Oct
23
2011

How to perform IP whois from terminal

An article by Silver Moon

In a previous article http://www.binarytides.com/blog/how-to-perform-domain-whois-from-terminal/ we saw how we can perform a whois for a domain name from the terminal/console.

Now here we shall see how to perform a whois for an ip address from the terminal. Get your ip address from http://www.ipmango.com/. I got this IP : 59.93.210.154

Little Theory

The information about any ip or ip range is stored in the Regional Internet Registry. The 5 main registries are :

1. APNIC – India , China , Australia

Whois server : whois.apnic.net

2. AFRINIC – All of Africa continent

Whois server : whois.afrinic.net

3. ARIN – Usa and Canada

Whois server : whois.arin.net

4. RIPE NCC – Greenland , Russia , Europe and middle east

Whois server : whois.ripe.net

5. LACNIC – Mexico and South America continent

Whois server : whois.lacnic.net

That basically covers the whole world. For a visual representation check :

Perform the Whois query

Open your terminal and type :

desktop:~$ telnet whois.apnic.net 43
Trying 202.12.29.220...
Connected to whois.apnic.net.
Escape character is '^]'.
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

Now we are connected to the whois server. Now enter the IP address and hit enter

59.93.210.154
inetnum:        59.92.0.0 - 59.95.255.255
netname:        BB-2-2
descr:          Broadband Project2.2, O/o DGM BB, NOC BSNL Bangalore
country:        IN
admin-c:        BH155-AP
tech-c:         DB374-AP
status:         ASSIGNED NON-PORTABLE
mnt-by:         MAINT-IN-DOT
mnt-irt:        IRT-BSNL-IN
changed:        hostmaster@bsnl.in 20110218
source:         APNIC

route:        59.93.208.0/20
descr:        BSNL Internet
country:      IN
origin:       AS9829
mnt-lower:    MAINT-IN-DOT
mnt-routes:   MAINT-IN-DOT
mnt-by:       MAINT-IN-AS9829
changed:      routemaster@sancharnet.in 20060404
changed:      hm-changed@apnic.net 20060404
source:       APNIC

person:         BSNL Hostmaster
nic-hdl:        BH155-AP
e-mail:         hostmaster@sancharnet.in
address:        Broadband Networks
address:        Bharat Sanchar Nigam Limited
address:        2nd Floor, Telephone Exchange, Sector 62
address:        Noida
phone:          +91-120-2404243
fax-no:         +91-120-2404241
country:        IN
changed:        dnwplg@sancharnet.in 20021108
mnt-by:         MAINT-IN-PER-DOT
source:         APNIC

person:         DGM Broadband
address:        BSNL NOC Bangalore
country:        IN
phone:          +91-080-25805800
fax-no:         +91-080-25800022
e-mail:         dnwplg@bsnl.in
nic-hdl:        DB374-AP
mnt-by:         MAINT-IN-PER-DOT
changed:        hostmaster@bsnl.in 20110218
source:         APNIC

Connection closed by foreign host.

Now we get plenty of information about the IP address , like its ISP , IP Range , Country and so on.

Now lets try a different IP say : 65.55.12.249

desktop:~$ telnet whois.apnic.net 43
Trying 202.12.29.220...
Connected to whois.apnic.net.
Escape character is '^]'.
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

65.55.12.249
inetnum:      65.0.0.0 - 65.255.255.255
netname:      ARIN-CIDR-BLOCK
descr:        Not allocated by APNIC
remarks:      ------------------------------------------------------
remarks:
remarks:      Important:
remarks:
remarks:      Details of networks in this range are not registered
remarks:      in the APNIC Whois Database.
remarks:
remarks:      Please search the ARIN Whois, which contains
remarks:      details of IP addresses allocated in North America,
remarks:      parts of the Caribbean, and sub-equatorial Africa:
remarks:
remarks:      website:  https://ws.arin.net/whois
remarks:      command line: whois.arin.net
remarks:
remarks:      ------------------------------------------------------
country:      AU
admin-c:      IANA1-AP
tech-c:       IANA1-AP
mnt-by:       MAINT-APNIC-AP
mnt-lower:    MAINT-APNIC-AP
status:       ALLOCATED PORTABLE
changed:      hm-changed@apnic.net 20030403
changed:      hm-changed@apnic.net 20040926
changed:      hm-changed@apnic.net 20090501
source:       APNIC

role:           Internet Assigned Numbers Authority
address:        see http://www.iana.org.
country:
phone:
e-mail:         nobody@apnic.net
admin-c:        IANA1-AP
tech-c:         IANA1-AP
nic-hdl:        IANA1-AP
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org.
mnt-by:         MAINT-APNIC-AP
changed:        helpdesk@apnic.net 20110811
source:         APNIC

Connection closed by foreign host.

We see that APNIC did not provide any information about this IP, but says that this IP is allocated to ARIN registry.

So we perform whois query on the arin whois server that is whois.arin.net

desktop:~$ telnet whois.arin.net 43
Trying 199.212.0.46...
Connected to whois.arin.net.
Escape character is '^]'.
65.55.12.249
#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 65.55.12.249"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=65.55.12.249?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       65.52.0.0 - 65.55.255.255
CIDR:           65.52.0.0/14
OriginAS:
NetName:        MICROSOFT-1BLK
NetHandle:      NET-65-52-0-0-1
Parent:         NET-65-0-0-0-0
NetType:        Direct Assignment
RegDate:        2001-02-14
Updated:        2004-12-09
Ref:            http://whois.arin.net/rest/net/NET-65-52-0-0-1

OrgName:        Microsoft Corp
OrgId:          MSFT
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        1998-07-10
Updated:        2011-04-26
Ref:            http://whois.arin.net/rest/org/MSFT

OrgNOCHandle: ZM23-ARIN
OrgNOCName:   Microsoft Corporation
OrgNOCPhone:  +1-425-882-8080
OrgNOCEmail:  noc@microsoft.com
OrgNOCRef:    http://whois.arin.net/rest/poc/ZM23-ARIN

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  iprrms@microsoft.com
OrgTechRef:    http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName:   Hotmail Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@hotmail.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/HOTMA-ARIN

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@msn.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE231-ARIN

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName:   MSN ABUSE
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@msn.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/MSNAB-ARIN

RTechHandle: ZM23-ARIN
RTechName:   Microsoft Corporation
RTechPhone:  +1-425-882-8080
RTechEmail:  noc@microsoft.com
RTechRef:    http://whois.arin.net/rest/poc/ZM23-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Connection closed by foreign host.

So now the ARIN whois server gives the required information. Similary the whois details of IPs of RIPE , AFRINIC and LACNIC regions can be found.

Popularity: 1% [?]

Tags: linux, networking

How to perform IP whois from terminal

Related Posts

About the Author: Silver Moon

Leave a comment

Subscribe

Recent Posts

Binarytides

Facebook

Tags

Network

Popular Posts

Recent Comments

Give us your feedback