13
13
I want to know what IP ranges are belonging for example to the AS714.
How do I get this information?
I know how to do the reverse way, which is easy with whois. But the other way doesn't seem to be that easy.
JohnnyFromBF
Posted 2012-03-28T09:39:22.377
Reputation: 4 298
14
Ok, I just found one simple way. You just put this http://bgp.he.net/[ASXXX]#_prefixes in your browser, where [ASXXX] is a certain AS and a number like this http://bgp.he.net/AS714#_prefixes.
JohnnyFromBF
Posted 2012-03-28T09:39:22.377
Reputation: 4 298
17
They're listed online with related details at http://ipinfo.io/AS714 (replace the ASN to get the equivalent details for any other ASN).
If instead of browsing them you'd rather grab them programmatically you can use the RADb whois server:
$ whois -h whois.radb.net -- '-i origin AS714' | grep -Eo "([0-9.]+){4}/[0-9]+" | head
17.108.0.0/16
17.106.0.0/15
17.102.0.0/16
17.207.0.0/16
17.216.0.0/16
17.250.48.0/24
17.252.65.0/24
192.35.50.0/24
17.148.0.0/14
17.86.0.0/17
Ben Dowling
Posted 2012-03-28T09:39:22.377
Reputation: 362
1Thank you for this answer. Now I can create SMTP blocking lists for abusive hosting providers easily. – Jari Turkia – 2018-07-19T04:13:37.553
For reference, these other routing registries should work as well.
– JakeGould – 2019-02-05T02:33:02.5673
For anyone else who finds this - I really liked Ben Dowling’s answer. However according to:
http://www.radb.net/support/query2.php
There is a different way which also yields very different results! I was testing a facebook IP which didn't come up in Bens' | head results. According to the above link the correct way of querying for IP4 addresses would be:
whois -h whois.radb.net '!gas714'
Equally as nice is the fact you can now find all IP6 addresses with:
whois -h whois.radb.net '!6as714'
As I say - when I ran this for the Facebook ASN I found my missing IP address.
Later update
Unfortunately Radb.net does not give out the correct data!! Try ASN 19281 for example and you'll see results given but if you simply whois radb.net with no parameters it will say “No records found.” It doesn't seem accurate enough IMHO.
Antony
Posted 2012-03-28T09:39:22.377
Reputation: 131
This method does have some troubles with long lists, like Facebook's ie.
whois -h whois.radb.net -- '!6as32934' that gets "clipped" with a new-line in the middle of the addresses – Hvisage – 2018-06-26T17:40:34.337
which means you should rather use nc, as in: echo '!6as32934'|nc whois.radb.net 43 – Hvisage – 2018-06-26T17:49:14.700
1
I found that you can't really automate queries to bgp.he.net, I kept getting 403 responses, and then when I faked a user agent, it tried to verify that I was indeed a real browser. I kind of failed in everything with bgp.he.net (even contacting the site).
What DID work for me, was to query http://ipinfo.io as Ben Dowling said in another answer.
I did a python script to get every IP block per ASN. I had a list of every AS number in a csv file. here it is:
import requests
from bs4 import BeautifulSoup
import re
url_base = 'http://ipinfo.io/'
as_base = 'AS'
output = open('ip_per_asn.csv', 'w')
with open('chilean_asn.csv') as f:
lines = f.read().splitlines()
for asn in lines:
ASN = as_base + asn
page = requests.get(url_base+ASN)
html_doc = page.content
soup = BeautifulSoup(html_doc, 'html.parser')
for link in soup.find_all('a'):
if asn in link.get('href'):
auxstring = '/'+as_base+asn+'/'
line = re.sub(auxstring, '', link.get('href'))
printstring = asn+','+line+'\n'
if 'AS' not in printstring:
output.write(printstring)
print asn+'\n'
print 'script finished'
That said, you can also use curl with ipinfo.io. Just try to be polite and don't make absurdly large queries to the servers.
Tomas Wolf
Posted 2012-03-28T09:39:22.377
Reputation: 111
Do you want IP address ranges that originate on this AS? (Direct customers who don't have an AS) What about IP address ranges only reachable through this AS? (Customers that have their own AS.) What about IP address ranges reachable through this AS but also other provider ASes? (Multihomed customers.) – David Schwartz – 2012-03-28T10:06:18.700
1
The purpose was to find out all the IP ranges my provider owns. I got this info by visiting http://bgp.potaroo.net/as1221/asnames.txt in order to find out the AS number and http://www.ripe.net/data-tools/stats/ris/routing-information-service in order to get all the IP ranges through the prefixes tab. Do you know other possibilities?
– JohnnyFromBF – 2012-03-28T11:01:34.247