Php script to fetch whois information of ip address

Whois information of ip addresses

IP addresses are in the form of a.a.a.a where each letter is a number from 0-255. You would be happy to know that every ip address has some information associated to it. For example which isp or organisation has been allotted that ip address and where is that organisation located. This in turn tells the location of the ip address.

The information about an ip address is found through its whois data. The whois data is available at the regional internet registry of the IP address. The inventors of internet divided the world into 5 regions, each having its own set of ip addresses to use. These are called regional internet registries. They are

APNIC
AFRINIC
ARIN
LACNIC
RIPE NCC

Check out the wikipedia article to find out, which RIR do you fall in. Coming back to whois, the fact is that the whois information of an ip address is available at the whois server of its RIR. The inventors of internet allotted entire sets of ip addresses to each of these regions. The allottment details can be seen at the iana website. By looking at the allotment list we can find out the whois server of an ip address, and then query the corresponding ip address for the whois data. IPs which have not been allotted to any RIR, will have their whois information at whois.iana.org

To fetch the whois data of an IP address , the steps are as follows

1. Contact whois.iana.org and ask for the RIR whois server of the ip address.
2. Contact the whois server of the RIR and get the whois details of the ip address.

Code

/**
	Program to perform ip whois
	Silver Moon
	[email protected]
*/

$ip = "74.65.112.23";

$whois = get_whois($ip);

echo "<pre>$whois</pre>";

/**
	Get the whois content of an ip by selecting the correct server
*/
function get_whois($ip) 
{
	$w = get_whois_from_server('whois.iana.org' , $ip);
	
	preg_match([email protected][w.][email protected]' , $w , $data);

	$whois_server = $data[0];
	
	//echo $whois_server;

	//now get actual whois data
	$whois_data = get_whois_from_server($whois_server , $ip);
	
	return $whois_data;
}

/**
	Get the whois result from a whois server
	return text
*/
function get_whois_from_server($server , $ip) 
{
	$data = '';
	
	#Before connecting lets check whether server alive or not
	
	#Create the socket and connect
	$f = fsockopen($server, 43, $errno, $errstr, 3);	//Open a new connection
	if(!$f)
	{
		return '';
	}
	
	#Set the timeout limit for read
	if(!stream_set_timeout($f , 3))
	{
		die('Unable to set set_timeout');	#Did this solve the problem ?
	}
	
	#Send the IP to the whois server	
	if($f)
	{
		fputs($f, "$iprn");
	}
	
	/*
		Theory : stream_set_timeout must be set after a write and before a read for it to take effect on the read operation
		If it is set before the write then it will have no effect : http://in.php.net/stream_set_timeout
	*/
	
	//Set the timeout limit for read
	if(!stream_set_timeout($f , 3))
	{
		die('Unable to stream_set_timeout');	#Did this solve the problem ?
	}
	
	//Set socket in non-blocking mode
	stream_set_blocking ($f, 0 );
	
	//If connection still valid
	if($f) 
	{
		while (!feof($f)) 
		{
			$data .= fread($f , 128);
		}
	}
	
	//Now return the data
	return $data;
} 






The function get_whois_from_server is a generic function that can contact any whois server and make a request based on the ip address provided. It then collects the results and returns it back.

Output

#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 74.65.112.23"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=74.65.112.23?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       74.64.0.0 - 74.79.255.255
CIDR:           74.64.0.0/12
OriginAS:       
NetName:        RRNY
NetHandle:      NET-74-64-0-0-1
Parent:         NET-74-0-0-0-0
NetType:        Direct Allocation
RegDate:        2006-03-27
Updated:        2007-01-29
Ref:            http://whois.arin.net/rest/net/NET-74-64-0-0-1


OrgName:        Road Runner HoldCo LLC
OrgId:          RRNY
Address:        13820 Sunrise Valley Drive
City:           Herndon
StateProv:      VA
PostalCode:     20171
Country:        US
RegDate:        2000-09-28
Updated:        2011-07-06
Comment:        Allocations for this OrgID serve Road Runner residential customers out of the New York City, NY and Syracuse, NY RDCs.
Ref:            http://whois.arin.net/rest/org/RRNY

ReferralServer: rwhois://ipmt.rr.com:4321

OrgTechHandle: IPTEC-ARIN
OrgTechName:   IP Tech
OrgTechPhone:  +1-703-345-3416 
OrgTechEmail:  [email protected]
OrgTechRef:    http://whois.arin.net/rest/poc/IPTEC-ARIN

OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-703-345-3416 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE10-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Last Updated On : 7th August 2013

Subscribe to get updates delivered to your inbox

4 Comments + Add Comment

  • gethostbyname(‘www.google.com’);

  • The script has to be written to use a different IP, since outgoing traffic will utilize the server’s main IP unless the script has been written to use another IP

  • ouwehaaa

  • Hey mate i have made a powerful whois script which show whois and website information http://mkj.co.in/?p=52

Leave a comment