Handy WHOIS tip
2010-01-26 08:48:31 by chort
While doing some research last night I finally figured out how to query a WHOIS server for all netblocks owned by a particular organization. For example, to find all netblocks owned by OrgID: NOC, do the following:
$ whois -a '> o !NOC'
In this case I'm using BSD whois, so the '-a' means "search ARIN". The other options are for the server. ARIN's WHOIS server interprets '>' as "show subordinate entries", the 'o' as "query for organizations", and the '!' as "search for handle or ID".
You should get output that starts like:
Resources Used By Organization: Network Operations Center Inc. (AS21788) NOC 21788 [additional lines removed]
Linux users will need to adjust the flags passed to whois.
You can often get help from a specific WHOIS server by querying for '?'. This needs to be protected from your shell, so either backslash escape it, or wrap it in single-quotes. To get help from ARIN's WHOIS server do this:
$ whois -a \?
Final note: BSD whois doesn't appear to have a flag to force the RWHOIS protocol and different OSs have widely different ideas of what WHOIS ports are "well-known". For instance, OpenBSD has WHOIS and nothing else, while OS X has WHOIS++ and RWHOIS, but not WHOIS. FYI these are the ports:
whois 43/tcp nicname whois++ 63/udp # whois++ whois++ 63/tcp # whois++ rwhois 4321/udp # Remote Who Is rwhois 4321/tcp # Remote Who Is
You can specify the port with the '-p' flag on BSD whois.
- Comments (0)