6. Analysis modules
6.1 How can I convert an IP address into an AS (Autonomous System) number?
Use the
ASFinder
perl module. The ASFinder module is a perl interface
for routing-table-based IP to AS lookups. As such, ASFinder
requires as input a preprocessed routing table (the output of
show ip bgp
on a Cisco router processed by
parse_bgp_dump
).
See the answer to
How do I get routing tables for ASFinder?
for a description of how to get required routing table.
A tool to parse the ASCII output from
MRTD may be released
someday if there is demand.
The
crl_bycountry
application shows the the amount of traffic flowing to and from
networks, and between networks, ASes, and countries.
ASFinder can be built as a module independent of the rest of the CoralReef package.
6.2 How do I get routing tables for ASFinder?
Go to
archive.routeviews.org, which has archived BGP dumps beginning
with April 2001. Choose the directory for the month corresponding to
the trace you wish to analyze, and then choose the file with the
timestamp closest to the trace you wish to analyze. So if you took your
trace at 2:00pm on August 8, 2001, you would choose
2001.08 to go to the August 2001 directory, and then choose
oix-full-snapshot-2001-08-08-1401.dat.bz2
to get the trace taken at 14:01 on August 8th.
After downloading that gzipped file, run
parse_bgp_dump <file.gz>
to preprocess the routing table
information (this may take up to an hour on slower machines).
parse_bgp_dump
may generate
warnings about not being able to find a unique AS for some prefixes.
These warnings can be safely ignored. The program will finally generate
a file called route2country_NO_DATE
(parse_bgp_dump
cannot parse the date from the file format
currently used for the route views archives).
This file
should be acceptable as input to ASFinder
.
Next Previous Contents