28 May

Domain to IP/ASN/BGP block mapping script

Sleepless night. Reading more about Quagga and it’s options.

 

In meanwhile a quick 5min script to enable domain to BGP/IP/ASN mapping. This script is using basic dig command (for finding IP address) and Team Cymru whois service for IP to ASN/block mapping.

 

Code:

#!/bin/bash
# Script for domain name to IP/ASN/BGP block mapping
hostname=v4.whois.cymru.com
IP=$(dig $1 a +short)
whois -h $hostname ” -c -p $IP”

 

 Yeah just 3 line script! Less code = more power! 

I set this one up as alias in ~/.bashrc. Here’s live working example:

 

anurag@laptop ~ $ bwhois he.net
AS | IP | BGP Prefix | CC | AS Name
6939 | 216.218.186.2 | 216.218.128.0/17 | US | HURRICANE – Hurricane Electric, Inc.

anurag@laptop ~ $ bwhois vsnl.in
AS | IP | BGP Prefix | CC | AS Name
4755 | 121.244.76.25 | 121.244.76.0/23 | IN | TATACOMM-AS TATA Communications formerly VSNL is Leading ISP

anurag@laptop ~ $ bwhois airtel.in
AS | IP | BGP Prefix | CC | AS Name
9498 | 125.19.17.20 | 125.19.17.0/24 | IN | BBIL-AP BHARTI Airtel Ltd.

anurag@laptop ~ $ bwhois rcom.co.in
AS | IP | BGP Prefix | CC | AS Name
18101 | 220.226.182.128 | 220.226.176.0/20 | IN | RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI

 

 

Time for me to complete my CN file for tomorrow’s viva. Most boring & dumb work, but anyways have to do.

Feel free to leave comments below about just anything!

 

24 Dec

Simple bash script for IP-ASN mapping

Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.

I figured out (with a friend’s help) that using their whois server – v4.whois.cymru.com one can actually grab limited information as required. 

E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com "  -v 8.8.8.8"

AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name

15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc.

 

As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code – this gives enough information for an IP address. Thus command turns out to be with -c & -p.
 
E.g
 

anurag@laptop:~$ whois -h v4.whois.cymru.com " -c -p 61.0.0.70"

AS | IP | BGP Prefix | CC | AS Name
9829 | 61.0.0.70 | 61.0.0.0/20 | IN | BSNL-NIB National Internet Backbone

 
Making this all quick easy to use.
 
Writing command in a quick script:
 

#!/bin/bash
# Script for whois with details
read -p 'Enter IP address : ' inputip
hostname=v4.whois.cymru.com
whois -h $hostname " -c -p $inputip"
 

 
next, 
 
edit .bashrc located in home directory (hidden).
 
 
 
add following lines to the end of the file:
alias awhois='//whois.sh'
 
Logout and login and done!
 
Now, you can simply use awhois (A = Advanced! 🙂 ) to do advanced IP whois lookups.
 
Here’s a live working example:
 

anurag@laptop:~$ awhois
Enter IP address : 71.89.140.2
AS | IP | BGP Prefix | CC | AS Name
20115 | 71.89.140.2 | 71.89.128.0/17 | US | CHARTER-NET-HKY-NC - Charter Communications