This works for me on Centos 5.6. It may assist newcomers to the Linux world of Centos.
whois 51.51.51.51
produces a normal and conventional display of data.
However since ARIN, the North American registrar of IP addresses, "modernised" its WHOIS processing, a query to
whois 64.64.64.64
will produce a one line summary of possible matches, which always includes ARIN, but omits the details we used to receive before ARIN implemented its much criticised "improved" service.
A one line script solves it for me (but only for ARIN network entries).
#!/bin/bash whois -h whois.arin.net n + $1
I call my script .arin
.arin 64.64.64.64
produces a normal output.
Paul.
On Sat, 10 Sep 2011, Always Learning wrote:
This works for me on Centos 5.6. It may assist newcomers to the Linux world of Centos.
whois 51.51.51.51
produces a normal and conventional display of data.
However since ARIN, the North American registrar of IP addresses, "modernised" its WHOIS processing, a query to
whois 64.64.64.64
will produce a one line summary of possible matches, which always includes ARIN, but omits the details we used to receive before ARIN implemented its much criticized "improved" service.
A one line script solves it for me (but only for ARIN network entries).
#!/bin/bash whois -h whois.arin.net n + $1
Where is this syntax documented? I see the -h option in the man page but the n + part is not there and I would like to understand where that comes from.
Regards,
On Sat, 2011-09-10 at 11:23 -0400, me@tdiehl.org wrote:
Where is this syntax documented? I see the -h option in the man page but the n + part is not there and I would like to understand where that comes from.
whois -h whois.arin.net ?
The ' n + ' are parameters (arguments) introduced by ARIN. They are not part of the standard WHOIS.
To reduce typing I now use for WHOIS:-
.w 65.65.65.65
.w being a one line script containing (whois $1).
When that encounters the ARIN deficiency, I simply up-arrow to get the previous line and add 'a'
.wa 65.65.65.65
.wa is my ARIN whois command (whois -h whois.arin.net n + $1)
However, when ARIN redirects the original enquiry to a RWHOIS, the query is broken and unrecognised by the RWHOIS
whois -h whois.arin.net n + 66.66.66.66
It is a bit of a North American mess. I hope Europe's RIPE retains its fully functioning WHOIS.
Paul.
On Sat, 10 Sep 2011, Always Learning wrote:
On Sat, 2011-09-10 at 11:23 -0400, me@tdiehl.org wrote:
Where is this syntax documented? I see the -h option in the man page but the n + part is not there and I would like to understand where that comes from.
whois -h whois.arin.net ?
The ' n + ' are parameters (arguments) introduced by ARIN. They are not part of the standard WHOIS.
Thanks. That is what I was looking for.
Regards,
On 09/11/2011 12:26 AM, Always Learning wrote:
This works for me on Centos 5.6. It may assist newcomers to the Linux world of Centos.
whois 51.51.51.51
produces a normal and conventional display of data.
However since ARIN, the North American registrar of IP addresses, "modernised" its WHOIS processing, a query to
whois 64.64.64.64
will produce a one line summary of possible matches, which always includes ARIN, but omits the details we used to receive before ARIN implemented its much criticised "improved" service.
A one line script solves it for me (but only for ARIN network entries).
#!/bin/bash whois -h whois.arin.net n + $1
Any particular reason you used a bash script as opposed to an alias in your bash config?
I call my script .arin
.arin 64.64.64.64
produces a normal output.
Out of interest, have you thought about sending this through to the NANOG (http://www.nanog.org/mailinglist/) list?
On Mon, 2011-09-12 at 10:55 +1000, Steve Walsh wrote:
I wrote:-
A one line script solves it for me (but only for ARIN network entries).
#!/bin/bash whois -h whois.arin.net n + $1
Any particular reason you used a bash script as opposed to an alias in your bash config?
My understanding of aliases is I can not include additional parameters although I know virtually little about them. I do use links like these
sv = service ipt = iptables
etc. but have never knowingly used an alias. Don't forget I am a Linux novice. Everything I currently know I have taught myself either from books, experimentation or examples on this list or adapted from similar things from pre-Linux days.
