Skip to content

Instantly share code, notes, and snippets.

@wen-long
Last active January 14, 2024 21:18
Show Gist options
  • Save wen-long/2ba4a531b91db05d8fcc9305d3afba74 to your computer and use it in GitHub Desktop.
Save wen-long/2ba4a531b91db05d8fcc9305d3afba74 to your computer and use it in GitHub Desktop.

为什么关心 AS

因特网上的一个 IP 必定属于某个 AS,也就是一个自治系统。一般一个 AS 里的 IP 具有共性,比如网络质量较高或者较差,欺诈风险较高或者较低。 在使用 mtr 或者 traceroute 查看路由时,通过确认中间路由节点 IP 的 AS,可以确认路由质量。 举例说明,对于常见的 CN2 线路,通过 mtr 看到有经过 59.43.138.70,使用 whois 命令查看 IP 信息如下

~$ whois 59.43.138.70
route:          59.43.0.0/16
descr:          Chinatelecom Next Carrying Network backbone
origin:         AS4809
mnt-by:         MAINT-CHINANET
last-modified:  2012-12-12T11:02:02Z
source:         APNIC

由此信息可得知,此 IP 属于 AS4809,而根据电信官网宣传,AS4809 就是所谓 cn2 线路;descr 字段亦提供了该 AS 的英文描述

AS 的官方信息

IP 由 IANA 与 IP 地址一起以块为单位分配给本地 RIR,这些信息是公开的。

地址分配信息可以在本地 RIR 网站下载

APNIC: https://ftp.apnic.net/stats/apnic/
RIPE NCC: https://ftp.ripe.net/ripe/stats/
AFRINIC: https://ftp.afrinic.net/pub/stats/afrinic/
ARIN: https://ftp.arin.net/pub/stats/arin/
LACNIC: https://ftp.lacnic.net/pub/stats/lacnic/

AS数据库也可以在本地 RIR 网站下载

https://ftp.ripe.net/ripe/dbase/
https://ftp.apnic.net/apnic/whois/
https://ftp.afrinic.net/pub/dbase/
https://ftp.arin.net/pub/rr/
https://ftp.lacnic.net/lacnic/irr/

下载并查看 AS 数据库,可以看到是按照 IP 顺序枚举所有的 IP 段并列出附属信息

route:          2.16.36.0/24
descr:          Akamai Technologies INC Multihoming Block
admin-c:        MU1-LEVEL3
tech-c:         MU1-LEVEL3
origin:         AS12222
mnt-by:         MASERGY-MNT
changed:        [email protected] 20121024
source:         LEVEL3

route:          2.16.37.0/24
descr:          Akamai Technologies INC Multihoming /24
admin-c:        MU1-LEVEL3
tech-c:         MU1-LEVEL3
origin:         AS12222
mnt-by:         MASERGY-MNT
changed:        [email protected] 20121024
source:         LEVEL3

route:          2.22.60.0/24
descr:          Akamai Technologies INC Multihoming Block
admin-c:        MU1-LEVEL3
tech-c:         MU1-LEVEL3
origin:         AS12222
mnt-by:         MASERGY-MNT
changed:        [email protected] 20121024
source:         LEVEL3
...

根据以上信息,个人可以自行搭建 IP 到 AS 的映射数据库

RIR 网站 web 端同样提供了 whois 查询
https://wq.apnic.net/static/search.html

IP 分配信息也有类似 DNS 的层次结构,从 registry to registrar servers,唯一的 registry 是 IANA,类似 DNS 的 root server

