Section 20.1 Tracing a Numeric IP Address with nslookup

Previous page
Table of content
Next page
   

20.1 Tracing a Numeric IP Address with nslookup

Usually, all that your system's logs and other messages regarding a break-in will reveal of the intruder is the numeric IP (Internet Protocol) address of the system that he used. (Also, they may show a system name and a user name.) Fortunately, finding out about this system is easy. To get the fully qualified host name for numeric address b1.b2.b3.b4 issue the command

 
 nslookup -type=any b4.b3.b2.b1.in-addr.arpa

Note that the order of the bytes of the IP address must be reversed. Suppose the logs show the intruder's IP address is 192.9.25.4. Reverse the order of the bytes to get 4.25.9.192. Then issue the command

 
 nslookup -type=any 4.25.9.192.in-addr.arpa

You will see output similar to

 
 Server:  mindspring.com Address:  207.69.200.201 4.25.9.192.in-addr.arpa name = pluto.Sun.COM

The name to the left of the .COM is the domain name, Sun.

   
Top

Previous page
Table of content
Next page
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
101 Microsoft Visual Basic .NET Applications
Ruby Cookbook (Cookbooks (OReilly))
InDesign Type: Professional Typography with Adobe InDesign CS2
Sap Bw: a Step By Step Guide for Bw 2.0
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy