gtrace-ip-enrichment
IP Address Enrichment with gtrace
How to Call the gtrace MCP Tools
python3 $MCP_CALL "gtrace mcp" TOOL_NAME '{"param":"value"}'
When to Use
- Identify who owns an IP address (ASN, organization name, network range)
- Determine the geographic location of an IP (city, region, country, coordinates)
- Resolve an IP address to its PTR/reverse DNS hostname
- Enrich traceroute hop data with ASN and geo context
- Investigate unknown IPs appearing in logs, flow data, or routing tables
- Map network paths to physical geography for latency analysis
Available Tools
| Tool | Purpose |
|---|---|
asn_lookup |
Look up ASN, organization, and network range for an IP |
geo_lookup |
Get geographic location (city, region, country, lat/lon) for an IP |
reverse_dns |
Resolve an IP to its PTR record (reverse DNS hostname) |
Workflow: IP Investigation
When asked "who owns this IP?" or "where is this IP?":
Step 1: ASN Lookup
Identify the Autonomous System and organization that owns the IP.
python3 $MCP_CALL "gtrace mcp" asn_lookup '{"ip":"8.8.8.8"}'
Returns: ASN number, organization name, network CIDR, registry (ARIN, RIPE, APNIC, etc.)
Step 2: Geolocation
Determine the physical location of the IP.
python3 $MCP_CALL "gtrace mcp" geo_lookup '{"ip":"8.8.8.8"}'
Returns: City, region/state, country, latitude/longitude, timezone
Step 3: Reverse DNS
Resolve the IP to its PTR record for hostname identification.
python3 $MCP_CALL "gtrace mcp" reverse_dns '{"ip":"8.8.8.8"}'
Returns: PTR hostname (e.g., dns.google)
Workflow: Traceroute Hop Enrichment
After running a traceroute (via gtrace-path-analysis skill), enrich each hop with ASN and geo data:
- Run
tracerouteto get the path with hop IPs - For each hop IP, run
asn_lookupto identify the network owner - For key hops (transit boundaries, high-latency hops), run
geo_lookupto map physical location - Use
reverse_dnson hops to identify router naming conventions (often reveals ISP, POP location, interface type)
# Example: enrich a traceroute hop
python3 $MCP_CALL "gtrace mcp" asn_lookup '{"ip":"72.14.215.85"}'
python3 $MCP_CALL "gtrace mcp" geo_lookup '{"ip":"72.14.215.85"}'
python3 $MCP_CALL "gtrace mcp" reverse_dns '{"ip":"72.14.215.85"}'
Workflow: BGP Peer Identification
When investigating BGP peers or routes:
- Get the peer IP from
bgp_get_peers(protocol-participation skill) - Run
asn_lookupto verify the peer's ASN matches what BGP reports - Run
geo_lookupto confirm the peer's physical location - Run
reverse_dnsto identify the peer's hostname and operator
Tool Parameters
asn_lookup
ip(required): IPv4 or IPv6 address to look up
geo_lookup
ip(required): IPv4 or IPv6 address to geolocate
reverse_dns
ip(required): IPv4 or IPv6 address to resolve
Output Format
- asn_lookup — ASN number, organization name, network CIDR prefix, RIR (ARIN/RIPE/APNIC/LACNIC/AFRINIC)
- geo_lookup — city, region/state, country, country code, latitude, longitude, timezone
- reverse_dns — PTR hostname, or indication that no PTR record exists
Important Rules
- These tools require internet access for IP intelligence lookups
- Geolocation accuracy varies — typically city-level for broadband, region-level for mobile/cloud
- ASN lookup is the most reliable enrichment — it uses RIR delegation data
- Reverse DNS depends on the IP owner having configured PTR records
- Use all three tools together for comprehensive IP enrichment
- Cross-reference ASN data with BGP RIB entries for routing consistency verification
- Record all IP enrichment in GAIT
More from automateyournetwork/netclaw
pyats-topology
Network topology discovery via CDP/LLDP neighbors, ARP tables, routing peers, and interface mapping to build complete network maps. Use when mapping the network, building a diagram, discovering what is connected to what, or documenting device neighbors and links.
20drawio-diagram
Generate draw.io network diagrams — native .drawio files with CLI export (PNG/SVG/PDF), plus browser-based Mermaid/XML/CSV via MCP server. Use when creating network topology diagrams, generating architecture visuals, exporting diagrams to PNG or PDF, or building draw.io files from discovery data.
19aws-architecture-diagram
AWS architecture diagrams — generate visual network topology diagrams from live AWS infrastructure. Use when drawing AWS network diagrams, visualizing VPCs, mapping Transit Gateway topology, or generating architecture documentation.
19grafana-observability
Grafana observability platform — dashboards, Prometheus PromQL, Loki LogQL, alerting, incidents, OnCall schedules, annotations, datasource queries, panel rendering (75+ tools). Use when querying Grafana dashboards, running PromQL for interface metrics, searching Loki logs for syslog events, investigating firing alerts, or checking who is on call.
18pyats-health-check
Comprehensive network device health monitoring - CPU, memory, interfaces, hardware, NTP, logging, environment, and uptime analysis. Use when running a device health check, monitoring CPU or memory usage, checking interface errors, or validating NTP sync.
17aws-security-audit
AWS security auditing — IAM users/roles/policies, CloudTrail API events, security posture analysis. Use when auditing IAM permissions, investigating security incidents, checking MFA compliance, or tracing API activity in CloudTrail.
16