ASN asnumber looup

I am trying to find a way of looking up the owner of an ASN number using a script. I have no need for bulk usage, I simply want to do a query or two now and then.

The trick is that I do not have whois on the device which is running my code but I do have netcat, traceroute, ping, mtr, your basic tools.

I know there are sites which provide this info but I have not found any way of doing it yet.

This site, whois.cymru.com seems to offer a way of connecting to it, sending a -w with an ASN to get the results back. However, I've not found the correct syntax and cannot confirm if I could use netcat only.

I am looking for a bash script which would accomplish this.

Thanks.
projectsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
Do you have curl?

curl ipinfo.io/IPADRESS/org
projectsAuthor Commented:
I do, but I also already have the asnumber I would need to look up.
I was hoping to be able to look up based on that asnumber.

Using the IP would mean many multiple queries for no good reason since a company would have huge amounts of IPs. Using the asnumber I already have would save on queries.
giltjrCommented:
O.K,

You can do:

curl http://whois.arin.net/rest/asn/AS####

Where #### is the ASN number, you will need to parse out the response as it is HTML

You can also use netcat, but it takes a little more work.  You need to create a file called input.txt that has:

GET /rest/asn/AS##### HTTP/1.1
Host: whois.arin.net
Connection: Close

And it MUST have a blank line as the last line, then issue the command:

nc -C 199.71.0.47 80 < input.txt > output.txt

The file ouput.txt will have the results, but again you need to parse it as it has HTML.

I'm trying to get netcat to work directly with the whois service, but for some reason when I feed it a file, it only shows the part of the results, when I manually type in the request it shows the complete results.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

giltjrCommented:
O.K., not sure why, but ncat command gets results for ASN's.  So you can create a file with

a #####

Where ##### is the ASN you want to lookup, then issue the command:

ncat -v 199.71.0.47  43 < input2.txt > out2.txt

And out2.txt will have the results.  You will still need to parse it, but it should be easier to parse.
giltjrCommented:
Also reading whois.cymru.com the -w option is not you passing the ASN number, but them returning the ASN number.

At least the only page I find a '-w' option on is on their IP to ASN mapping documentation page.  You can pass them a one or more IP addresses you want to lookup and as part of the results the will include the ASN number for that IP address/subnet.  This is the page I'm look at http://www.team-cymru.org/IP-ASN-mapping.html#whois
projectsAuthor Commented:
Good ideas but there are problems.

-I cannot write a file, or, I could but only if it is very temporary and the script gets what it needs then deletes it.

-I don't have ncat on most devices/machines but do have curl

-I don't have any clue how to parse all that html to get just the owner/organization of the AS number.

I'm trying to find something nice and simple which can be used in a script where the asnumber will be returned into a variable in the script.
giltjrCommented:
The file would be temporary if you wanted it to be, or you could leave it out there and just reuse it over and over again.  You don't need to create a unique one for each lookup, unless you need to do multiple lookups in parallel.

ncat is netcat, I thought you said you had netcat.  Do you have sed and/or awk on these devices.  You can feed the output from curl into these to parse out the information.   You would want to parse out "orgRef Name"

You setup a script where you pass the asnumber then then have

curl http://whois.arin.net/rest/asn/AS$1 | sed ???????

I would have to spend a little time (a few days in my spare time) to figure out the sed pattern to get the organization name.  You can look the html your self, it follows "<orgRef name="
projectsAuthor Commented:
I have netcat but it isn't on all of the devices. I thought it was. Curl definitely is, so is awk and sed.
Is it standard to parse such a large file for just one line? I guess so long as the output was always in the same place but I don't think it would be in this case.

I ran a bunch of asn lookups and some have more information than others as a response.
I'd have no idea how to parse anything beyond a few lines of always the same results though.
giltjrCommented:
The result is not  a large file.  I did a look up on my company's ASN and it was 766 bytes and it was not multiple lines, it was a single line 766 bytes.

Create the file asnlookup.sh and put:

curl -s http://whois.arin.net/rest/asn/AS$1 | awk -F"(name=)|(handle=)" '{print $2 }'

in it.  Then issue ./asnlookup.sh ##### where ##### is the ASN you want to lookup.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
giltjrCommented:
Thanks.  Just as a F.Y.I, if you look up a ASN that is not assigned you will get back an empty file.
projectsAuthor Commented:
Is there any way of finding out who owns the ASN if that happens? Sometimes, details are found in some other search, like domain owner of the IP, etc.
giltjrCommented:
No, if it is unassigned, then nobody owns it.

I did fine one anomaly and there could be other examples.  Sprint has ASN  8106 - 8110.  However when I ran the script looking up 8110 I got back a response that said it was not currently assigned.  Weird.
giltjrCommented:
Found how to use ipinfo.io to lookup ASN's and it a bit simpler and worked for the Sprint ASN that arin did not.  So if you use the following command in instead, ipinfo.io seems to return better results and a little cleaner.

curl -s http://ipinfo.io/AS$1 |  grep OrgName
projectsAuthor Commented:
Thanks, I'll test that.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocols

From novice to tech pro — start learning today.