WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Command line tool to show full information on an IP's registration  (Read 5614 times)

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Command line tool to show full information on an IP's registration
« on: September 10, 2011, 12:48:42 PM »
Tried whois and jwhois. The first does not even say who the registrant of google.com is.  The other, jwhois, seems incomplete.

Is there any better way to find out information about an IP's or domain name's registration, and do it from the command line?

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Command line tool to show full information on an IP's registration
« Reply #1 on: September 10, 2011, 12:53:48 PM »
whois google.com
....
 Domain Name: GOOGLE.COM
 Registrar: MARKMONITOR INC.
....


?
The only barriers that can stop you are the ones you create yourself.

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Command line tool to show full information on an IP's registration
« Reply #2 on: September 10, 2011, 01:12:09 PM »
Registrant, not registrar.  The registrant of google.com is Google Inc. This is shown by the following online "smartwhois" site that seems comprehensive:

http://www.all-nettools.com/toolbox/smart-whois.php


Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Command line tool to show full information on an IP's registration
« Reply #3 on: September 10, 2011, 01:18:41 PM »
Oh, right. Nevermind.
The only barriers that can stop you are the ones you create yourself.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: Command line tool to show full information on an IP's registration
« Reply #4 on: September 10, 2011, 01:23:52 PM »
jwhois gives following result on TC:

Quote
[Querying whois.verisign-grs.com]
[Redirected to whois.markmonitor.com]
[Querying whois.markmonitor.com]
[whois.markmonitor.com]

MarkMonitor is the Global Leader in Enterprise Brand Protection.

Domain Management
MarkMonitor Brand Protection™
AntiFraud Solutions
Corporate Consulting Services

Visit MarkMonitor at www.markmonitor.com
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300


The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com
for information purposes, and to assist persons in obtaining information
about or related to a domain name registration record.  MarkMonitor.com
does not guarantee its accuracy.  By submitting a WHOIS query, you agree
that you will use this Data only for lawful purposes and that, under no
circumstances will you use this Data to: (1) allow, enable, or otherwise
support the transmission of mass unsolicited, commercial advertising or
solicitations via e-mail (spam); or  (2) enable high volume, automated,
electronic processes that apply to MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

Registrant:
        Dns Admin
        Google Inc.
        Please contact contact-admin@google.com 1600 Amphitheatre Parkway
         Mountain View CA 94043
        US
        dns-admin@google.com +1.6502530000 Fax: +1.6506188571

    Domain Name: google.com

        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:
        DNS Admin
        Google Inc.
        1600 Amphitheatre Parkway
         Mountain View CA 94043
        US
        dns-admin@google.com +1.6506234000 Fax: +1.6506188571
    Technical Contact, Zone Contact:
        DNS Admin
        Google Inc.
        2400 E. Bayshore Pkwy
         Mountain View CA 94043
        US
        dns-admin@google.com +1.6503300100 Fax: +1.6506181499

    Created on..............: 1997-09-15.
    Expires on..............: 2020-09-13.
    Record last updated on..: 2011-07-20.

    Domain servers in listed order:

    ns1.google.com
    ns3.google.com
    ns4.google.com
    ns2.google.com
   



MarkMonitor is the Global Leader in Enterprise Brand Protection.

Domain Management
MarkMonitor Brand Protection™
AntiFraud Solutions
Corporate Consulting Services

Visit MarkMonitor at www.markmonitor.com
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300
--
« Last Edit: September 10, 2011, 01:25:27 PM by bmarkus »
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Command line tool to show full information on an IP's registration
« Reply #5 on: September 10, 2011, 01:30:34 PM »
Yes, I tried that.  By default it is missing domains other than .com, .net etc. 

Here is also the slightly more concise output of that "smartwhois" online tool.  Might there be a command line equivalent for linux?

Quote
google.com (74.125.225.52)

   74.125.0.0 - 74.125.255.255
Google Inc. GOOGLE (NET-173-194-0-0-1) 173.194.0.0 - 173.194.255.255
Google GOOGLE (NET-199-87-241-32-1) 199.87.241.32 - 199.87.241.63
Google Inc. GOOGLE (NET-209-85-128-0-1) 209.85.128.0 - 209.85.255.255
Google Inc. GOOGLE (NET-216-239-32-0-1) 216.239.32.0 - 216.239.63.255
Google Inc. GOOGLE (NET-64-233-160-0-1) 64.233.160.0 - 64.233.191.255
Google Inc. GOOGLE (NET-66-249-64-0-1) 66.249.64.0 - 66.249.95.255
Google Inc. GOOGLE (NET-70-32-128-0-1) 70.32.128.0 - 70.32.159.255
Google GOOGLE (NET-70-89-39-152-1) 70.89.39.152 - 70.89.39.159
Google GOOGLE (NET-70-90-219-48-1) 70.90.219.48 - 70.90.219.55
Google GOOGLE (NET-70-90-219-72-1) 70.90.219.72 - 70.90.219.79
Google Inc. GOOGLE (NET-72-14-192-0-1) 72.14.192.0 - 72.14.255.255
Google Inc. GOOGLE (NET-74-125-0-0-1) 74.125.0.0 - 74.125.255.255

