Python Whois Issue

Question

Im trying to collect information on IP via whois within bash. However the output Im getting seems to be very different for example...

If I go to http://whois.domaintools.com/8.8.8.8 I get a ton of information. Like so,

NetRange:       8.0.0.0 - 8.127.255.255
CIDR:           8.0.0.0/9
NetName:        LVLT-ORG-8-8
NetHandle:      NET-8-0-0-0-1
Parent:         NET8 (NET-8-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Level 3 Parent, LLC (LPL-141)
RegDate:        1992-12-01
Updated:        2018-04-23
Ref:            https://rdap.arin.net/registry/ip/8.0.0.0

OrgName:        Level 3 Parent, LLC
OrgId:          LPL-141
Address:        100 CenturyLink Drive
City:           Monroe
StateProv:      LA
PostalCode:     71203
Country:        US
RegDate:        2018-02-06
Updated:        2018-02-22
Ref:            https://rdap.arin.net/registry/entity/LPL-141

OrgTechHandle: IPADD5-ARIN
OrgTechName:   ipaddressing
OrgTechPhone:  +1-877-453-8353 
OrgTechEmail:  
OrgTechRef:    https://rdap.arin.net/registry/entity/IPADD5-ARIN

OrgAbuseHandle: IPADD5-ARIN
OrgAbuseName:   ipaddressing
OrgAbusePhone:  +1-877-453-8353 
OrgAbuseEmail:  
OrgAbuseRef:    https://rdap.arin.net/registry/entity/IPADD5-ARIN

NetRange:       8.8.8.0 - 8.8.8.255
CIDR:           8.8.8.0/24
NetName:        LVLT-GOGL-8-8-8
NetHandle:      NET-8-8-8-0-1
Parent:         LVLT-ORG-8-8 (NET-8-0-0-0-1)
NetType:        Reallocated
OriginAS:       
Organization:   Google LLC (GOGL)
RegDate:        2014-03-14
Updated:        2014-03-14
Ref:            https://rdap.arin.net/registry/ip/8.8.8.0

OrgName:        Google LLC
OrgId:          GOGL
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2000-03-30
Updated:        2018-10-24
Comment:        Please note that the recommended way to file abuse complaints are located in 
the following links. 
Comment:        
Comment:        To report abuse and illegal activity: https://www.google.com/contact/
Comment:        
Comment:        For legal requests: http://support.google.com/legal 
Comment:        
Comment:        Regards, 
Comment:        The Google Team
Ref:            https://rdap.arin.net/registry/entity/GOGL

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google LLC
OrgTechPhone:  +1-650-253-0000 
OrgTechEmail:  
OrgTechRef:    https://rdap.arin.net/registry/entity/ZG39-ARIN

OrgAbuseHandle: ABUSE5250-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-650-253-0000 
OrgAbuseEmail:  
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE5250-ARIN

However, if I run whois 8.8.8.8 I just get :

 whois 8.8.8.8
[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 8.8.8.8"
#
# Use "?" to get help.
#

Level 3 Parent, LLC LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.127.255.255
Google LLC LVLT-GOGL-8-8-8 (NET-8-8-8-0-1) 8.8.8.0 - 8.8.8.255

How can I get this level of information from whois CLI?

Answer 1

You have the answer in your own post:

# Query terms are ambiguous.  The query is assumed to be:
#     "n 8.8.8.8"

...

Level 3 Parent, LLC LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.127.255.255
Google LLC LVLT-GOGL-8-8-8 (NET-8-8-8-0-1) 8.8.8.0 - 8.8.8.255

The last two lines show you that there are 2 blocks registered at ARIN that covers 8.8.8.8 and the two blocks of data you have through the provider you use at beginning of your message are the details of these two blocks. Or else in your case:

whois -h whois.arin.net NET-8-0-0-0-1

and

whois -h whois.arin.net NET-8-8-8-0-1

Or consult ARIN's whois help with whois -h whois.arin.net -- '-h' which will show you among various stuff

n Network address space

and

+ FULL output shows detailed display for EACH match

So if you do:

whois -h whois.arin.net -- 'n + 8.8.8.8'

you will get basically exactly the same output as your first example.