例如从 whois.iana.org 查询 1.1.1.1 结果如下

% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.apnic.net

inetnum:      1.0.0.0 - 1.255.255.255
organisation: APNIC
status:       ALLOCATED

whois:        whois.apnic.net

changed:      2010-01
source:       IANA

refer 字段指明该地址被分配给 apnic,应当继续向 apnic 查询。

irr.net 列出的几个路由注册处,均提供了多种方式查询获取 AS 信息这其中的 whois 服务器也可以考虑拿来使用
注意1:ftp 站可能也提供了 http 下载
注意2:Mirror 多的数据应该比较全
注意3:提供 whois 查询的服务器的数据来源,可能包含除了从 RIR 登记的信息外,还包含从 BGP 网络学习到的数据。

linux whois 命令与协议

下面介绍 whois 查询方式

首先介绍 whois 命令(协议),是 TCP 一来一回的协议,客户端发送查询关键词,服务端返回搜索结果

https://www.rfc-editor.org/rfc/rfc3912.html 请注意,被过时的 rfc954 也有参考价值

除了标准协议外(虽然没有所谓标准),有的网站可能在 43 端口提供非标准格式的协议,加入 begin 和 end 关键词实现多行批量查询,下图便是向 mtr 命令硬编码指定的服务器发起查询

~$ nc whois.cymru.com 43
begin
Bulk mode; whois.cymru.com [2022-12-14 08:46:59 +0000]
1.1.1.1
13335   | 1.1.1.1          | CLOUDFLARENET, US
8.8.8.8
15169   | 8.8.8.8          | GOOGLE, US

whois -h 可以指定远端服务器

whois -h whois.cymru.com 59.43.138.70

whois -h rr.Level3.net 59.43.138.70
whois -h rr.ntt.net  59.43.138.70
whois -h whois.in.bell.ca 59.43.138.70
whois -h whois.radb.net 59.43.138.70

whois 也可以查询域名等信息,可以自行尝试

实用工具 traceroute 与 mtr

mtr 使用 -z 参数;traceroute 使用 -A 参数,可以直接输出 AS 信息

MTR 命令使用 Team Cymru 提供的 DNS TXT 服务,返回 IP 信息,程序有缓存 https://asn.cymru.com/cgi-bin/whois.cgi https://www.team-cymru.com/ip-asn-mapping (也列举常见的付费服务,比如 ipinfo.io)

~$ dig +short 1.1.1.1.origin.asn.cymru.com TXT
"13335 | 1.1.1.0/24 | AU | apnic | 2011-08-11"

mtr 的缺点是内置 cymru.com 的 DNS TXT 服务 ,无法使用参数修改,宕机后 mtr 命令无法显示 AS 信息
traviscross/mtr#221
也有人针对 mtr 的缺点做了改进,实现了从多种不同渠道获取 ip 信息

traceroute 也有 -A 参数显示 AS 信息 traceroute 代码中使用的是 whois.radb.net 在43端口提供的 whois (nicname)服务

traceroute 可以通过环境变量指定获取 AS 信息的服务器与端口,RA_SERVER RA_SERVICE

~$ traceroute 8.8.8.8  -A
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  10.8.117.1 (10.8.117.1) [*]  0.175 ms  0.113 ms  0.078 ms
 2  * * *
 3  * * *
 4  10.0.8.2 (10.0.8.2) [*]  1.463 ms  1.429 ms  1.392 ms
 5  11.0.0.6 (11.0.0.6) [*]  0.395 ms  0.392 ms  0.357 ms
 6  google2-lacp-100g.hkix.net (123.255.91.10) [AS135423]  1.915 ms  2.245 ms  2.184 ms
 7  108.170.241.33 (108.170.241.33) [AS15169]  3.464 ms  3.720 ms  3.579 ms
 8  74.125.253.93 (74.125.253.93) [AS15169]  2.534 ms 108.170.225.13 (108.170.225.13) [AS15169]  1.948 ms 142.251.245.19 (142.251.245.19) [AS15169]  2.880 ms
 9  dns.google (8.8.8.8) [AS15169]  2.157 ms  2.789 ms  2.016 ms
 
