I haven't cracked open the source code yet, but I was curious which whois service the traceroute program uses to look up ASNs for a given IP.
Asked
Active
Viewed 5,034 times
2 Answers
9
The copy running on my Linux box gets its answers from 198.108.0.18. I was able to tell this by running tcpdump at the same time as running a traceroute.
The PTR records for that IP resolve to rpsl-p.merit.edu, and it happens that whois.radb.net. and whois.ra.net. point to the same IP address.
Further examination of the binary (with "strings") reveals that it's actually using the whois.radb.net hostname. There's also a pair of (undocumented) environment variables ($RA_SERVER and $RA_SERVICE) which can change the host and port used for these queries.
Alnitak
- 21,191
- 3
- 52
- 82
-
How did you determine that? – Noah Campbell Jun 11 '09 at 19:48
-
I ran tcpdump at the same time as a traceroute. – Alnitak Jun 11 '09 at 20:31
0
Having not looked at the source code, I would suspect either whois.ra.net or riswhois.ripe.net or equivalent.
Justin Scott
- 8,798
- 1
- 28
- 39