Date created: 11/26/11 19:55:42. Last modified: 04/28/22 09:35:54
AS & IP Lookup
# There is a 1:N relationship between aut-num and as-set in IRR data.
# RIPE (for example) don't allow a search by AS number for the AS-SET:
# whois -h whois.ripe.net -T as-set -i members AS51551 # This Fails.
#
# One option is to get the maintainer of the ASN and search for AS-SETs with the same maintainer:
$ whois -h whois.ripe.net -T aut-num -r AS51551 | grep mnt-by | grep -v RIPE-NCC
mnt-by: MNT-UPDATA
$ whois -h whois.ripe.net -T as-set -r -i mnt-by MNT-UPDATA | grep as-set
as-set: AS-UPDATA
as-set: AS-exNMS
# If the network has a peeringDB entry, at the time of writing, PeeringDB only allows one AS-SET to be stored:
$ whois -h whois.peeringdb.com AS51551 | grep AS-SET
IRR AS-SET : RIPE::AS-UPDATA
# IRR Explorer shows all AS-SETs an AS belongs to:
https://irrexplorer.nlnog.net/api/sets/member-of/AS51551
# All downstream ASNs in the provider AS-SET
$ whois -h whois.ripe.net -T as-set AS-UPDATA | grep members
members: AS51551
members: AS47797
members: AS199870
members: AS201941
members: AS196744
members: AS44971
members: AS44442
members: AS49728
# Which AS announces a route
$ whois -h whois.ripe.net -T route 89.21.224.0/19 grep origin
origin: AS41695
# Print all the IPv4 and IPv6 routes that *could* be announce by an ASN:
whois -h whois.ripe.net -T route,route6 -i origin 41695
# Print all the IPv4 and IPv6 routes thare *are* being announced by an ASN:
curl https://stat.ripe.net/data/announced-prefixes/data.json?resource=AS41695
curl https://bgpstuff.net/sourced?as=41695\&format=json
# Print all the IPv4 routes announce by all the ASNs in the AS-SET
$ for ASN in `whois -h whois.ripe.net -T as-set AS-UPDATA | grep members`; do whois -h whois.ripe.net -T route -i origin $ASN | grep route: | awk '{print $2}'; done
# Print all the IPv6 routes announce by all the ASNs in the AS-SET
$ for ASN in `whois -h whois.ripe.net -T as-set AS-UPDATA | grep members`; do whois -h whois.ripe.net -T route6 -i origin $ASN | grep route6: | awk '{print $2}'; done
# Check the IP prefix filters that Level3 builds automatically based off of RIR database data, for a specific AS number of AS-SET
$ whois -h filtergen.level3.net RIPE::AS51551
$ whois -h filtergen.level3.net RIPE::AS-UPDATA
# Find the nameserver(s) for reverse DNS lookups of a downstream customer IP range: whois AS51551 | grep -A 4 HGFL remarks: HGFL import: from AS199870 accept ANY export: to AS199870 announce ANY remarks: -------------------------------- whois -h whois.ripe.net -T route -i origin AS199870 | grep route route: 46.16.0.0/21 whois -h whois.ripe.net -T domain 0.0.16.46.in-addr.arpa. | grep -v "%" domain: 0.16.46.in-addr.arpa nserver: ld4-sl1.hertsgfl.org.uk nserver: ld5-sl1.hertsgfl.org.uk nserver: ld4-sl2.hertsgfl.org.uk nserver: ld5-sl2.hertsgfl.org.uk
iplookup.sh
