通过编程获取Whois的信息
近期帮助同事在处理从纯真网络上拿到的IP信息,确定这些IP所在的城市、区县,以及这些IP属于哪些ISP。后来需要用到whois上查询的信息。
?? ? ? 开始的几次,通过whois命令简单的查询了一下。后来同事看到http://blog.chinaunix.net/space.php?uid=9950859&do=blog&cuid=1300091这篇博客介绍的用法,把教育网、电信、铁通、网通(之前是网通,现在算联通)的信息都拿下来了。从这些ISP中提取各自负责的IP段,处理了很多IP信息所对应的ISP,不过还是有些没有能够得到处理。就像写程序去自动处理。
?? ? ? 网上搜索了一下,发现其实whois的协议是非常简单的文本协议。whois服务器的端口,是43,可以直接telnet连接到whois服务器(比如 whois.apnic.net)的43端口,然后输入help,就可以查看支持的协议。
?? ? ??Trying 202.12.29.222...
Connected to whois.apnic.net (202.12.29.222).
Escape character is '^]'.
% [whois.apnic.net node-2]
% Whois data copyright terms ? ?http://www.apnic.net/db/dbcopyright.html
help
% -l <ip-lookup> ? Returns first level less specific inetnum,
% ? ? ? ? ? ? ? ? ?inet6num or route objects, excluding exact matches.
% -L <ip-lookup> ? Returns all level less specific inetnum,
% ? ? ? ? ? ? ? ? ?inet6num or route objects, including exact matches.
% -m <ip-lookup> ? Returns first level more specific inetnum,
% ? ? ? ? ? ? ? ? ?inet6num or route objects, excluding exact matches.
% -M <ip-lookup> ? Returns all level more specific inetnum,
% ? ? ? ? ? ? ? ? ?inet6num or route objects, excluding exact matches.
% -x <ip-lookup> ? Requests that only an exact match on a prefix be
% ? ? ? ? ? ? ? ? ?performed. ?If no exact match is found no objects are
% ? ? ? ? ? ? ? ? ?returned.
% -c <ip-lookup> ? Requests first level less specific inetnum or inet6num
% ? ? ? ? ? ? ? ? ?objects with the "mnt-irt:" attribute.
% -b <ip-lookup> ? Requests first level less specific inetnum or inet6num
% ? ? ? ? ? ? ? ? ?objects with the "mnt-irt:" attribute. Only object keys
% ? ? ? ? ? ? ? ? ?and "abuse-mailbox:" attributes are visible.
% -d <ip-lookup> ? Enables use of the -m, -M, -l and -L flags for lookups on
% ? ? ? ? ? ? ? ? ?reverse delegation domains.
%
% -i <attribute-name> <inverse-key> Perform an inverse query.
%
% -F ? ? ? ? ? ? ? Produce output using short hand notation for attribute
% ? ? ? ? ? ? ? ? ?names.
% -K ? ? ? ? ? ? ? Requests that only the primary keys of an object to be
% ? ? ? ? ? ? ? ? ?returned. ?The exceptions are set objects, where the
% ? ? ? ? ? ? ? ? ?members attributes will also be returned. This flag does
% ? ? ? ? ? ? ? ? ?not apply to person and role objects.
% -k (optional normal query) Requests a persistent connection. After
% ? ? ? ? ? ? ? ? ?returning the result the connection will not be closed by
% ? ? ? ? ? ? ? ? ?the server and a client may issue multiple queries on the
% ? ? ? ? ? ? ? ? ?same connection.
% ? ? ? ? ? ? ? ? ?Note, that server implements 'stop-and-wait' protocol,
% ? ? ? ? ? ? ? ? ?when no next query can be sent before receiving a reply
% ? ? ? ? ? ? ? ? ?for the previous one. ?Use RIPE whois3 client to be able
% ? ? ? ? ? ? ? ? ?to send queries in batch mode.
% ? ? ? ? ? ? ? ? ?Except the first -k query, -k without an argument closes
% ? ? ? ? ? ? ? ? ?the persistent connection.?
% -g (mirroring request) Request a NRTM stream from the server.
% ? ? ? ? ? ? ? ? ?See [REF], section 4. "Mirroring the RIPE Database" for
% ? ? ? ? ? ? ? ? ?more information".
% -G ? ? ? ? ? ? ? Disables the grouping of objects by relevance.
% -B ? ? ? ? ? ? ? Disables the filtering of "notify:", "changed:" and "e-mail:"
% ? ? ? ? ? ? ? ? ?attributes.
%
% -R ? ? ? ? ? ? ? Switches off use referral mechanism for domain lookups,
% ? ? ? ? ? ? ? ? ?so that the database returns an object in the RIPE
% ? ? ? ? ? ? ? ? ?database with the exact match with the lookup argument,
% ? ? ? ? ? ? ? ? ?rather than doing a referral lookup.
% -r ? ? ? ? ? ? ? Switches off recursion for contact information after
% ? ? ? ? ? ? ? ? ?retrieving the objects that match the lookup key.
% -T (comma separated list of object types, no white space is allowed)
% ? ? ? ? ? ? ? ? ?Restricts the types of objects to lookup in the query.
% -a ? ? ? ? ? ? ? Specifies that the server should perform lookups in all
% ? ? ? ? ? ? ? ? ?available sources. ?See also -q sources" query.
% -s (comma separated list of sources, no white space is allowed) Specifies
% ? ? ? ? ? ? ? ? ?which sources and in which order are to be looked up when
% ? ? ? ? ? ? ? ? ?performing a query.
%
% -q sources ? ? ? Returns the current set of sources along with the
% ? ? ? ? ? ? ? ? ?information required for mirroring. See [REF], section
% ? ? ? ? ? ? ? ? ?2.9 "Other server features" for more information.
% -q version ? ? ? Displays the current version of the server.
% -t <object-type> Requests a template for the specified object type.
% -V<client-tag> ? Sends information about the client to the server.
% -v <object-type> Requests a verbose template for the specified object
% ? ? ? ? ? ? ? ? ?type.
%
% [REF] RIPE Database Reference Manual.
% ? ? ? http://www.ripe.net/ripe/docs/databaseref-manual.html
?? whois的每次请求结束后,服务器会自动断开连接。
?? 有了上述的信息,我们就可以很简单去实现一个自己的whois查询功能了。比如,我这边针对单个ip的查询,就可以使用-l这个参数。
?? ?具体就是,先创建和服务端连接的socket,
?? ?然后通过socket发送"-l ip\r\n"给服务端
?? ?读取响应,直到socket被关闭。
?? ?具体代码就不贴了,非常简单,需要的同学,分分钟就写好了。