Sometime we need to know IP location and Owner information, reason could be different as per requirement like in case i was facing some malicious traffic on some in-house Server. So we could report owner regarding same through which we could take out some conclusion regarding same.

So on internet there many websites that provide such information, we just need to open those website and provide IP address for Query.But what if don’t like to leave Linux terminal and Query on same, Yes we have command for same that will act same as we do on internet with those websites.

SetUP

I am using my Ubuntu machine for same with below version.

root@jarvis:~# lsb_release -d
Description:  Ubuntu 16.04.4 LTS
root@jarvis:~# uname -r
4.4.0-116-generic

root@jarvis:~# whois --version
Version 5.2.11.

Let’s see how it works on command line and how we could find out our required information from it.

First we have to find out IP address of hostname or domain that we like to find out, example i was facing some sc-in-f94.1e100.net in my tcpdump output even when i am running on my machine.So i thought why don’t i try and find owner of concern host, this would help me to find out many question regarding my network stats.

So to find out IP Address of sc-in-f94.1e100.net, i am going to use host command like below.

# host sc-in-f94.1e100.net
sc-in-f94.1e100.net has address 74.125.68.94

So now we have IP Address of sc-in-f94.1e100.net — 74.125.68.94. Now we could identify IP location and Owner, like below.

# whois 74.125.68.94 

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=74.125.68.94?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange:       74.125.0.0 - 74.125.255.255
CIDR:           74.125.0.0/16
NetName:        GOOGLE
NetHandle:      NET-74-125-0-0-1
Parent:         NET74 (NET-74-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Google LLC (GOGL)
RegDate:        2007-03-13
Updated:        2012-02-24
Ref:            https://whois.arin.net/rest/net/NET-74-125-0-0-1



OrgName:        Google LLC
OrgId:          GOGL
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2000-03-30
Updated:        2017-12-21
Ref:            https://whois.arin.net/rest/org/GOGL


OrgAbuseHandle: ABUSE5250-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-650-253-0000 
OrgAbuseEmail:  network-abuse@google.com
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE5250-ARIN

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google LLC
OrgTechPhone:  +1-650-253-0000 
OrgTechEmail:  arin-contact@google.com
OrgTechRef:    https://whois.arin.net/rest/poc/ZG39-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml

Now this show lots of information which could be use in various ways.