Php – How to get Whois Information of IP address with Sockets

By | August 7, 2020

Whois information of ip address

IP addresses are in the form of a.a.a.a where each letter is a number from 0-255. And every ip address has some information associated to it.

For example which isp or organisation has been allotted that ip address and where is that organisation located. This in turn tells the location of the ip address.

The information about an ip address is found through its whois data. The whois data is available at the regional internet registry of the IP address.

The inventors of internet divided the world into 5 regions, each having its own set of ip addresses to use.

These are called regional internet registries. They are

APNIC
AFRINIC
ARIN
LACNIC
RIPE NCC

Check out the wikipedia article to find out, which RIR do you fall in. Coming back to whois, the fact is that the whois information of an ip address is available at the whois server of its RIR.

The inventors of internet allotted entire sets of ip addresses to each of these regions. The allottment details can be seen at the iana website.

By looking at the allotment list we can find out the whois server of an ip address, and then query the corresponding ip address for the whois data.

IPs which have not been allotted to any RIR, will have their whois information at whois.iana.org

To fetch the whois data of an IP address , the steps are as follows

1. Contact whois.iana.org and ask for the RIR whois server of the ip address.
2. Contact the whois server of the RIR and get the whois details of the ip address.

Code

<?php

/*
	Program to get IP whois data
*/

$ip = "74.65.112.23";
$whois = get_whois($ip);
print $whois;

/**
	Get the whois content of an ip by selecting the correct server
*/
function get_whois($ip) 
{
	$w = get_whois_from_server('whois.iana.org' , $ip);
	
	print "Response: " . PHP_EOL;
	print $w;
	print PHP_EOL;
	
	preg_match("#whois:\s*([\w.]*)#si" , $w , $data);

	$whois_server = $data[1];
	
	print "Whois Server: $whois_server " . PHP_EOL;

	// now get actual whois data
	$whois_data = get_whois_from_server($whois_server , $ip);
	
	return $whois_data;
}

/**
	Get the whois result from a whois server
	return text
*/
function get_whois_from_server($server , $ip) 
{
	$data = '';
	
	// Before connecting lets check whether server alive or not
	
	$server = trim($server);
	
	if(!strlen($server))
	{
        print "Blank string provided for server" . PHP_EOL;
        die();
	}
	
	// Create the socket and connect
	print "Connecting to server $server ...";
	$f = fsockopen($server, 43, $errno, $errstr, 3);	//Open a new connection
	
	if(!$f)
	{
		print "Failed";
		return false;
	}
	print "Done" . PHP_EOL;
	
	// Set the timeout limit for read
	if(!stream_set_timeout($f , 3))
	{
		die('Unable to set set_timeout');	#Did this solve the problem ?
	}
	
	// Send the IP to the whois server	
	if($f)
	{
		print "Sending request for ip: $ip" . PHP_EOL;
		$message = $ip . "\r\n";
		fputs($f, $message);
	}
	
	/*
		Theory : stream_set_timeout must be set after a write and before a read for it to take effect on the read operation
		If it is set before the write then it will have no effect : http://in.php.net/stream_set_timeout
	*/
	
	// Set the timeout limit for read
	if( !stream_set_timeout($f , 3) )
	{
		die('Unable to stream_set_timeout');	#Did this solve the problem ?
	}
	
	// Set socket in non-blocking mode
	stream_set_blocking ($f, 0 );
	
	// If connection still valid
	if($f) 
	{
		print "Starting to read socket".PHP_EOL;
		while (!feof($f)) 
		{
			//print "Read attempt...".PHP_EOL;
			$data .= fread($f , 128);
		}
	}
	
	// Now return the data
	return $data;
}

The function get_whois_from_server is a generic function that can contact any whois server and make a request based on the ip address provided. It then collects the results and returns it back.

Output

To run the program simply use the php command from the command line.

$ php whois.php
$ php whois.php 
Connecting to server whois.iana.org ...Done
Sending request for ip: 74.65.112.23
Starting to read socket
Response: 
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.arin.net

inetnum:      74.0.0.0 - 74.255.255.255
organisation: ARIN
status:       ALLOCATED

whois:        whois.arin.net

changed:      2005-06
source:       IANA


Whois Server: whois.arin.net 
Connecting to server whois.arin.net ...Done
Sending request for ip: 74.65.112.23
Starting to read socket

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 74.65.112.23"
#
# Use "?" to get help.
#

NetRange:       74.64.0.0 - 74.79.255.255
CIDR:           74.64.0.0/12
NetName:        RRNY
NetHandle:      NET-74-64-0-0-1
Parent:         NET74 (NET-74-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Charter Communications Inc (CC-3517)
RegDate:        2006-03-27
Updated:        2007-01-29
Ref:            https://rdap.arin.net/registry/ip/74.64.0.0



OrgName:        Charter Communications Inc
OrgId:          CC-3517
Address:        6399 S. Fiddler's Green Circle
City:           Greenwood Village
StateProv:      CO
PostalCode:     80111
Country:        US
RegDate:        2018-10-10
Updated:        2018-11-27
Comment:        Legacy Time Warner Cable IP Assets
Ref:            https://rdap.arin.net/registry/entity/CC-3517


OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-855-222-7342 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE10-ARIN

OrgTechHandle: IPADD1-ARIN
OrgTechName:   IPAddressing
OrgTechPhone:  +1-314-288-3111 
OrgTechEmail:  [email protected]
OrgTechRef:    https://rdap.arin.net/registry/entity/IPADD1-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#
About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

6 Comments

Php – How to get Whois Information of IP address with Sockets
  1. Owen Lowe

    The script has to be written to use a different IP, since outgoing traffic will utilize the server’s main IP unless the script has been written to use another IP

Leave a Reply

Your email address will not be published. Required fields are marked *