~$ export RA_SERVER=riswhois.ripe.net
~$ traceroute 8.8.8.8  -A
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  10.8.117.1 (10.8.117.1) [*]  0.253 ms  0.147 ms  0.107 ms
 2  * * *
 3  * * *
 4  10.0.8.2 (10.0.8.2) [*]  1.868 ms  1.831 ms  1.794 ms
 5  11.0.0.6 (11.0.0.6) [AS749/AS13424]  0.670 ms  0.582 ms  0.863 ms
 6  google2-lacp-100g.hkix.net (123.255.91.10) [AS3491]  3.479 ms  2.198 ms  2.142 ms
 7  108.170.241.97 (108.170.241.97) [AS15169]  2.872 ms 108.170.241.1 (108.170.241.1) [AS15169]  2.627 ms 108.170.241.33 (108.170.241.33) [AS15169]  3.406 ms
 8  142.251.227.13 (142.251.227.13) [AS15169]  2.707 ms 209.85.143.37 (209.85.143.37) [AS15169]  2.638 ms 142.251.244.225 (142.251.244.225) [AS15169]  2.600 ms
 9  dns.google (8.8.8.8) [AS15169]  2.543 ms  2.455 ms  2.385 ms

以上我们发现 123.255.91.10 的 AS 信息不一致,这算正常,最规范的数据是先从 IANA 查询到如下结果

% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.apnic.net

inetnum:      123.0.0.0 - 123.255.255.255
organisation: APNIC
status:       ALLOCATED

whois:        whois.apnic.net

changed:      2006-01
source:       IANA

refer 指明 apnic 才是负责 123.0.0.0 - 123.255.255.255 的管理处,因此其他渠道的数据不能算可靠。 我们继续从 apnic 查询,但没有查到 AS。这可能是因为

123.255.91.10 was never globally visible as exact match in BGP by any of the RIS peers since beginning of 2004.

实用工具组合

我们知道有 https://github.com/zu1k/nali 这样的工具,可以给命令行输出的 IP 做 enrichment,添加丰富的信息然后输出 同样的思路可以用于路由信息,对 traceroute 的输出,可以使用自定义工具给 IP 添加 AS 以外的信息

其实 mtr 就提供了参数 -y 用来选择显示哪些 IP 信息

~$ dig +short 1.1.1.1.origin.asn.cymru.com TXT
"13335 | 1.1.1.0/24 | AU | apnic | 2011-08-11"

~$ sudo mtr 31.25.89.19  -z -y 2 -i 0.2  -b
                                                My traceroute  [v0.95]
hk-yecaoyun (10.8.117.2) -> 31.25.89.19 (31.25.89.19)                                         2022-12-14T17:44:18+0800
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                              Packets               Pings
 Host                                                                       Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. ??? 10.8.117.1 (10.8.117.1)                                             65.2%    24    0.7   0.3   0.2   0.7   0.2
 2. (waiting for reply)
 3. (waiting for reply)
 4. ??? 10.0.8.2 (10.0.8.2)                                                  4.2%    24    1.6   1.3   1.0   1.8   0.2
 5. ??? 10.0.8.1 (10.0.8.1)                                                  0.0%    23    0.8   0.8   0.5   2.3   0.5
 6. (waiting for reply)
 7. JP  ce-0-1-0-2.r02.tkokhk01.hk.bb.gin.ntt.net (203.131.241.109)          4.3%    23    4.0   4.0   3.6   4.7   0.3
 8. US  ae-6.r27.tkokhk01.hk.bb.gin.ntt.net (129.250.6.95)                  40.9%    23    4.2   4.7   3.4  11.6   2.2
 9. US  ae-7.r22.sngpsi07.sg.bb.gin.ntt.net (129.250.7.66)                  73.9%    23   41.2  43.2  41.1  47.5   2.4
10. US  ae-7.r20.mlanit02.it.bb.gin.ntt.net (129.250.7.9)                    0.0%    23  200.4 201.1 199.2 207.2   2.0
11. US  ae-0.r21.mlanit02.it.bb.gin.ntt.net (129.250.3.157)                  0.0%    23  184.3 185.7 183.9 193.0   2.2
12. US  ae-6.r21.frnkge13.de.bb.gin.ntt.net (129.250.3.183)                  0.0%    23  198.7 206.7 198.1 266.6  15.8
13. US  ae-1.a02.frnkge07.de.bb.gin.ntt.net (129.250.5.42)                   0.0%    23  195.4 198.8 195.1 212.4   4.7
14. GB  voxility.a02.frnkge07.de.bb.gin.ntt.net (213.198.72.154)             0.0%    23  193.8 194.1 193.6 197.3   0.8
15. RO  fra-eq5-01c.voxility.net (109.163.237.26)                            0.0%    23  197.4 198.2 194.1 239.4   9.8
16. GB  5.254.7.74 (5.254.7.74)                                              0.0%    23  197.8 199.4 194.8 208.7   3.9
17. AU  31.25.89.19 (31.25.89.19)                                            0.0%    23  193.8 194.7 193.8 202.3   2.1

