2011年2月4日星期五

通过编程获取Whois的信息

       近期帮助同事在处理从纯真网络上拿到的IP信息,确定这些IP所在的城市、区县,以及这些IP属于哪些ISP。后来需要用到whois上查询的信息。
       开始的几次,通过whois命令简单的查询了一下。后来同事看到http://blog.chinaunix.net/space.php?uid=9950859&do=blog&cuid=1300091这篇博客介绍的用法,把教育网、电信、铁通、网通(之前是网通,现在算联通)的信息都拿下来了。从这些ISP中提取各自负责的IP段,处理了很多IP信息所对应的ISP,不过还是有些没有能够得到处理。就像写程序去自动处理。
       网上搜索了一下,发现其实whois的协议是非常简单的文本协议。whois服务器的端口,是43,可以直接telnet连接到whois服务器(比如 whois.apnic.net)的43端口,然后输入help,就可以查看支持的协议。
       Trying 202.12.29.222...
Connected to whois.apnic.net (202.12.29.222).
Escape character is '^]'.
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

help
% -l <ip-lookup>   Returns first level less specific inetnum,
%                  inet6num or route objects, excluding exact matches.
% -L <ip-lookup>   Returns all level less specific inetnum,
%                  inet6num or route objects, including exact matches.
% -m <ip-lookup>   Returns first level more specific inetnum,
%                  inet6num or route objects, excluding exact matches.
% -M <ip-lookup>   Returns all level more specific inetnum,
%                  inet6num or route objects, excluding exact matches.
% -x <ip-lookup>   Requests that only an exact match on a prefix be
%                  performed.  If no exact match is found no objects are
%                  returned.
% -c <ip-lookup>   Requests first level less specific inetnum or inet6num
%                  objects with the "mnt-irt:" attribute.
% -b <ip-lookup>   Requests first level less specific inetnum or inet6num
%                  objects with the "mnt-irt:" attribute. Only object keys
%                  and "abuse-mailbox:" attributes are visible.
% -d <ip-lookup>   Enables use of the -m, -M, -l and -L flags for lookups on
%                  reverse delegation domains.
%
% -i <attribute-name> <inverse-key> Perform an inverse query.
%
% -F               Produce output using short hand notation for attribute
%                  names.
% -K               Requests that only the primary keys of an object to be
%                  returned.  The exceptions are set objects, where the
%                  members attributes will also be returned. This flag does
%                  not apply to person and role objects.
% -k (optional normal query) Requests a persistent connection. After
%                  returning the result the connection will not be closed by
%                  the server and a client may issue multiple queries on the
%                  same connection.
%                  Note, that server implements 'stop-and-wait' protocol,
%                  when no next query can be sent before receiving a reply
%                  for the previous one.  Use RIPE whois3 client to be able
%                  to send queries in batch mode.
%                  Except the first -k query, -k without an argument closes
%                  the persistent connection.
% -g (mirroring request) Request a NRTM stream from the server.
%                  See [REF], section 4. "Mirroring the RIPE Database" for
%                  more information".
% -G               Disables the grouping of objects by relevance.
% -B               Disables the filtering of "notify:", "changed:" and "e-mail:"
%                  attributes.
%
% -R               Switches off use referral mechanism for domain lookups,
%                  so that the database returns an object in the RIPE
%                  database with the exact match with the lookup argument,
%                  rather than doing a referral lookup.
% -r               Switches off recursion for contact information after
%                  retrieving the objects that match the lookup key.
% -T (comma separated list of object types, no white space is allowed)
%                  Restricts the types of objects to lookup in the query.
% -a               Specifies that the server should perform lookups in all
%                  available sources.  See also -q sources" query.
% -s (comma separated list of sources, no white space is allowed) Specifies
%                  which sources and in which order are to be looked up when
%                  performing a query.
%
% -q sources       Returns the current set of sources along with the
%                  information required for mirroring. See [REF], section
%                  2.9 "Other server features" for more information.
% -q version       Displays the current version of the server.
% -t <object-type> Requests a template for the specified object type.
% -V<client-tag>   Sends information about the client to the server.
% -v <object-type> Requests a verbose template for the specified object
%                  type.
%
% [REF] RIPE Database Reference Manual.
%       http://www.ripe.net/ripe/docs/databaseref-manual.html
   whois的每次请求结束后,服务器会自动断开连接。
   有了上述的信息,我们就可以很简单去实现一个自己的whois查询功能了。比如,我这边针对单个ip的查询,就可以使用-l这个参数。
    具体就是,先创建和服务端连接的socket,
    然后通过socket发送"-l ip\r\n"给服务端
    读取响应,直到socket被关闭。
    具体代码就不贴了,非常简单,需要的同学,分分钟就写好了。

没有评论:

发表评论