#!/bin/bash echo "Seaching for $1" # Find the RIR for this IP/Block and get the whois output RIR=`whois -h whois.iana.org $1 | grep whois: | awk {'print $2'}` if [ "$RIR" == "" ] then #Sometimes need to grep for "refer:" here instead RIR=`whois -h whois.iana.org $1 | grep refer: | awk {'print $2'}` if [ "$RIR" == "" ] then echo "Couldn't find RIR" exit 1 fi fi echo "RIR: $RIR" WHOIS_INFO=`whois -h $RIR $1` # Check if this is a legacy IP assignment STATUS=`whois -h whois.iana.org $1 | grep status: | awk '{print $2}'` if [ "$STATUS" == "LEGACY" ] then echo "LEGACY ASSIGNMENT!" fi # A little over the top I guess but the second line of each variable is to strip # out surrounding white space so the output is a little neater range=`echo "$WHOIS_INFO" | grep inetnum: | awk -F ":" '{print $2}'` range=`echo ${range#"${x%%[![:space:]]*}"}` org=`echo "$WHOIS_INFO" | grep organisation: | awk -F ":" '{print $2}'` org=`echo ${org#"${x%%[![:space:]]*}"}` desc=`echo "$WHOIS_INFO" | grep -m 1 descr: | awk -F ":" '{print $2}'` desc=`echo ${desc#"${x%%[![:space:]]*}"}` net=`echo "$WHOIS_INFO" | grep -m 1 netname: | awk -F ":" '{print $2}'` net=`echo ${net#"${x%%[![:space:]]*}"}` if [ "$range" == "" ] && [ "$org" == "" ] && [ "$desc" == "" ] && [ "$net" == "" ] then echo "NO INFO FOUND!" whois -h whois.iana.org $1 | grep -v ^# | grep -v ^$ | grep -v ^% exit 1 fi echo "IP Range: $range" echo "Organisation: $org" echo "Description: $desc" echo "Network Name: $net" # Get the origin AS from the RIR ORIGIN="`echo "$WHOIS_INFO" | grep -m 1 origin: | awk '{print $2}'`" # Make sure an origin is given in the whois output if [ "$ORIGIN" == "" ] then echo "No origin in whois record" exit 1 fi echo "Origin: $ORIGIN" # Also get the AS name from the RIR ASName=`whois -h $RIR $ORIGIN | grep -m 1 as-name: | awk '{print $2}'` echo "AS Name: $ASName" echo "Lookup AS exports? (y to accept)" read answer if [ "$answer" = "y" ] then ./aslookup.sh $ORIGIN fi
aslookup.sh
#!/bin/bash echo "Seaching for $1" #Sometimes need to grep for "refer:" here instead RIR=`whois -h whois.iana.org $1 | grep whois: | awk {'print $2'}` if [ "$RIR" == "" ] then RIR=`whois -h whois.iana.org $1 | grep refer: | awk {'print $2'}` if [ "$RIR" == "" ] then echo "Couldn't find RIR" exit 1 fi fi echo "RIR: $RIR" #Try and grab the name of the AS given Name=`whois -h $RIR $1 | grep as-name | awk {'print $2'}` if [ "$Name" = "" ] then #Different whois DBs and their users, use differnt tags Name=`whois -h $RIR $1 | grep "ASName:" | awk {'print $2'}` if [ "$Name" = "" ] then Name="Couldn't find name, did you put \"AS1234\" and not just \"1234\"?" fi fi echo -e "Name: $Name\n" echo "AS exports:" #Not everyone reliably publishes their export/import values ASExports=`whois -h $RIR $1 | grep export | awk {'print $3'}` if [ `echo "${#ASExports}"` -eq 0 ] then echo "[no exports published in whois info]" else for ASNum in $ASExports do AS_RIR=`whois -h whois.iana.org $ASNum | grep whois: | awk {'print $2'}` ASName=`whois -h $AS_RIR $ASNum | grep "as-name" | awk {'print $2'}` if [ "$ASName" = "" ] then ASName=`whois -h $AS_RIR $ASNum | grep "ASName:" $ASInfo | awk {'print $2'}` fi echo "$ASNum $ASName" done fi echo "AS imports:" ASImports=`whois -h $RIR $1 | grep import | awk {'print $3'}` if [ `echo "${#ASImports}"` -eq 0 ] then echo "[no imports published in whois info]" else for ASNum in $ASImports do AS_RIR=`whois -h whois.iana.org $ASNum | grep whois: | awk {'print $2'}` ASName=`whois -h $AS_RIR $ASNum | grep "as-name" | awk {'print $2'}` if [ "$ASName" = "" ] then ASName=`whois -h $AS_RIR $ASNum | grep "ASName:" $ASInfo | awk {'print $2'}` fi echo "$ASNum $ASName" done fi
Previous page: SNMP Examples
Next page: Backup pfSense 2.x via HTTPS into CVS (for rancid)