traceroute 和 mtr 都可以 pipe 到 nali 来显示 IP 的地区信息

~$ traceroute 31.25.89.19 | nali
traceroute to 31.25.89.19 [德国]  (31.25.89.19 [德国] ), 30 hops max, 60 byte packets
 1  10.8.117.1 (10.8.117.1)  0.221 ms  0.161 ms  0.129 ms
 2  * * *
 3  * * *
 4  10.0.8.2 (10.0.8.2)  2.382 ms  2.358 ms  2.331 ms
 5  10.0.8.1 (10.0.8.1)  0.588 ms  0.554 ms  0.466 ms
 6  * * *
 7  ce-0-1-0-2.r02.tkokhk01.hk.bb.gin.ntt.net (203.131.241.109 [日本] )  5.040 ms  4.948 ms  4.887 ms
 8  ae-6.r27.tkokhk01.hk.bb.gin.ntt.net (129.250.6.95 [英国] )  4.613 ms  4.571 ms  3.800 ms
 9  * * *
10  ae-7.r20.mlanit02.it.bb.gin.ntt.net (129.250.7.9 [美国] )  197.218 ms  194.446 ms  197.094 ms
11  ae-0.r21.mlanit02.it.bb.gin.ntt.net (129.250.3.157 [香港] )  178.236 ms  191.854 ms  181.411 ms
12  ae-6.r21.frnkge13.de.bb.gin.ntt.net (129.250.3.183 [香港] )  210.299 ms  194.078 ms  207.464 ms
13  ae-1.a02.frnkge07.de.bb.gin.ntt.net (129.250.5.42 [美国] )  192.296 ms  207.812 ms  205.101 ms
14  fra-eq5-02gw.voxility.net (213.198.83.218 [德国] )  202.608 ms voxility.a02.frnkge07.de.bb.gin.ntt.net (213.198.72.154 [德国] )  190.403 ms fra-eq5-02gw.voxility.net (213.198.83.218 [德国] )  190.277 ms
15  fra-eq5-01c.voxility.net (109.163.237.26 [德国] )  190.518 ms fra-eq5-01c.voxility.net (109.163.237.18 [德国] )  187.837 ms fra-eq5-01c.voxility.net (109.163.237.26 [德国] )  194.251 ms
16  5.254.7.74 [德国]  (5.254.7.74 [德国] )  197.407 ms  211.366 ms  194.714 ms
17  31.25.89.19 [德国]  (31.25.89.19 [德国] )  190.225 ms  202.453 ms  190.733 ms


