Link to home
Start Free TrialLog in
Avatar of stzin
stzin

asked on

Is there a tool anywhere that can perform an nslookup and resolve an IP to a domain name using a list of IP Addresses?

I have a list of IP addresses (websites users are surfing too). We want to know the domains that these IPs resolve too, however, performing an nslookup or whois on each and every single IP would be insane!

Is there a tool anywhere that can perform an nslookup and resolve an IP to a domain name using a list of IP Addresses?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
(If you made that a command in a script, then you'd need to add a % to the %a's - they would look like %%a)

You can then further parse the lookups.log file by using FIND and dumping that output to a file.  What information do you want?  just the domain name/system name?  If so then you would do something like this in a file.cmd:

for /f "tokens=1" %a in (ipaddresses.log) do @nslookup %a >> lookups.log
find /i "Name:" lookups.log > names.log

Avatar of stzin
stzin

ASKER

leew where you wrtite "Name:" what should I actually be putting in there?
Avatar of stzin

ASKER

When I run the for script I keep getting "a was unexpected at this time".

I've tried different itterations of the script, like,
for /F "tokens=1" %a IN (ips.txt) DO nslookup %a

where ips.txt is a list with only 4 ips that looks like this:

100.100.100.100
101.101.10.1.101
102.1.1.1
103.1.1.1


Im trying to keep it as simple as possible just so I cant get some sort of output..what am I doing wrong?

Did you try nmap yet?  It does exactly what you need.
If you run FOR /F... as a command, then you use %a.  If you run FOR /F as  a command in a batch file, then it must be referred to as %%a.  I screwed that up, my apologies.
Where I write "Name:" you should be putting "Name:" - I didn't mean for this to be interpreted as a variable.  

What's going on is that when you run NSLOOKUP WWW.GOOGLE.COM, the output looks something like this:
Server:  myserver.mydomain.com
Address:  192.168.0.1

Non-authoritative answer:
Name:    www.google.akadns.net
Addresses:  64.233.161.99, 64.233.161.104
Aliases:  www.google.com

So I'm using Find "Name:" - which is in the 5th line of the output and contains the looked up domain.  Find would display that line, but I'm redirecting output from it to a file instead.  If you wanted to get rid of the Name: part of each line in the output file, then you could run this added line in the script (remember %a or %aa depending on whether it's a batch file or just run as a single command on the command line:

FOR /f "tokens=2" %a in (names.log) DO Echo %a >> namesonly.txt