   Google Inc
arin-contact@google.com
+1-650-253-0000

   74.0.0.0 - 74.255.255.255
American Registry for Internet Numbers NET74 (NET-74-0-0-0-0) 74.0.0.0 - 74.255.255.255
Mojohost VL191 BLACKBOOK NET74 (NET-74-206-175-208-1) 74.206.175.208 - 74.206.175.223

   Registration Services Department
hostmaster@arin.net
+1-703-227-0660

Offline maro

  • Hero Member
  • *****
  • Posts: 1228
Re: Command line tool to show full information on an IP's registration
« Reply #6 on: September 10, 2011, 07:59:23 PM »
Yes you can use a CLI approach as the following shows:
Code: (bash) [Select]
tc@box:~$ wget -qO - [url]http://www.all-nettools.com/toolbox/smart-whois.php[/url] --post-data="ip=google.com" | sed '1,/SmartWhois Domain & IP Lookup/d;/<\/table>/,$d' | sed 's#<br>#\n#g' | sed '/^$/d ; s#<\/td> *## ; /^<\/tr>/d ; /^<tr valign=/d' | sed '/<b>/ s#</b>## ; /<b>/ s#^.*<b>\([^<]\+\)</[^>]\+>.*$#\1# ; /<b>/ s#^.*<b>##' | sed '/<a href/ s#.*>\([^<]\+\)</a>.*#\1#'
google.com (74.125.225.52)

74.125.0.0 - 74.125.255.255
Google Inc. GOOGLE (NET-173-194-0-0-1) 173.194.0.0 - 173.194.255.255
Google GOOGLE (NET-199-87-241-32-1) 199.87.241.32 - 199.87.241.63
Google Inc. GOOGLE (NET-209-85-128-0-1) 209.85.128.0 - 209.85.255.255
Google Inc. GOOGLE (NET-216-239-32-0-1) 216.239.32.0 - 216.239.63.255
Google Inc. GOOGLE (NET-64-233-160-0-1) 64.233.160.0 - 64.233.191.255
Google Inc. GOOGLE (NET-66-249-64-0-1) 66.249.64.0 - 66.249.95.255
Google Inc. GOOGLE (NET-70-32-128-0-1) 70.32.128.0 - 70.32.159.255
Google GOOGLE (NET-70-89-39-152-1) 70.89.39.152 - 70.89.39.159
Google GOOGLE (NET-70-90-219-48-1) 70.90.219.48 - 70.90.219.55
Google GOOGLE (NET-70-90-219-72-1) 70.90.219.72 - 70.90.219.79
Google Inc. GOOGLE (NET-72-14-192-0-1) 72.14.192.0 - 72.14.255.255
Google Inc. GOOGLE (NET-74-125-0-0-1) 74.125.0.0 - 74.125.255.255

Google Inc
arin-contact@google.com
+1-650-253-0000

74.0.0.0 - 74.255.255.255
American Registry for Internet Numbers NET74 (NET-74-0-0-0-0) 74.0.0.0 - 74.255.
255.255
Mojohost VL191 BLACKBOOK NET74 (NET-74-206-175-208-1) 74.206.175.208 - 74.206.17
5.223

Registration Services Department
hostmaster@arin.net
+1-703-227-0660
tc@box:~$

But parsing a HTML page with a few 'sed' commands is a rather foolish undertaking, as it is extremely easy to break. I've just done it here "just for fun", but have not interest to maintain it any further than this.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Command line tool to show full information on an IP's registration
« Reply #7 on: September 11, 2011, 02:04:15 AM »
html2text :)
The only barriers that can stop you are the ones you create yourself.

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Command line tool to show full information on an IP's registration
« Reply #8 on: September 11, 2011, 07:57:10 AM »
Thanks maro.  Speaking of foolish undertakings, I was reminded of endless hours I spent with sed trying to do similar things when converting public forum posts and thread hierarchies into sql commands.  That effort still didn't give me the lesson and I still do too many things with sed. :P

The need for this command line tool or script is to read a dns server's log and also a firewall's log and, every time an ip or domain name is blocked, display a popup that contains good consise whois information about it.  Plus a prompt that says something like:

"Allow ip's owned by <Google Inc> next time?"

Or whatever company appears to be the owner.  And if you reply yes, then everything that has "Google Inc" as the owner is thereafter allowed.

Can't the owner be reliably extracted from such whois information?
« Last Edit: September 11, 2011, 08:10:38 AM by Ulysses_ »

Offline grtoftis

  • Newbie
  • *
  • Posts: 1
Re: Command line tool to show full information on an IP's registration
« Reply #9 on: October 24, 2011, 05:21:24 AM »
hi,
I don't know how to do using command line.but there is an another way to find the information about an IP's or domain name's registration is through Whoisxy.com .this is simple process.you can also find the domain to ip and vice verse through this site for free..you can find for unlimited.usually i used to find the domain whois information and all through this site.i hope it'll be useful for you.

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Command line tool to show full information on an IP's registration
« Reply #10 on: October 25, 2011, 03:20:41 PM »
Thanks. This looks like smartwhois mentioned above.

The ideal would be just the company name, or whoever the registrant is, in manner that makes it easy to isolate. Perhaps with the country added for uniqueness. Plus a reverse-dns.
« Last Edit: October 25, 2011, 04:01:14 PM by Ulysses_ »