Page 1 of 1

whois function bug

Posted: Wed Dec 30, 2009 2:59 am
by pauldr
I have a function that does a whois lookup on a block of IP addresses. It then parses the information into the following format:

Net Range    Org Name    Org ID   Net Handle
69.147.64.0 - 69.147.127.255    Yahoo! Inc.     YHOO    NET-69-147-64-0-1

Based upon the following data:

OrgName: Yahoo! Inc.
OrgID: YHOO
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US

NetRange: 69.147.64.0 - 69.147.127.255
CIDR: 69.147.64.0/18
NetName: A-YAHOO-US5
NetHandle: NET-69-147-64-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2006-06-26
Updated: 2006-09-22

RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: network-abuse@cc.yahoo-inc.com

RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: rauschen@yahoo-inc.com

OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse@cc.yahoo-inc.com

OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: rauschen@yahoo-inc.com

The problem comes into play when the whois data is in the following format:

#whois 69.44.0.0
Level 3 Communications, Inc. LVLT-ORG-69-44 (NET-69-44-0-0-1)
69.44.0.0 - 69.45.255.255
INETmax WLCO-TWC1199287-INETMAX-NET (NET-69-44-0-0-2)
69.44.0.0 - 69.44.3.255

I'm not sure how to structure the function where if it doesn't find 'OrgName' to parse the data to retrieve the NetRange of the unformatted whois request.

Below is the function:

Code: Select all

public function lookup($ip = "")
    {
        $cmd = "whois " . $ip;
        $result = shell_exec($cmd);
 
        $result = explode("\n", $result);
        $whois_data = array();
 
        //Format data
        foreach ($result as $value) {
            //Skip empty lines
            if ($value == '') {
                continue;
            }
            $sep_pos = strpos($value, ':');
            $title = trim(substr($value, 0, $sep_pos));
            $whois_data[$title] = trim(substr($value, $sep_pos + 1));
        }
 
        return $whois_data;
    }
I've been working on this for a week not sure how to proceed.

Thanks,
Paul

Re: whois function bug

Posted: Wed Dec 30, 2009 11:43 am
by manohoo
There are 3 PHP functions that can help you:

gethostbyaddr(), gethostbyname(), and gethostbyname!().

Code: Select all

 
echo gethostbyaddr("69.4.0"); 
echo "<br />";
echo gethostbyname("yahoo.com");
echo "<br />";
var_dump(gethostbynamel("yahoo.com")); // returns an array of ip addresses
echo "<br />";
echo gethostbyaddr("209.191.93.53");
 
will output:

69.4.0
209.191.93.53
array(3) { [0]=> string(13) "209.191.93.53" [1]=> string(14) "69.147.114.224" [2]=> string(14) "209.131.36.159" }
b1.www.vip.mud.yahoo.com

Notice that gethostbyaddr("69.4.0") fails, and returns the ip address itself.

Re: whois function bug

Posted: Wed Dec 30, 2009 1:03 pm
by AbraCadaver
Could be better, but using your code here is my stab at this (untested). This takes advantage of the fact that you can call 'whois NET-69-44-0-0-1' and it will return the single record :-)

Code: Select all

public function lookup($ip = "") {
        $cmd = "whois " . $ip;
        $result = shell_exec($cmd);
 
        $result = explode("\n", $result);
        $whois_data = array();
 
        //If first line starts with OrgName
        if(strpos($result[0], 'OrgName') === 0) { 
            //Format data
            foreach ($result as $value) {
                //Skip empty lines
                if ($value == '') {
                    continue;
                }
                $sep_pos = strpos($value, ':');
                $title = trim(substr($value, 0, $sep_pos));
                $whois_data[$title] = trim(substr($value, $sep_pos + 1));
            }
        //If first line does NOT start with OrgName
        } else {
            foreach ($result as $key => $value) {
                //If this is an odd row - the one with the org and netname
                if(($key % 2) !== 0)) {
                    //Match the netname in ( )
                    preg_match('/\((.+)\)/', $value, $matches);
                    //Call us recursively with the netname and assign array to a new array
                    $whois_data[] = $this->lookup($matches[1]);
                }
            }
        } 
        return $whois_data;
}

Re: whois function bug

Posted: Thu Jan 07, 2010 7:15 am
by pauldr
Thank you, I'm testing it now.

Paul