近期帮助同事在处理从纯真网络上拿到的IP信息,确定这些IP所在的城市、区县,以及这些IP属于哪些ISP。后来需要用到whois上查询的信息。
开始的几次,通过whois命令简单的查询了一下。后来同事看到http://blog.chinaunix.net/space.php?uid=9950859&do=blog&cuid=1300091这篇博客介绍的用法,把教育网、电信、铁通、网通(之前是网通,现在算联通)的信息都拿下来了。从这些ISP中提取各自负责的IP段,处理了很多IP信息所对应的ISP,不过还是有些没有能够得到处理。就像写程序去自动处理。
网上搜索了一下,发现其实whois的协议是非常简单的文本协议。whois服务器的端口,是43,可以直接telnet连接到whois服务器(比如 whois.apnic.net)的43端口,然后输入help,就可以查看支持的协议。
Trying 202.12.29.222...
Connected to whois.apnic.net (202.12.29.222).
Escape character is '^]'.
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
help
% -l <ip-lookup> Returns first level less specific inetnum,
% inet6num or route objects, excluding exact matches.
% -L <ip-lookup> Returns all level less specific inetnum,
% inet6num or route objects, including exact matches.
% -m <ip-lookup> Returns first level more specific inetnum,
% inet6num or route objects, excluding exact matches.
% -M <ip-lookup> Returns all level more specific inetnum,
% inet6num or route objects, excluding exact matches.
% -x <ip-lookup> Requests that only an exact match on a prefix be
% performed. If no exact match is found no objects are
% returned.
% -c <ip-lookup> Requests first level less specific inetnum or inet6num
% objects with the "mnt-irt:" attribute.
% -b <ip-lookup> Requests first level less specific inetnum or inet6num
% objects with the "mnt-irt:" attribute. Only object keys
% and "abuse-mailbox:" attributes are visible.
% -d <ip-lookup> Enables use of the -m, -M, -l and -L flags for lookups on
% reverse delegation domains.
%
% -i <attribute-name> <inverse-key> Perform an inverse query.
%
% -F Produce output using short hand notation for attribute
% names.
% -K Requests that only the primary keys of an object to be
% returned. The exceptions are set objects, where the
% members attributes will also be returned. This flag does
% not apply to person and role objects.
% -k (optional normal query) Requests a persistent connection. After
% returning the result the connection will not be closed by
% the server and a client may issue multiple queries on the
% same connection.
% Note, that server implements 'stop-and-wait' protocol,
% when no next query can be sent before receiving a reply
% for the previous one. Use RIPE whois3 client to be able
% to send queries in batch mode.
% Except the first -k query, -k without an argument closes
% the persistent connection.
% -g (mirroring request) Request a NRTM stream from the server.
% See [REF], section 4. "Mirroring the RIPE Database" for
% more information".
% -G Disables the grouping of objects by relevance.
% -B Disables the filtering of "notify:", "changed:" and "e-mail:"
% attributes.
%
% -R Switches off use referral mechanism for domain lookups,
% so that the database returns an object in the RIPE
% database with the exact match with the lookup argument,
% rather than doing a referral lookup.
% -r Switches off recursion for contact information after
% retrieving the objects that match the lookup key.
% -T (comma separated list of object types, no white space is allowed)
% Restricts the types of objects to lookup in the query.
% -a Specifies that the server should perform lookups in all
% available sources. See also -q sources" query.
% -s (comma separated list of sources, no white space is allowed) Specifies
% which sources and in which order are to be looked up when
% performing a query.
%
% -q sources Returns the current set of sources along with the
% information required for mirroring. See [REF], section
% 2.9 "Other server features" for more information.
% -q version Displays the current version of the server.
% -t <object-type> Requests a template for the specified object type.
% -V<client-tag> Sends information about the client to the server.
% -v <object-type> Requests a verbose template for the specified object
% type.
%
% [REF] RIPE Database Reference Manual.
% http://www.ripe.net/ripe/docs/databaseref-manual.html
whois的每次请求结束后,服务器会自动断开连接。
有了上述的信息,我们就可以很简单去实现一个自己的whois查询功能了。比如,我这边针对单个ip的查询,就可以使用-l这个参数。
具体就是,先创建和服务端连接的socket,
然后通过socket发送"-l ip\r\n"给服务端
读取响应,直到socket被关闭。
具体代码就不贴了,非常简单,需要的同学,分分钟就写好了。
