[Update 03/30/2009: After making sure that people won’t be able to bring down my server, you can try a live example, by clicking the following link (you will still need Google Earth on your computer): Trace the path from my server to your system ]
[Update 04/07/2009: If you like this post, you may also want to take a look at the Google Earth Forensics post, which is IMHO a lot cooler ]
[Update 04/16/2009: I added a link to source code at the end of this post. ]
I played a bit more with the idea that I presented in “Apache access_log to Google Earth KML” and, I think, I came up with something extremely cool.
When you surf around on the Internet (or use any TCP/IP service), your data is being routed through an endless list of gateways. Your packets are hopping from one system to the next one, until the final destination has been reached. And data served by the remote destination is hopping it’s way back to you.
On Unix we have the traceroute utility (on Windows it’s called ‘tracert’) that allows you to figure out the route that your packets are taking to a remote destination.
In my web server’s access_log I can see a line where a host at the ip-address 22.214.171.124 accessed a certain url on my server. Resolving that ip-address to a name (via “host 126.96.36.199″) reveals that it is one of Yahoo.com’s crawlers. Using traceroute on the same address shows the following (I changed my internal network address to aaa.bbb.ccc.ddd below):
$ traceroute -q 1 -e -I 188.8.131.52
traceroute to 184.108.40.206 (220.127.116.11), 64 hops max, 60 byte packets
1 netgear (aaa.bbb.ccc.ddd) 0.781 ms
2 208-3-81-1.cnsp.net (18.104.22.168) 12.871 ms
3 22.214.171.124 (126.96.36.199) 35.880 ms
4 sl-bb20-ana-0-0.sprintlink.net (188.8.131.52) 54.828 ms
5 sl-crs2-ana-0-13-5-0.sprintlink.net (184.108.40.206) 40.534 ms
6 220.127.116.11 (18.104.22.168) 39.042 ms
7 cr1.la2ca.ip.att.net (22.214.171.124) 54.288 ms
8 cr1.sffca.ip.att.net (126.96.36.199) 51.418 ms
9 188.8.131.52 (184.108.40.206) 45.766 ms
10 220.127.116.11 (18.104.22.168) 49.140 ms
11 so-1-0-0.pat1.swp.yahoo.com (22.214.171.124) 72.021 ms
12 as0.pat1.gqb.yahoo.com (126.96.36.199) 73.443 ms
13 xe-5-0-0.msr1.gq1.yahoo.com (188.8.131.52) 73.514 ms
14 xe-8-0-0.clr2-a-sat.gq1.yahoo.com (184.108.40.206) 76.818 ms
15 te-6-0.bas5-2-con.gq1.yahoo.com (220.127.116.11) 79.453 ms
16 llf320059.crawl.yahoo.net (18.104.22.168) 76.748 ms
This output tells me that it takes roughly 80 milliseconds to get packets from my system to the final destination at Yahoo. However, it does not tell me what geographical path my packets take.
Hold on to your socks, because here’s the same path after I ran it through my little traceroute visualization tool (displayed in Google Earth):
The tool I created this morning, will automatically run a traceroute to any ip-address and it will create a Google Earth compatible KML file. Again we are using Marc’s free database to map ip-addresses to locations on the map. For each hop it records the hop’s ip-address, name and, if available, location. The tool also creates a tour that allows to jump from hop to hop in an animated fashion, until you arrive at your final destination where even more information (Whois) is displayed.
When you try one of the sample files below in Google Earth, just double-click the “Animate Route (play me)” item in the “Places” area:
As you jump from hop to hop, information about the current gateway is being displayed roughly in the geo location where that gateway is physically located (the free database mentioned above does have some hosts that are not mapped and I’m skipping those automatically).
And here are two KMZ files that you can download to Google Earth in order to see the stuff:
“Complete” above means that I was able to trace the route all the way to the destination host. And “Incomplete” means that I aborted the trace after a number of systems along the path did not respond to my trace queries.
And if you want to see a live example, click the following link to see the path from my server to your system.
The perl code for the little tool is now available at: 2009-04-16-gtrace.pl.gz (gzip compressed perl file – 2.5KB).