sudo mtr -i 0.2 -b 31.25.89.19 -b | nali
                                                        My traceroute  [v0.95]
hk-yecaoyun (10.8.117.2) -> 31.25.89.19 [德国]  (31.25.89.19 [德国] )                                         2022-12-14T17:49:04+0800
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                                              Packets               Pings
 Host                                                                                       Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 10.8.117.1 (10.8.117.1)                                                                 72.2%    72    0.3   0.3   0.2   0.5   0.1
 2. (waiting for reply)
 3. (waiting for reply)
 4. 10.0.8.2 (10.0.8.2)                                                                      0.0%    71    1.1   1.3   0.9   2.8   0.3
 5. 10.0.8.1 (10.0.8.1)                                                                      0.0%    71    1.8   0.7   0.5   1.8   0.2
 6. (waiting for reply)
 7. ce-0-1-0-2.r02.tkokhk01.hk.bb.gin.ntt.net (203.131.241.109 [日本] )                      0.0%    71    3.9   4.2   3.6   9.7   1.1
 8. ae-6.r27.tkokhk01.hk.bb.gin.ntt.net (129.250.6.95 [英国] )                              47.1%    71    3.2   5.4   3.2  26.7   4.1
 9. ae-7.r22.sngpsi07.sg.bb.gin.ntt.net (129.250.7.66 [美国] )                              69.0%    71   41.3  42.9  41.0  53.1   3.2
10. ae-7.r20.mlanit02.it.bb.gin.ntt.net (129.250.7.9 [美国] )                                0.0%    71  200.5 201.9 199.2 210.6   2.6
11. ae-0.r21.mlanit02.it.bb.gin.ntt.net (129.250.3.157 [香港] )                              0.0%    71  184.4 185.6 183.8 192.5   2.1
12. ae-6.r21.frnkge13.de.bb.gin.ntt.net (129.250.3.183 [香港] )                              0.0%    71  199.4 205.5 197.8 275.0  15.0
13. ae-1.a02.frnkge07.de.bb.gin.ntt.net (129.250.5.42 [美国] )                               0.0%    71  195.4 197.8 195.0 212.2   3.3
14. voxility.a02.frnkge07.de.bb.gin.ntt.net (213.198.72.154 [德国] )                         0.0%    71  194.2 194.1 193.6 204.4   1.3
15. fra-eq5-01c.voxility.net (109.163.237.26 [德国] )                                        0.0%    71  194.5 196.2 194.1 231.4   5.8
16. 5.254.7.74 [德国]  (5.254.7.74 [德国] )                                                  0.0%    71  197.5 200.9 194.2 256.7  10.2
17. 31.25.89.19 [德国]  (31.25.89.19 [德国] )                                                0.0%    71  193.8 194.2 193.7 199.5   0.8

pipe ,查询然后输出这种方式,nali 使用本地数据库,速度很不错。但如果每次都做线上查询,开销会很大(mtr 内部有缓存)

集成工具

商业公司 www.ipip.net 开发的 besttrace4linux,内置了向 ipip api 获取信息的 api sdk,属于商用信息

besttrace4linux 有被 lemonbench 这样的全家桶脚本集成,所以 VPS 测评中经常见到他的输出,如下

Traceroute to China, Shanghai CT (TCP Mode, Max 30 Hop)
============================================================
traceroute to 180.153.28.1 (180.153.28.1), 30 hops max, 32 byte packets
 1  66.118.234.1  1.60 ms  AS399244  Singapore, limewave.net
 2  169.150.207.197  1.47 ms  AS60068  Singapore, charleston.k12.sc.us
 3  185.156.45.98  1.83 ms  *  CDN77.COM 骨干网, datacamp.co.uk
 4  *
 5  154.54.27.54  184.94 ms  AS174  United States, California, Los Angeles, cogentco.com
 6  154.54.42.101  184.31 ms  AS174  United States, California, Los Angeles, cogentco.com
 7  154.54.40.146  188.88 ms  AS174  United States, California, San Jose, cogentco.com
 8  154.54.5.102  187.37 ms  AS174  United States, California, San Jose, cogentco.com
 9  38.104.138.106  188.21 ms  AS174  United States, California, San Jose, cogentco.com
10  *
11  *
12  202.97.61.5  313.45 ms  AS4134  China, Shanghai, ChinaTelecom
13  101.95.120.121  346.84 ms  AS4812  China, Shanghai, ChinaTelecom
14  *
15  124.74.232.62  314.45 ms  AS4811  China, Shanghai, ChinaTelecom
16  *
17  *
18  *
19  180.153.28.1  312.34 ms  AS4812  China, Shanghai, ChinaTelecom

