[netsa-tools-discuss] ASNum / Organisation map
Evgeniy Sudyr
eject.in.ua at gmail.com
Sat Apr 2 06:39:50 EDT 2016
Hi all,
I found I'm missing mapping ASNum and Organisation information for
flows I'm analysing.
At the moment I have to adjust output results with own scripts, but
this is quite wrong (and slower) approach.
Maxmind provides not only GeoIP City, but also ASN databases under
Creative Commons Attribution-ShareAlike 3.0 Unported License there:
http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip
http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2v6.zip
As per documentation
https://tools.netsa.cert.org/silk/rwpmaplookup.html it's possible to
make mapping files for this purposes using rwpmaplookup, but I think
it make sense to create and include tool to SiLK toolkit like
rwgeoip2ccmap (rwgeoip2asnmap for example) to create a ASN code prefix
maps from a GeoLite ASN and GeoLite ASN IPv6 CSV files?
If go further - there are more databases from Maxmind available
(commercial) in CSV format - I have subscription for these two:
GeoIP2 ISP (example record from GeoIP2-ISP-Blocks-IPv4.csv file):
1.3.37.0/24,"China Telecom Guangdong","China Telecom Guangdong",,
It will be great to get this information in SiLK. What do you thick?
--
With regards,
Evgeniy Sudyr
More information about the netsa-tools-discuss
mailing list