Simple bash script for IP-ASN mapping

Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru.

I figured out (with a friend’s help) that using their whois server - v4.whois.cymru.com one can actually grab limited information as required. 

E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com "  -v 8.8.8.8"
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name

15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc.

As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code - this gives enough information for an IP address. Thus command turns out to be with -c & -p.

E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com " -c -p 61.0.0.70"

AS | IP | BGP Prefix | CC | AS Name  
9829 | 61.0.0.70 | 61.0.0.0/20 | IN | BSNL-NIB National Internet Backbone

Making this all quick easy to use.

Writing command in a quick script:

#!/bin/bash

# Script for whois with details

read -p 'Enter IP address : ' inputip
hostname=v4.whois.cymru.com
whois -h $hostname " -c -p $inputip"

next,  edit .bashrc located in home directory (hidden). add following lines to the end of the file:

alias awhois='./whois.sh'

Logout and login and done!

Now, you can simply use awhois (A = Advanced! :) ) to do advanced IP whois lookups.

Here’s a live working example:

anurag@laptop:~$ awhois  
Enter IP address : 71.89.140.2  
AS | IP | BGP Prefix | CC | AS Name  
20115 | 71.89.140.2 | 71.89.128.0/17 | US | CHARTER-NET-HKY-NC - Charter Communications