也有开源工具 https://github.com/zhanghanyun/backtrace ,仅内置了数个 ASN 信息,用于快速确认 VPS 回国路由

"AS4134": "电信163 [普通线路]"
"AS4809": "电信CN2 [优质线路]"
"AS4837": "联通4837[普通线路]"
"AS9929": "联通9929[优质线路]"
"AS9808": "移动CMI [普通线路]"
"AS58453": "移动CMI [普通线路]"

surge 也提供了基于 AS 的代理规则 IP-ASN,这是因为 Surge 附带了来自 maxmind 的 ip 数据库

❯ ls -lh /Applications/Surge.app/Contents/Resources/GeoLite2-ASN.mmdb
  7.5M   /Applications/Surge.app/Contents/Resources/GeoLite2-ASN.mmdb

GeoLite2-ASN.mmdb 可以从 https://github.com/P3TERX/GeoLite.mmdb/releases 下载,下面是几个实测结果

自己的工具

mtr tracerroute 自带的 AS 信息过于朴素,只有 AS number,就算 pipe 到 nali,也有所缺乏
IP ASN 信息类似 IP 地理位置信息,许多服务商提供免费或者付费的 API,也提供数据下载
我们可以从 nali 进行改造,让 nali 附加上 AS 信息,以下是将 AS number 与 organization 同时输出的结果。

                                                                                               My traceroute  [v0.95]
国内 -> 185.148.13.14 [美国 AS211686 Baisi Network Ltd]  (185.148.13.14 [美国 AS211686 Baisi Network Ltd] )                                                                 2022-12-14T20:52:59+0800
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                                                                                                                           Packets               Pings
 Host                                                                                                                                                                    Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. xxx
 2. xxx
 3. 119.167.88.29 [中国 青岛市 AS4837 CHINA UNICOM China169 Backbone]                                                                                                    88.6%    35   13.8  11.4   4.0  21.7   8.0
 4. 119.167.86.245 [中国 青岛市 AS4837 CHINA UNICOM China169 Backbone]                                                                                                   88.2%    35    3.5   3.5   3.4   3.6   0.1
 5. 219.158.7.173 [中国 AS4837 CHINA UNICOM China169 Backbone]                                                                                                           48.6%    35   13.1  13.5  12.7  23.0   2.4
 6. 219.158.9.98 [中国 AS4837 CHINA UNICOM China169 Backbone]                                                                                                            40.0%    35   15.6  17.2  13.7  20.7   2.4
 7. 219.158.32.6 [中国 AS4837 CHINA UNICOM China169 Backbone]                                                                                                             0.0%    35   12.6  13.6  12.6  19.4   1.0
 8. 218.105.2.209 [中国 AS9929 CHINA UNICOM Industrial Internet Backbone]                                                                                                37.1%    35   14.1  14.0  13.5  14.5   0.2
 9. 218.105.2.202 [中国 AS9929 CHINA UNICOM Industrial Internet Backbone]                                                                                                 0.0%    35   15.6  17.0  15.2  18.9   1.1
10. 162.219.85.10 [香港 尖沙咀 AS10099 China Unicom Global]                                                                                                               0.0%    34  149.8 149.9 149.0 150.7   0.3
11. 162.219.85.246 [香港 尖沙咀 AS10099 China Unicom Global]                                                                                                              0.0%    34  157.7 157.6 145.6 271.1  27.7
12. 185.148.13.14 [美国 AS211686 Baisi Network Ltd]                                                                                                                       0.0%    34  158.3 158.0 157.6 158.6   0.2


