.dat.bz2 to get the trace taken at 14:01 on August 8th. After downloading that gzipped file, run parse_bgp_dump <file.gz> to preprocess the routing table information (this may take up to an hour on slower machines). parse_bgp_dump may generate warnings about not being able to find a unique AS for some prefixes. These warnings can be safely ignored. The program will finally generate a file called route2country_NO_DATE (parse_bgp_dump cannot parse the date from the file format currently used for the route views archives). This file should be acceptable as input to ASFinder.


Next Previous Contents