who_is_using_this_ip_address
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
who_is_using_this_ip_address [2014/02/08 22:03] – samer | who_is_using_this_ip_address [2014/02/08 22:21] – samer | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== -- Limitations of the whois Information ===== | ===== -- Limitations of the whois Information ===== | ||
- | A typical method to identify the AS that announces a specific IP prefix is to use the whois protocol. A whois command is available on main OSes and enables to query the databases of regional registries such as ARIN, RIPE, LACNINC, ... A very interesting [[http:// | + | A typical method to identify the AS that announces a specific IP prefix is to use the whois protocol. A whois command is available on main OSes and enables to query the databases of regional registries such as ARIN, RIPE, LACNINC, ... A very interesting [[http:// |
$ whois -h whois.ripe.net 148.60.0.0/ | $ whois -h whois.ripe.net 148.60.0.0/ | ||
origin: | origin: | ||
- | However things get complicated very rapidly since the route object information is not always provided or may be outdated. Trying for example to identify the AS announcing 203.178.141.194 (corresponding to the famous www.kame.net), | + | However things get complicated very rapidly since the route object information is not always provided or may be outdated. Trying for example to identify the AS announcing |
$ whois -h whois.apnic.net 203.178.141.194 | grep origin | $ whois -h whois.apnic.net 203.178.141.194 | grep origin | ||
Line 16: | Line 16: | ||
===== -- Using BGP Information ===== | ===== -- Using BGP Information ===== | ||
- | An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, | + | An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, |
[{{ : | [{{ : | ||
- | However, having access to a DFZ BGP router is not easy in practice. Alternatively, | + | However, having access to a DFZ BGP router is not easy in practice. Alternatively, |
- | Let us try for example to log on the Allstream route server in Canada and identify the origin AS of 148.60.0.0/ | + | Let us try for example to log on the Allstream route server in Canada and identify the origin AS of '' |
$ telnet route-server.east.bb.allstream.net | $ telnet route-server.east.bb.allstream.net | ||
Line 45: | Line 45: | ||
Community: 15290:3356 15290:64995 15290:65050 15290:65506 | Community: 15290:3356 15290:64995 15290:65050 15290:65506 | ||
- | Despite its availability, | + | Despite its availability, |
- | | + | |
- | | + | < |
+ | $ whois -h whois.cymru.com 148.60.0.0/ | ||
+ | AS | IP | AS Name | ||
+ | 2200 | 148.60.0.0 | ||
+ | </ | ||
+ | |||
+ | and another example that demonstrates the possibility of sending multiple addresses in the same query: | ||
+ | |||
+ | < | ||
+ | $ whois -h whois.cymru.com 148.60.0.0/ | ||
+ | AS | IP | AS Name | ||
+ | 2200 | 148.60.0.0 | ||
+ | AS | IP | AS Name | ||
+ | 2500 | 203.178.141.194 | ||
+ | </ | ||
+ | |||
+ | * A similar service was announced by the RIPE RIS project. Their whois server can be queried using '' | ||
$ whois -h riswhois.ripe.net 217.70.180.132 | $ whois -h riswhois.ripe.net 217.70.180.132 |
who_is_using_this_ip_address.txt · Last modified: 2014/02/15 23:31 by samer