LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] NSlookup..

[ILUG] NSlookup..

Mike Knell mike.knell at cs.tcd.ie
Wed Jun 2 18:30:40 IST 1999 

A slightly more padded out version of the previous answers:

> www.traceroute.org is your friend so ;)

Almost, but this kind of stuff can be done without recourse to the
web, thanks to the marvels of whois (which is TCP-based, so
is still available to those with router blocks on ICMP)

If you want to find out where someone really is:

a) Do a traceroute - this will give you an idea of where it is, at least
vaguely. If you're feeling keen, get hold of a copy of prtraceroute, as
this usefully tells you which ASes are traversed. Takes a while to run
as a result, but it can be useful. 

b) If this is close enough, you're happy. If not, you need to try the IP
against the whois databases of the relevant regional IP registry:

Europe: whois -h whois.ripe.net 12.34.56.78
Asia/Pacific: whois -h whois.apnic.net 12.34.56.78
Americas: whois -h whois.arin.net 12.34.56.78

(Yup, you can just feed them the whole IP, and they'll do the right
thing - can't check the APNIC server as it's down at the moment, but
I guess it does the same.)

The change-to-0-and-look-at-the-NS-records technique doesn't work 
unless the network is on an /8 /16 or /24 boundary, something that's 
increasingly unlikely on the classless Internet.

This will tell you the gruesome details regarding that particular
netblock. I've occasionally had to do this to track down contacts
for machines with, eg, no postmaster box (grr) which were spewing
mail to my Usenet moderation inboxes. 

It goes without saying that reverse lookups can be very easily spoofed, so
don't believe them without checking... and don't forget that the hostname
portion of traceroute output comes from DNS reverse lookups, so that can
be spoofed too.

Finding contacts for _domains_ is a lot more fiddly unless it's part of
a domain with an easily locatable database. it's worth checking 
whois.nic.TLD as that's often a standard, but by no means always.
In addition, data protection legislation in many countries means that
they don't give out much information other than not generally useful things 
like the domain name and the registered name servers.

I'm sure this stuff could be scripted pretty easily. However it works,
network tracing like this is sometimes more of an art than a science..

Mike

-- 
Computer Science System Administrator, Trinity College, Dublin, Ireland
       mike.knell at cs.tcd.ie -=- http://www.cs.tcd.ie/Mike.Knell/

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell