Simple bash script for IP-ASN mapping
Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.
I figured out (with a friend’s help) that using their whois server - v4.whois.cymru.com one can actually grab limited information as required.
anurag@laptop:~$ whois -h v4.whois.cymru.com " -v 126.96.36.199" AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 15169 | 188.8.131.52 | 184.108.40.206/24 | US | arin | 1992-12-01 | GOOGLE - Google Inc.
As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code - this gives enough information for an IP address. Thus command turns out to be with -c & -p.
anurag@laptop:~$ whois -h v4.whois.cymru.com " -c -p 220.127.116.11" AS | IP | BGP Prefix | CC | AS Name 9829 | 18.104.22.168 | 22.214.171.124/20 | IN | BSNL-NIB National Internet Backbone
Making this all quick easy to use.
Writing command in a quick script:
#!/bin/bash # Script for whois with details read -p 'Enter IP address : ' inputip hostname=v4.whois.cymru.com whois -h $hostname " -c -p $inputip"
next, edit .bashrc located in home directory (hidden). add following lines to the end of the file:
Logout and login and done!
Now, you can simply use awhois (A = Advanced! :) ) to do advanced IP whois lookups.
Here’s a live working example:
anurag@laptop:~$ awhois Enter IP address : 126.96.36.199 AS | IP | BGP Prefix | CC | AS Name 20115 | 188.8.131.52 | 184.108.40.206/17 | US | CHARTER-NET-HKY-NC - Charter Communications