I call my script .arin
.arin 64.64.64.64
produces a normal output.
Out of interest, have you thought about sending this through to the NANOG (http://www.nanog.org/mailinglist/) list?
Never heard of them. It see it is the North American Network Operators' Group. Following your suggestion I will repost the item there.
Regards,
Paul.
On Sun, Sep 11, 2011 at 7:31 PM, Always Learning centos@u61.u22.net wrote:
#!/bin/bash whois -h whois.arin.net n + $1
Any particular reason you used a bash script as opposed to an alias in your bash config?
My understanding of aliases is I can not include additional parameters
With bash / ksh / zsh aliases you can't rearrange the parameters, but you can always add them to the end. E.g. this:
alias .arin='whois -h whois.arin.net n +'
can be called as
.arin 64.64.64.64
and will expand the way you want. However, if you needed to have something come after 64.64.64.64, or to be mixed in with the whois options, you'd have to use a script or a shell function. I.e., if you wanted to pass the name of the whois server rather than hardcode it:
.arin() { whois -h $1 n + $2; }
That can't be done with an alias (except in csh).
Just a point on the curve but...
ARIN has made a deliberate decision to move emphasis over to their RESTful Web Interface, Whois-RWS. Part of the reason is performance and part of the reason is for granularity of the data available. They really REALLY want people to make that move although they will continue to support the old whois for a lot of the basic stuff.
https://www.arin.net/resources/whoisrws/index.html
I believe one of the things I heard at last years NANOG / ARIN conference here in Atlanta was that they would no longer be providing certain information such as reverse DNS servers in the old whois because that's now in a different database or some such. On another closed security forum on which I participate someone was having problems getting at Abuse POC information. There a parameter for that as well but they prefer using the Whois-RWS interface and API instead. I think we'll be hearing more of that as time goes on.
Regards, Mike
On Sat, 2011-09-10 at 15:26 +0100, Always Learning wrote:
This works for me on Centos 5.6. It may assist newcomers to the Linux world of Centos.
whois 51.51.51.51
produces a normal and conventional display of data.
However since ARIN, the North American registrar of IP addresses, "modernised" its WHOIS processing, a query to
whois 64.64.64.64
will produce a one line summary of possible matches, which always includes ARIN, but omits the details we used to receive before ARIN implemented its much criticised "improved" service.
A one line script solves it for me (but only for ARIN network entries).
#!/bin/bash whois -h whois.arin.net n + $1
I call my script .arin
.arin 64.64.64.64
produces a normal output.
Paul.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Another alternative, if you're simply looking for ASN/CIDR information, is to use the routeviews project.
host -t txt 51.51.51.51.asn.routeviews.org
... returns the ASN and CIDR block of the IP in question.
Note that as usual, this is reversed dotted quad, so if your original IP is 1.2.3.4, you're querying 4.3.2.1.asn.routeviews.org
More information on the routeviews project: http://www.routeviews.org/
If you want information on the ASN, you can still query WHOIS. Or you can hit the CIDR Report:
Example:
$ host www.cidr-report.org www.cidr-report.org has address 203.133.248.2
$ host -t txt 2.248.133.203.asn.routeviews.org 2.248.133.203.asn.routeviews.org descriptive text "4608" "203.133.248.0" "24"
karsten@zharben:~$ host -t txt 51.51.51.51.asn.routeviews.org 51.51.51.51.asn.routeviews.org descriptive text "4294967295" "0" "0" karsten@zharben:~$ host www.cidr-report.org www.cidr-report.org has address 203.133.248.2 karsten@zharben:~$ host -t text 2.248.133.103.asn.routeviews.org host: invalid type: text
