Simple bash script for IP-ASN mapping

Posted by Anurag Bhatia in bash, programmingDec 24th, 2011 | one response

Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.

I figured out (with a friend’s help) that using their whois server - v4.whois.cymru.com one can actually grab limited information as required. 

E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com "  -v 8.8.8.8"

AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name

15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc.

 

As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code – this gives enough information for an IP address. Thus command turns out to be with -c & -p.
 
E.g
 

anurag@laptop:~$ whois -h v4.whois.cymru.com " -c -p 61.0.0.70"

AS | IP | BGP Prefix | CC | AS Name
9829 | 61.0.0.70 | 61.0.0.0/20 | IN | BSNL-NIB National Internet Backbone

 
Making this all quick easy to use.
 
Writing command in a quick script:
 

#!/bin/bash
# Script for whois with details
read -p 'Enter IP address : ' inputip
hostname=v4.whois.cymru.com
whois -h $hostname " -c -p $inputip"
 

 
next, 
 
edit .bashrc located in home directory (hidden).
 
 
 
add following lines to the end of the file:
alias awhois='//whois.sh'
 
Logout and login and done!
 
Now, you can simply use awhois (A = Advanced! :) ) to do advanced IP whois lookups.
 
Here’s a live working example:
 

anurag@laptop:~$ awhois
Enter IP address : 71.89.140.2
AS | IP | BGP Prefix | CC | AS Name
20115 | 71.89.140.2 | 71.89.128.0/17 | US | CHARTER-NET-HKY-NC - Charter Communications



One Response to “Simple bash script for IP-ASN mapping”

  1. Quendi says:
    December 29, 2011 at 2:51 pm

    Nice script and clear explain :)

    Reply

Leave a Reply