3

I have never attempted to create a script in my entire life but I've come across an issue where I would require a script (preferably Python) to perform lookups. I have a system that actively monitors web and ftp traffic and I'm able to get the sender IP address (typically the web proxy) but the proxies are not passing credentials at this time.

I'd like to create a script that takes the sender-ip address, queries our internal DNS server, and provides me with the hostname of the machine real time. At that point, I would be able to take the response from DNS and perform a secondary LDAP query to return additional attributes but I'm stuck on step one.

I apologize if this is a very simple script but I've been looking and unfortunately my background is not in scripting, so this is all very new to me. Please let me know if you require any additional info.

Thanks!

user2525686
  • 31
  • 2
  • You may want to have a look at this SO post : http://stackoverflow.com/questions/2575760/python-lookup-hostname-from-ip-with-1-second-timeout – woodleg.as Jun 26 '13 at 20:17
  • So when it says >>> import socket >>> socket.gethostbyaddr("69.59.196.211") ('stackoverflow.com', ['211.196.59.69.in-addr.arpa'], ['69.59.196.211']) socket.gethostbyaddr("IP") # => (hostname, alias-list, IP) I won't know the address as this will be provided automatically by our system. Can I just leave it as socket.gethostbyaddr("IP") – user2525686 Jun 26 '13 at 21:58

1 Answers1

0
Python 3.3.1 (default, Apr 17 2013, 22:30:32) 
[GCC 4.7.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> socket.gethostbyaddr('74.125.225.35')
('ord08s06-in-f3.1e100.net', [], ['74.125.225.35'])
>>> socket.gethostbyaddr('74.125.225.35')[0]
'ord08s06-in-f3.1e100.net'

Call the python script from whatever app you have that acquires the connecting IP address and pass the IP as a command line parameter.

forkchop
  • 191
  • 1
  • 2