karsten@zharben:~$ host -t txt 2.248.133.103.asn.routeviews.org Host 2.248.133.103.asn.routeviews.org not found: 3(NXDOMAIN) karsten@zharben:~$ host -t txt 2.248.133.203.asn.routeviews.org 2.248.133.203.asn.routeviews.org descriptive text "4608" "203.133.248.0" "24" karsten@zharben:~$ whois n 4608 No whois server is known for this kind of object. karsten@zharben:~$ whois n!4608 bash: !4608: event not found karsten@zharben:~$ whois AS4608 % [whois.apnic.net node-5] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
as-block: AS4608 - AS4864 descr: APNIC ASN block remarks: These AS numbers are further assigned by APNIC remarks: to APNIC members and end-users in the APNIC region admin-c: HM20-AP tech-c: HM20-AP mnt-by: APNIC-HM mnt-lower: APNIC-HM changed: hm-changed@apnic.net 20020926 changed: hm-changed@apnic.net 20030207 changed: hm-changed@apnic.net 20050309 source: APNIC
aut-num: AS4608 as-name: APNIC-AP descr: Asia Pacific Network Information Centre descr: Regional Internet Registry for the Asia-Pacific Region descr: 6 Cordelia Street descr: PO Box 3646 descr: South Brisbane, QLD 4101 descr: Australia country: AU admin-c: HM20-AP tech-c: NO4-AP notify: noc@apnic.net mnt-by: MAINT-APNIC-AP mnt-irt: IRT-APNIC-AP changed: hm-changed@apnic.net changed: hm-changed@apnic.net 20110309 changed: hm-changed@apnic.net 20110815 source: APNIC
role: APNIC Hostmaster address: 6 Cordelia Street address: South Brisbane address: QLD 4101 country: AU phone: +61 7 3858 3100 fax-no: +61 7 3858 3199 e-mail: helpdesk@apnic.net admin-c: AMS11-AP tech-c: AH256-AP nic-hdl: HM20-AP remarks: Administrator for APNIC notify: noc@apnic.net mnt-by: MAINT-APNIC-AP changed: hm-changed@apnic.net 19981111 changed: dbmon@apnic.net 19990702 changed: hm-changed@apnic.net 20020211 changed: hm-changed@apnic.net 20070612 changed: hm-changed@apnic.net 20100217 changed: hm-changed@apnic.net 20101217 changed: hm-changed@apnic.net 20110815 source: APNIC
person: APNIC Network Operations address: 6 Cordelia Street address: South Brisbane address: QLD 4101 country: AU phone: +61 7 3858 3100 fax-no: +61 7 3858 3199 e-mail: netops@apnic.net nic-hdl: NO4-AP remarks: Administrator for APNIC Network Operations notify: netops@apnic.net mnt-by: MAINT-APNIC-AP changed: netops@apnic.net 19981111 changed: hostmaster@apnic.net 20020211 changed: hm-changed@apnic.net 20081205 changed: hm-changed@apnic.net 20101217 source: APNIC
$ whois AS4608 % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
as-block: AS4608 - AS4864 descr: APNIC ASN block remarks: These AS numbers are further assigned by APNIC remarks: to APNIC members and end-users in the APNIC region admin-c: HM20-AP tech-c: HM20-AP mnt-by: APNIC-HM mnt-lower: APNIC-HM changed: hm-changed@apnic.net 20020926 changed: hm-changed@apnic.net 20030207 changed: hm-changed@apnic.net 20050309 source: APNIC <etc.>
On Sat, Sep 10, 2011 at 7:26 AM, Always Learning centos@u61.u22.net wrote:
This works for me on Centos 5.6. It may assist newcomers to the Linux world of Centos.
whois 51.51.51.51produces a normal and conventional display of data.
However since ARIN, the North American registrar of IP addresses, "modernised" its WHOIS processing, a query to
whois 64.64.64.64will produce a one line summary of possible matches, which always includes ARIN, but omits the details we used to receive before ARIN implemented its much criticised "improved" service.
A one line script solves it for me (but only for ARIN network entries).
#!/bin/bash whois -h whois.arin.net n + $1I call my script .arin
.arin 64.64.64.64produces a normal output.
Paul.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Always Learning -
Bart Schaefer -
Edward Morbius -
me@tdiehl.org -
Michael H. Warfield -
Steve Walsh