We help IT Professionals succeed at work.

ASN asnumber looup

projects
projects asked
on
I am trying to find a way of looking up the owner of an ASN number using a script. I have no need for bulk usage, I simply want to do a query or two now and then.

The trick is that I do not have whois on the device which is running my code but I do have netcat, traceroute, ping, mtr, your basic tools.

I know there are sites which provide this info but I have not found any way of doing it yet.

This site, whois.cymru.com seems to offer a way of connecting to it, sending a -w with an ASN to get the results back. However, I've not found the correct syntax and cannot confirm if I could use netcat only.

I am looking for a bash script which would accomplish this.

Thanks.
Comment
Watch Question

Top Expert 2014

Commented:
Do you have curl?

curl ipinfo.io/IPADRESS/org

Author

Commented:
I do, but I also already have the asnumber I would need to look up.
I was hoping to be able to look up based on that asnumber.

Using the IP would mean many multiple queries for no good reason since a company would have huge amounts of IPs. Using the asnumber I already have would save on queries.
Top Expert 2014

Commented:
O.K,

You can do:

curl http://whois.arin.net/rest/asn/AS####

Where #### is the ASN number, you will need to parse out the response as it is HTML

You can also use netcat, but it takes a little more work.  You need to create a file called input.txt that has:

GET /rest/asn/AS##### HTTP/1.1
Host: whois.arin.net
Connection: Close

And it MUST have a blank line as the last line, then issue the command:

nc -C 199.71.0.47 80 < input.txt > output.txt

The file ouput.txt will have the results, but again you need to parse it as it has HTML.

I'm trying to get netcat to work directly with the whois service, but for some reason when I feed it a file, it only shows the part of the results, when I manually type in the request it shows the complete results.
Top Expert 2014

Commented:
O.K., not sure why, but ncat command gets results for ASN's.  So you can create a file with

a #####

Where ##### is the ASN you want to lookup, then issue the command:

ncat -v 199.71.0.47  43 < input2.txt > out2.txt

And out2.txt will have the results.  You will still need to parse it, but it should be easier to parse.
Top Expert 2014

Commented:
Also reading whois.cymru.com the -w option is not you passing the ASN number, but them returning the ASN number.

At least the only page I find a '-w' option on is on their IP to ASN mapping documentation page.  You can pass them a one or more IP addresses you want to lookup and as part of the results the will include the ASN number for that IP address/subnet.  This is the page I'm look at http://www.team-cymru.org/IP-ASN-mapping.html#whois

Author

Commented:
Good ideas but there are problems.

-I cannot write a file, or, I could but only if it is very temporary and the script gets what it needs then deletes it.

-I don't have ncat on most devices/machines but do have curl

-I don't have any clue how to parse all that html to get just the owner/organization of the AS number.

I'm trying to find something nice and simple which can be used in a script where the asnumber will be returned into a variable in the script.
Top Expert 2014

Commented:
The file would be temporary if you wanted it to be, or you could leave it out there and just reuse it over and over again.  You don't need to create a unique one for each lookup, unless you need to do multiple lookups in parallel.

ncat is netcat, I thought you said you had netcat.  Do you have sed and/or awk on these devices.  You can feed the output from curl into these to parse out the information.   You would want to parse out "orgRef Name"

You setup a script where you pass the asnumber then then have

curl http://whois.arin.net/rest/asn/AS$1 | sed ???????

I would have to spend a little time (a few days in my spare time) to figure out the sed pattern to get the organization name.  You can look the html your self, it follows "<orgRef name="

Author

Commented:
I have netcat but it isn't on all of the devices. I thought it was. Curl definitely is, so is awk and sed.
Is it standard to parse such a large file for just one line? I guess so long as the output was always in the same place but I don't think it would be in this case.

I ran a bunch of asn lookups and some have more information than others as a response.
I'd have no idea how to parse anything beyond a few lines of always the same results though.
Top Expert 2014
Commented:
The result is not  a large file.  I did a look up on my company's ASN and it was 766 bytes and it was not multiple lines, it was a single line 766 bytes.

Create the file asnlookup.sh and put:

curl -s http://whois.arin.net/rest/asn/AS$1 | awk -F"(name=)|(handle=)" '{print $2 }'

in it.  Then issue ./asnlookup.sh ##### where ##### is the ASN you want to lookup.
Top Expert 2014

Commented:
Thanks.  Just as a F.Y.I, if you look up a ASN that is not assigned you will get back an empty file.

Author

Commented:
Is there any way of finding out who owns the ASN if that happens? Sometimes, details are found in some other search, like domain owner of the IP, etc.
Top Expert 2014

Commented:
No, if it is unassigned, then nobody owns it.

I did fine one anomaly and there could be other examples.  Sprint has ASN  8106 - 8110.  However when I ran the script looking up 8110 I got back a response that said it was not currently assigned.  Weird.
Top Expert 2014

Commented:
Found how to use ipinfo.io to lookup ASN's and it a bit simpler and worked for the Sprint ASN that arin did not.  So if you use the following command in instead, ipinfo.io seems to return better results and a little cleaner.

curl -s http://ipinfo.io/AS$1 |  grep OrgName

Author

Commented:
Thanks, I'll test that.