wikiroute

networking recipes

User Tools

Site Tools

Trace:
who_is_using_this_ip_address

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
who_is_using_this_ip_address [2014/02/08 22:05] samerwho_is_using_this_ip_address [2014/02/08 22:06] samer
Line 5: Line 5:
 ===== -- Limitations of the whois Information ===== ===== -- Limitations of the whois Information =====
  
-A typical method to identify the AS that announces a specific IP prefix is to use the whois protocol. A whois command is available on main OSes and enables to query the databases of regional registries such as ARIN, RIPE, LACNINC, ... A very interesting [[http://answers.oreilly.com/topic/408-how-to-use-and-understand-whois-in-its-many-forms | article]] provides tips for using the whois command. Here is a simple example that queries the whois.ripe.net server database in order to find the origin AS of the 148.60.0.0/16.+A typical method to identify the AS that announces a specific IP prefix is to use the whois protocol. A whois command is available on main OSes and enables to query the databases of regional registries such as ARIN, RIPE, LACNINC, ... A very interesting [[http://answers.oreilly.com/topic/408-how-to-use-and-understand-whois-in-its-many-forms | article]] provides tips for using the whois command. Here is a simple example that queries the whois.ripe.net server database in order to find the origin AS of the ''148.60.0.0/16''.
  
  $ whois -h whois.ripe.net 148.60.0.0/16 | grep origin  $ whois -h whois.ripe.net 148.60.0.0/16 | grep origin
Line 20: Line 20:
 [{{ :bgp-table.png?direct&600 | Figure 1. Active BGP entries}}] [{{ :bgp-table.png?direct&600 | Figure 1. Active BGP entries}}]
  
-However, having access to a DFZ BGP router is not easy in practice. Alternatively, it is possible to find similar routing information on looking glasses or route servers that are made public by network operators (see for example a list of servers on www.routeserver.org. Such devices are originally deployed in order to contribute to the monitoring or the tracking of BGP anomalies in the Internet.+However, having access to a DFZ BGP router is not easy in practice. Alternatively, it is possible to find similar routing information on looking glasses or route servers that are made public by network operators (see for example a list of servers on www.routeserver.org). Such devices are originally deployed in order to contribute to the monitoring or the tracking of BGP anomalies in the Internet.
 Let us try for example to log on the Allstream route server in Canada and identify the origin AS of 148.60.0.0/16. The output of the ''show ip bgp command'' shows the AS path "15290 3356 1273 2200" in the BGP announcements. Therefore, the first AS, //i.e.//, 2200 is the origin AS of the studied prefix. Let us try for example to log on the Allstream route server in Canada and identify the origin AS of 148.60.0.0/16. The output of the ''show ip bgp command'' shows the AS path "15290 3356 1273 2200" in the BGP announcements. Therefore, the first AS, //i.e.//, 2200 is the origin AS of the studied prefix.
  
who_is_using_this_ip_address.txt · Last modified: 2014/02/15 23:31 by samer