PowerShell Problem Solver: Where is that IP?

Posted on May 13, 2015 by Jeff Hicks in PowerShell with 0 Comments

In a previous PowerShell Problem Solver article, I used PowerShell to convert a ctime value to a proper datetime format. I had a list of IP addresses as part of the same troubleshooting process, and this is something you also might come across in a log file.

I wanted to be figure out where the IP address was coming from. For example, I might have an IPv4 address like this:

What is the IP address’ country of origin? Fortunately, I knew of a website that provides that information. Although I initially accessed this from the website, I wanted to access this information from PowerShell. To simplify this process, PowerShell 3.0 introduced a new cmdlet called New-WebServiceProxy. You can use the cmdlet to create a special type of object that acts as a proxy to the web service. You don’t have to figure out any arcane syntax to use the web service. Everything is exposed as an object that’s complete with method members. Let me show you.

First, I need to create the proxy object.

Most of the time the proxy properties don’t really matter.

Proxy properties in Windows PowerShell. (Image Credit: Jeff Hicks)

Proxy properties in Windows PowerShell. (Image Credit: Jeff Hicks)

What’s really interesting is what I can do with the proxy object. Pipe the object to Get-Member and discover its methods.

Piping our proxy object to Get-Member in Windows PowerShell. (Image Credit: Jeff Hicks)

Piping our proxy object to Get-Member in Windows PowerShell. (Image Credit: Jeff Hicks)

You might also need to read any documentation from the associated site about these methods. Instead of trying to construct a URL to invoke these methods, I can use PowerShell and the proxy object. Let’s look at the GetGeoIP method.

The GetGeoIP method in Windows PowerShell. (Image Credit: Jeff Hicks)

The GetGeoIP method in Windows PowerShell. (Image Credit: Jeff Hicks)

It looks like all I need to do is give it an IP address as a parameter. Let’s test.

Providing an IP address as a parameter for GetGeoIP. (Image Credit: Jeff Hicks)

Providing an IP address as a parameter for GetGeoIP. (Image Credit: Jeff Hicks)

Well that was easy. I should also see what happens when this fails because eventually I’m going to want to use this in a function.

Invalid IP address error with GetGeoIP. (Image Credit: Jeff Hicks)

Invalid IP address error with GetGeoIP. (Image Credit: Jeff Hicks)

I’ll keep that in mind. In the meantime, I can try using the returned information to analyze some IP addresses that I have pulled from my log file.

Errors were still written to the console, but I was able to successfully resolve a number of addresses. I only tested with a subset of addresses to prove this would work.

IP addresses that we've tested in GridView. (Image Credit: Jeff Hicks)

IP addresses that we’ve tested in GridView. (Image Credit: Jeff Hicks)

That is very useful. I could combine this with other PowerShell commands.

The other piece to the puzzle was that I wanted to know what company or organization owned particular IP address. In other words, I needed some way to do a WhoIs type lookup but from PowerShell.

Sponsored

It turns out this can also be done fromthe web. Instead of a web service, I need to invoke a Rest method using the services described here. This will require using another newer cmdlet called Invoke-RestMethod.

I will need to construct a URI using my test IP address.

Next, I can run it.

Most of the time, you’ll end up with an XML document that’s easy to traverse in PowerShell.

I probably need to drill down a bit further.

It looks like that address is part of a block that belongs to Amazon. Excellent. How about putting all of this together?

My Get-GeoIP function by default gets geographic information only.

Sponsored

But I added an optional WhoIs parameter that will include the associated organizational name. Instead of ignoring errors, I included error handling via Try/Catch so I don’t miss any IP addresses. Now I can process a log file like this, assuming the heading is IP or IPAddress.

I can now analyze and filter all I want.

Analyzing and filtering our data. (Image Credit: Jeff Hicks)

Analyzing and filtering our data. (Image Credit: Jeff Hicks)



84 unresolved IP addresses. (Image Credit: Jeff Hicks)

84 unresolved IP addresses. (Image Credit: Jeff Hicks)

Looks like there were 84 addresses that I couldn’t resolve. But that’s my problem. The point is that PowerShell and a few web cmdlets made it easy to analyze raw data and put some meaning to it.

Sponsored

Tagged with , , , , , , ,