                                                       My traceroute  [v0.95]
德国  -> 202.106.50.1 [中国 AS4808 China Uni2022-12-14T21:00:12+0800wKeys:  Help   Display mode   Restart statistics   Order of fields   quit)
                                                                                           Packets               Pings
 Host                                                                                    Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 31.25.xx [德国 法兰克福 AS41378 Kirino LLC]                                         0.0%    39    1.3   6.7   0.8  60.2   9.7
 2. 219.158.33.25 [中国 AS4837 CHINA UNICOM China169 Backbone]                            0.0%    39  160.5 160.8 160.4 165.0   0.8
 3. 219.158.3.245 [中国 AS4837 CHINA UNICOM China169 Backbone]                            0.0%    39  168.1 169.0 164.9 172.1   2.1
 4. 219.158.4.101 [中国 AS4837 CHINA UNICOM China169 Backbone]                            0.0%    39  172.4 169.5 166.0 173.7   2.5
 5. 219.158.3.153 [中国 AS4837 CHINA UNICOM China169 Backbone]                           76.3%    39  165.6 165.5 165.1 167.3   0.7
 6. 219.158.15.37 [中国 AS4837 CHINA UNICOM China169 Backbone]                           10.5%    39  197.3 198.3 197.2 202.1   1.5
 7. 125.33.186.54 [中国 北京 AS4808 China Unicom Beijing Province Network]               44.7%    39  200.3 201.5 200.3 206.8   2.1
 8. 202.106.50.1 [中国 AS4808 China Unicom Beijing Province Network]                      0.0%    39  199.7 199.8 199.5 205.2   0.9

@wen-long
Copy link
Author

wen-long commented Jan 1, 2023

补充一个 https://pwhois.org/lft/index.who
提供了

  1. WhoB 命令,一个 whois 客户端,内置了多个 whois 服务器,对输出结果做了统一的格式化
static char pwhois_server[] = "whois.pwhois.org";
static char myaddress_server[] = "myaddress.today";
static char radb_server[] = "whois.ra.net";
static char cymru_server[] = "whois.cymru.com";
static char arin_server[] = "whois.arin.net";
static char apnic_server[] = "whois.apnic.net";
static char ripe_server[] = "whois.ripe.net";
static char ripe_ris_server[] = "riswhois.ripe.net";
[~] # whob -r 202.106.50.1
IP: 202.106.50.1
Origin-AS: 4808
Prefix: 202.106.48.0/20
AS-Path: 8220 1299 4837 4808
AS-Org-Name: China Unicom Beijing Province Network
Org-Name: China Unicom Beijing province network
Net-Name: UNICOM-BJ
Cache-Date: Jan 01 2023 07:00:26
Latitude: 39.907500
Longitude: 116.397230
City: Beijing
Region: Beijing
Country: China
Country-Code: CN
Route-Originated-Date: Dec 09 2022 00:35:24
Route-Originated-TS: 1670546124
[~] #
[~] # whob -c 202.106.50.1
IP: 202.106.50.1
Origin-AS: 4808
Prefix: 202.106.48.0/20
AS-Path: 8220 1299 4837 4808
AS-Org-Name: China Unicom Beijing Province Network
Org-Name: China Unicom Beijing province network
Net-Name: UNICOM-BJ
Cache-Date: Jan 01 2023 07:00:26
Latitude: 39.907500
Longitude: 116.397230
City: Beijing
Region: Beijing
Country: China
Country-Code: CN
Route-Originated-Date: Dec 09 2022 00:35:24
Route-Originated-TS: 1670546124
[~] #
[~] # whob  202.106.50.1
IP: 202.106.50.1
Origin-AS: 4808
Prefix: 202.106.48.0/20
AS-Path: 8220 1299 4837 4808
AS-Org-Name: China Unicom Beijing Province Network
Org-Name: China Unicom Beijing province network
Net-Name: UNICOM-BJ
Cache-Date: Jan 01 2023 07:00:26
Latitude: 39.907500
Longitude: 116.397230
City: Beijing
Region: Beijing
Country: China
Country-Code: CN
Route-Originated-Date: Dec 09 2022 00:35:24
Route-Originated-TS: 1670546124

很多包管理没有内置,entware 提供了,可以 opkg install whob 安装,apt,homebrew 都没有。
whob 意义不是很大,可以不关注,需要也可从源码编译

