who_is_using_this_ip_address
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
who_is_using_this_ip_address [2014/02/08 22:36] – [2- Using BGP Information] samer | who_is_using_this_ip_address [2014/02/09 12:47] – [2- Using BGP Information] samer | ||
---|---|---|---|
Line 45: | Line 45: | ||
Community: 15290:3356 15290:64995 15290:65050 15290:65506 | Community: 15290:3356 15290:64995 15290:65050 15290:65506 | ||
- | Despite its availability, | + | Despite its availability, |
- | ==== Team Cymru whois Server ==== | + | ==== -- Team Cymru whois Server ==== |
- | Team Cymru implements the '' | + | Team Cymru implements the '' |
< | < | ||
Line 57: | Line 57: | ||
</ | </ | ||
- | and another example that demonstrates the possibility of sending multiple | + | and another example that demonstrates the possibility of sending multiple |
< | < | ||
Line 67: | Line 67: | ||
</ | </ | ||
- | ==== Riswhois Server ==== | + | ==== -- Riswhois Server ==== |
- | RIPE NCC implements a similar whois service named RISwhois by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs). Given an IPv4 or IPv6 address, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP. | + | RIPE NCC implements a similar whois service named RISwhois by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs) |
<WRAP info> | <WRAP info> | ||
- | As mentioned on the [[http:// | + | As mentioned on the [[http:// |
</ | </ | ||
- | $ whois -h riswhois.ripe.net 217.70.180.132 | + | In the following, a simple example shows the output of a Riswhois query: '' |
- | % This is RIPE NCC's Routing Information Service | + | |
- | % whois gateway to collected BGP Routing Tables | + | < |
- | % IPv4 or IPv6 address to origin prefix match | + | $ whois -h riswhois.ripe.net |
- | % | + | route: |
- | % For more information visit http://www.ripe.net/ | + | origin: |
- | + | descr: | |
- | route: | + | lastupd-frst: |
- | origin: | + | lastupd-last: |
- | descr: | + | seen-at: |
- | lastupd-frst: | + | num-rispeers: |
- | lastupd-last: | + | source: |
- | seen-at: | + | </ |
- | num-rispeers: | + | |
- | source: | + | <WRAP round important> |
- | + | Due to BGP policies between ASes in the Internet, RRCs may receive different BGP information for the same IP prefix. Therefore, Riswhois provides multiple matchings for the IP prefix, as in the following example. In such cases, a longest prefix matching may help in choosing a single originating AS. | |
- | route: | + | </ |
- | origin: | + | |
- | descr: | + | < |
- | lastupd-frst: | + | $ whois -h riswhois.ripe.net 217.70.184.1 |
- | lastupd-last: | + | route: |
- | seen-at: | + | origin: |
- | num-rispeers: | + | descr: |
- | source: | + | lastupd-frst: |
- | + | lastupd-last: | |
- | route: | + | seen-at: |
- | origin: | + | num-rispeers: |
- | descr: | + | source: |
- | lastupd-frst: | + | |
- | lastupd-last: | + | route: |
- | seen-at: | + | origin: |
- | num-rispeers: | + | descr: |
- | source: | + | lastupd-frst: |
+ | lastupd-last: | ||
+ | seen-at: | ||
+ | num-rispeers: | ||
+ | source: | ||
+ | </ | ||
===== -- A Do-It-Yourself BGP Query Service ===== | ===== -- A Do-It-Yourself BGP Query Service ===== | ||
Start by downloading multiple routing tables for routeviews or RIPE RIS servers. Transform these tables into parsable format bu using bgpdump. Use any scripting language to perform a best prefix match and output the origin AS of your desired IP prefix. | Start by downloading multiple routing tables for routeviews or RIPE RIS servers. Transform these tables into parsable format bu using bgpdump. Use any scripting language to perform a best prefix match and output the origin AS of your desired IP prefix. |
who_is_using_this_ip_address.txt · Last modified: 2014/02/15 23:31 by samer