Dec 032009
 

I’m fond of WHOIS data for getting an idea who’s visiting a site, though most WHOIS servers return data that’s full of disclaimers and irrelevant data. Rather, I much prefer Team Cymru’s batch WHOIS lookup server, whois.cymru.com.

First, extract your IPs:
F=ips.out ; echo “begin”>>$F ; echo “verbose”>>$F ; awk ‘{print $1}’ tech-access_log |sort |uniq>>$F ; echo “end” >>$F

Now send them to Cymru for processing:
nc whois.cymru.com 43 < $F | sort > whois.out

Review whois.out at your leisure for detailed IP information. It’s well-formatted, allowing for easily scripting against:

91 | 128.113.197.128 | 128.113.0.0/16 | US | arin | 1986-02-27 | RPI-AS – Rensselaer Polytechnic Institute
91 | 128.113.247.58 | 128.113.0.0/16 | US | arin | 1986-02-27 | RPI-AS – Rensselaer Polytechnic Institute
9121 | 88.232.9.77 | 88.232.0.0/17 | TR | ripencc | 2005-10-27 | TTNET TTnet Autonomous System
9 | 128.2.161.88 | 128.2.0.0/16 | US | arin | 1984-04-17 | CMU-ROUTER – Carnegie Mellon University
9136 | 91.186.50.28 | 91.186.32.0/19 | DE | ripencc | 2006-11-07 | WOBCOM WOBCOM GmbH – www.wobcom.de
9143 | 212.203.31.1 | 212.203.0.0/19 | NL | ripencc | 2000-08-08 | ZIGGO Ziggo – tv, internet, telefoon

 Posted by at 2:56 am