  1. LFT 命令,输出路由信息,特点是快速,默认用 TCP,附加 IP 信息
[~] # lft -NA 1.1.1.1
Tracing ......*.****...T
TTL LFT trace to one.one.one.one (1.1.1.1):80/tcp
 1  [AS?] [NULL] XXX 0.4ms
 2  [AS?] [NULL] 10.174.64.1 3.3ms
**  [neglected] no reply packets received from TTL 3
 4  [4837] [UNICOM-SD] 119.167.86.117 18.7ms
 5  [4837] [CNCGROUP] 219.158.117.9 23.5ms
 6  [4837] [ChinaUnicom-BACKBONE] 219.158.7.130 21.2ms
 7  [4837] [ChinaUnicom-BACKBONE] 219.158.8.186 22.4ms
 8  [4837] [CNCGROUP] 219.158.102.134 176.6ms
**  [neglected] no reply packets received from TTLs 9 through 12
13  [13335] [APNIC-LABS] [target open] one.one.one.one (1.1.1.1):80 184.8ms
[~] #
[~] # lft -NA 202.106.50.1
Tracing ....****.T
TTL LFT trace to 202.106.50.1:80/tcp
 1  [AS?] [NULL] XXX 0.3ms
 2  [AS?] [NULL] 10.174.64.1 3.3ms
**  [neglected] no reply packets received from TTLs 3 through 5
 6  [4808] [UNICOM-BJ] 125.33.186.198 17.9ms
 7  [4808] [UNICOM-BJ] [target closed] 202.106.50.1:80 16.9ms

homebrew 等包管理中有包含,可以直接安装。

  1. whois.pwhois.org whois 网络服务,这个是最难能可贵的
    官网介绍,数据来自网络上实际的 peers 信息,而非来自注册管理局
    支持批量查询,多种格式化输出,查询 AS 信息,路由信息等,可以 help 看手册
[~] # whois -h whois.pwhois.org "type=jsonp 202.106.50.1"
{
  "IP": "202.106.50.1",
  "Origin-AS": 4808,
  "Prefix": "202.106.48.0\/20",
  "AS-Path": "8220 1299 4837 4808",
  "AS-Org-Name": "China Unicom Beijing Province Network",
  "Org-Name": "China Unicom Beijing province network",
  "Net-Name": "UNICOM-BJ",
  "Cache-Date": "2023-01-01T07:00:26.000Z",
  "Latitude": 39.907500,
  "Longitude": 116.397230,
  "City": "Beijing",
  "Region": "Beijing",
  "Country": "China",
  "Country-Code": "CN",
  "Route-Originated-Date": "2022-12-09T00:35:24.000Z",
  "Route-Originated-TS": 1670546124
}
[~] # whois -h whois.pwhois.org "type=rpsl 202.106.50.1"
Origin: AS4808
Route: 202.106.48.0/20
Date: 20230101
AS-Org-Name: China Unicom Beijing Province Network
Org-Name: China Unicom Beijing province network
Net-Name: UNICOM-BJ
Source: PWHOIS Server 2620:d1:4000:2::100:43 at 20230101
[~] # whois -h whois.pwhois.org help
Have no fear, help is here:

DESCRIPTION

    Prefix WhoIs displays the origin-as and other interesting information
    related to the most specific prefix currently advertised within the
    Internet's global routing table that corresponds to the IP address in
    your query.
    The only mandatory parameter is an IP address (optionally in CIDR notation,
    though pwhois assumes a /32 prefix). You may provide IP addresses with port
    numbers, though the port numbers will be removed and not returned to you in
    the result.
    You may optionally use the 'type' operator to change the display format
    between the native pwhois format, extended pwhois format, RPSL (RFC 2622),
    and the format used by Cymru (see www.cymru.com). In addition, you can use
    the json and jsonp (pretty print) versions of the 'pwhois' and 'all' types.
...略

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment