In a previous article we saw how to fetch the whois data of a domain from the terminal. Now here we shall see how to perform a whois for an ip address from the terminal.
Get your ip address from ipmango.com.
I got this IP : 59.93.210.154
Little Theory
The information about any ip or ip range is stored in the Regional Internet Registry.
The 5 internet registries in the world are
1. APNIC - India , China , Australia Whois server : whois.apnic.net 2. AFRINIC - All of Africa continent Whois server : whois.afrinic.net 3. ARIN - Usa and Canada Whois server : whois.arin.net 4. RIPE NCC - Greenland , Russia , Europe and middle east Whois server : whois.ripe.net 5. LACNIC - Mexico and South America continent Whois server : whois.lacnic.net
Perform the Whois query
Open your terminal and type :
desktop:~$ telnet whois.apnic.net 43 Trying 202.12.29.220... Connected to whois.apnic.net. Escape character is '^]'. % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
Now we are connected to the whois server. Now enter the IP address and hit enter
59.93.210.154 inetnum: 59.92.0.0 - 59.95.255.255 netname: BB-2-2 descr: Broadband Project2.2, O/o DGM BB, NOC BSNL Bangalore country: IN admin-c: BH155-AP tech-c: DB374-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-IN-DOT mnt-irt: IRT-BSNL-IN changed: [email protected] 20110218 source: APNIC route: 59.93.208.0/20 descr: BSNL Internet country: IN origin: AS9829 mnt-lower: MAINT-IN-DOT mnt-routes: MAINT-IN-DOT mnt-by: MAINT-IN-AS9829 changed: [email protected] 20060404 changed: [email protected] 20060404 source: APNIC person: BSNL Hostmaster nic-hdl: BH155-AP e-mail: [email protected] address: Broadband Networks address: Bharat Sanchar Nigam Limited address: 2nd Floor, Telephone Exchange, Sector 62 address: Noida phone: +91-120-2404243 fax-no: +91-120-2404241 country: IN changed: [email protected] 20021108 mnt-by: MAINT-IN-PER-DOT source: APNIC person: DGM Broadband address: BSNL NOC Bangalore country: IN phone: +91-080-25805800 fax-no: +91-080-25800022 e-mail: [email protected] nic-hdl: DB374-AP mnt-by: MAINT-IN-PER-DOT changed: [email protected] 20110218 source: APNIC Connection closed by foreign host.
Now we get plenty of information about the IP address , like its ISP , IP Range , Country and so on.
Now lets try a different IP say : 65.55.12.249
desktop:~$ telnet whois.apnic.net 43 Trying 202.12.29.220... Connected to whois.apnic.net. Escape character is '^]'. % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html 65.55.12.249 inetnum: 65.0.0.0 - 65.255.255.255 netname: ARIN-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the ARIN Whois, which contains remarks: details of IP addresses allocated in North America, remarks: parts of the Caribbean, and sub-equatorial Africa: remarks: remarks: website: https://ws.arin.net/whois remarks: command line: whois.arin.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE changed: [email protected] 20030403 changed: [email protected] 20040926 changed: [email protected] 20090501 source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. country: phone: e-mail: [email protected] admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP changed: [email protected] 20110811 source: APNIC Connection closed by foreign host.
We see that APNIC did not provide any information about this IP, but says that this IP is allocated to ARIN registry.
So we perform whois query on the arin whois server that is whois.arin.net
desktop:~$ telnet whois.arin.net 43 Trying 199.212.0.46... Connected to whois.arin.net. Escape character is '^]'. 65.55.12.249 # # Query terms are ambiguous. The query is assumed to be: # "n 65.55.12.249" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=65.55.12.249?showDetails=true&showARIN=false&ext=netref2 # NetRange: 65.52.0.0 - 65.55.255.255 CIDR: 65.52.0.0/14 OriginAS: NetName: MICROSOFT-1BLK NetHandle: NET-65-52-0-0-1 Parent: NET-65-0-0-0-0 NetType: Direct Assignment RegDate: 2001-02-14 Updated: 2004-12-09 Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1 OrgName: Microsoft Corp OrgId: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 1998-07-10 Updated: 2011-04-26 Ref: http://whois.arin.net/rest/org/MSFT OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: [email protected] OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: [email protected] OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: [email protected] OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: [email protected] OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: [email protected] OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN RTechHandle: ZM23-ARIN RTechName: Microsoft Corporation RTechPhone: +1-425-882-8080 RTechEmail: [email protected] RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # Connection closed by foreign host.
So now the ARIN whois server gives the required information. Similary the whois details of IPs of RIPE , AFRINIC and LACNIC regions can be found.
:-))
pls keep notified on updates & changes … thanks :))