determining if IP is from intranet or internet

[Jim Reid]

>>>>> "Rob" == Rob Willis <robw at caciasl.com> writes:

    Rob> I am capturing packets on the segment where a web server is
    Rob> located.  Requests can come from any of several internal
    Rob> subnets or from external internet sites.  I need to determine
    Rob> if the IP originated from the local domain or from an
    Rob> external domain.  I do not know ahead of time all of the
    Rob> network addresses for the internal subnets.  The internal
    Rob> subnet is made up of several class C networks.  Is there a
    Rob> way to request a list of valid subnets for the local domain
    Rob> from the DNS server. 

No! Please think about this for a moment. If *you* "don't know which
IP addresses are external or internal" on your network what makes you
think your DNS would know which subnets are "valid for the local
domain"? The only way that information could be in the DNS would be if
someone put it there, so why not ask your local DNS administrator? And
even if an address *is* local, there's no guarantee that a reverse
lookup of that address will return a name in the local domain, or even
that it returns any name at all.

    Rob> Or is there a better way to do this check?

Get the web server to log all the IP addresses that connect to
it. Most do this by default. Then figure out which of those addresses
are internal to your network and what ones are external. Presumbaly
there will be someobody in your organisation who handles address
allocation and router configuration. He or she should be able to tell
you which addresses are internal or not. They might be able to tell
you if they have somehow encoded this information into the local DNS
servers and, if so, how you can retrieve it.