Simple bash script for IP-ASN mapping
Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.
I figured out (with a friend’s help) that using their whois server – v4.whois.cymru.com one can actually grab limited information as required.
E.g
anurag@laptop:~$ whois -h v4.whois.cymru.com " -v 8.8.8.8"
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
15169 | 8.8.8.8 | 8.8.8.0/24 | US | arin | 1992-12-01 | GOOGLE - Google Inc.
AS | IP | BGP Prefix | CC | AS Name
9829 | 61.0.0.70 | 61.0.0.0/20 | IN | BSNL-NIB National Internet Backbone
#!/bin/bash
# Script for whois with details
read -p 'Enter IP address : ' inputip
hostname=v4.whois.cymru.com
whois -h $hostname " -c -p $inputip"
alias awhois='//whois.sh'
anurag@laptop:~$ awhois
Enter IP address : 71.89.140.2
AS | IP | BGP Prefix | CC | AS Name
20115 | 71.89.140.2 | 71.89.128.0/17 | US | CHARTER-NET-HKY-NC - Charter Communications
Nice script and clear explain 🙂
If you use fail2ban to ban hack attempts, sometimes it’s useful to see where the attacks are coming from such as the ASN or Country. My script for checking these ips is (this is for ufw. if you use iptables for fail2ban you will have to change the command a bit):
echo “AS | IP | BGP Prefix | CC | AS Name”; for i in `sudo ufw status | grep REJECT | awk ‘{print $3}’`; do whois -h v4.whois.cymru.com ” -c -p $i” | tail -n +2; done
Interesting. Thanks for sharing John!
I also use Team Cymru’s excellent service to quickly lookup interesting info from IPs. Generally my purpose is to map IPs and hostnames to ASNs/routes. I thought it could be useful to share my code as well: https://gist.github.com/nitefood/1eba4183012dcca0f082535f0eb128db along with a usage example gif in the comments.