def cc(ip_addr, asn): ''' Find the best potential geolocation for the ip address with the given asn number. :param ip_addr: address :param asn: its asn number :return: ''' if asn in ['9560']: return "NZ" if "Probe" in ip_addr: return "NZ" if "Private" in ip_addr or "Hop" in ip_addr: return unk_cc results = geoloc.country_code_all(ip_addr, filter_nones=True) if "known_networks" in results: return results["known_networks"] if "geoip" in results: return results["geoip"] if "ip2location" in results: return results["ip2location"] return mystery_cc # could not geolocate
def geolocation_anomalies(): ''' Look for potential ip addresses in the traces whose geolocations are in dispute. Saves results in potential-anomalies.json :param paths: paths to check. ''' global PATHS potential_anomalies = {} for path in PATHS: for hop in path['path']: addr = hop["addr"] if undecidable(addr): continue georesult = geoloc.country_code_all(addr, filter_nones=True) if "known_networks" in georesult: continue # authoritative answer unique_answers = list(set(georesult.values())) if len(unique_answers) == 1: continue # definitive answer potential_anomalies[addr] = unique_answers global OUTPUT_DIR with open(OUTPUT_DIR + "/potential-anomalies.json", "wb") as f: json.dump(potential_anomalies, f, indent=2)