IP Analyzer

IP Analyzer analyzes lists of IPv4 addresses, providing a extended set of data for each address in the list. Only unique IP addresses are included in the analysis. Checks:

  • IP addresses presence in reputation lists;
  • compliance with GeoIP databases.

If the list contains a prefix from /16 to /32, then it is decomposed into separate IP addresses.

You can analyze:

  • A text file with a list of entries separated by comma, space, semicolon, line break. The entry can be an IP address, an IP address with a mask, an IP address with a colon separated by a port (the port is ignored).
  • .pcap or .pcapng file. Source IPs are analyzed.

Lines commented with a # are not taken into account.

The following checkboxes can be activated for this mechanism:

  • Interactive — an interactive html report is formed instead of a text one;
  • Geo for each IP — add information from GEO databases for each IP address;
  • Countries by IP count — add information about the distribution of IP addresses by countries;
  • AS by IP count — add information about the distribution of IP addresses by AS;
  • External IP lists — add information about IPs matched external reputation lists;
  • Custom IP lists — add information about IPs matched additional reputation lists;
  • SS IP lists — add information about IPs matched reputation lists from the analytics server;
  • Reduced IP lists — check against a shortened list of the most useful lists from every category;
  • Matched IPs — add a list of IP addresses matched with selected reputation lists;
  • Source IPs — add to the report a list of unique source IP addresses from PCAP;
  • Geo for each matched IP — add information from GEO databases for IP addresses matched with selected reputation lists;
  • Countries by matched IP count — add information about the distribution by countries for IP addresses matched with selected reputation lists;
  • AS by matched IP count — add information about the distribution by AS for IP addresses matched with selected reputation lists.

Some functionality related to MITIGATOR Feeds checks may not be available unless a license to use feeds has been purchased.

The report is generated as an interactive HTML page. Each section can be collapsed. Inside the sections responsible for checking against reputation lists, a list of all sources that included the analyzed IPs is provided. Double-clicking on an IP address brings up a tooltip that displays a list of all feeds that contain that IP address. If the Geo for each IP checkbox has been set, that IP address will also display country, city, and autonomous system matching information. Some sections have filtration, table export to CSV file or top.

The interactive report can be exported to an HTML page or JSON for later use outside of the PSG.