{"id":118,"date":"2013-02-07T05:05:35","date_gmt":"2013-02-06T21:05:35","guid":{"rendered":"http:\/\/bohu.net\/blog\/?p=118"},"modified":"2023-02-11T00:58:42","modified_gmt":"2023-02-10T16:58:42","slug":"ip-bgp-%e4%bb%a5%e5%8f%8a-bgp-monitoring-bgp-%e7%9b%91%e6%b5%8b","status":"publish","type":"post","link":"https:\/\/as32.net\/blog\/118\/","title":{"rendered":"IP-BGP \u4ee5\u53ca BGP Monitoring \/ BGP \u76d1\u6d4b"},"content":{"rendered":"<h1><a href=\"http:\/\/www.shadowserver.org\/wiki\/pmwiki.php\/Services\/IP-BGP\">IP-BGP<\/a><\/h1>\n<div id=\"content\">\n<div id=\"wikitext\">\n<div>\n<div>\n<p><a id=\"toc\" name=\"toc\"><\/a><b>On this page&#8230;<\/b> (<a id=\"tocidtog\"><\/a>show)<\/p>\n<ul id=\"tocid\">\n<li><a href=\"#toc1\">Introduction<\/a><\/li>\n<li><a href=\"#toc2\">Whois<\/a>\n<ul>\n<li><a href=\"#toc3\">Whois\/Origin<\/a><\/li>\n<li><a href=\"#toc4\">Whois\/Peer<\/a><\/li>\n<li><a href=\"#toc5\">Whois\/Prefix<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#toc6\">Whois Batch Mode<\/a><\/li>\n<li><a href=\"#toc7\">DNS<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div><\/div>\n<h2><a id=\"toc1\" name=\"toc1\"><\/a> Introduction<\/h2>\n<p>A couple services have been established for mapping IP numbers to BGP prefixes and ASNs:<\/p>\n<ul>\n<li>Whois (TCP 43)<\/li>\n<li>DNS (UDP 53)<\/li>\n<\/ul>\n<p>Three modes are supported <strong>origin<\/strong>, <strong>peer<\/strong>, and <strong>prefix<\/strong>.&nbsp; The data returned is basically the same except that the <em>peer<\/em> mode also lists the BGP peers for the ASN.<\/p>\n<p>The data to support these services are collected from the following sources:<\/p>\n<ul>\n<li>AS Names: <a href=\"http:\/\/bgp.potaroo.net\/as1221\/asnames.txt\" rel=\"nofollow\">http:\/\/bgp.potaroo.net\/as1221\/asnames.txt<\/a><\/li>\n<li>BGP Feed: <a href=\"http:\/\/routeviews.org\/\" rel=\"nofollow\">http:\/\/routeviews.org\/<\/a><\/li>\n<\/ul>\n<div><\/div>\n<h2><a id=\"toc2\" name=\"toc2\"><\/a> Whois<\/h2>\n<p>The whois interface is used as follows:<\/p>\n<div><\/div>\n<h3><a id=\"toc3\" name=\"toc3\"><\/a> Whois\/Origin<\/h3>\n<div>\n<pre> \n$ whois -h asn.shadowserver.org origin 17.112.152.32\n714 | 17.112.0.0\/16 | APPLE-ENGINEERING | US | APPLE.COM | APPLE COMPUTER INC<\/pre>\n<\/div>\n<p>The output is as follows<\/p>\n<div><\/div>\n<div>\n<pre>ASN | Prefix        | AS Name           | CN | Domain    | ISP<\/pre>\n<\/div>\n<div><\/div>\n<h3><a id=\"toc4\" name=\"toc4\"><\/a> Whois\/Peer<\/h3>\n<p>Using the <em>peer<\/em> mode is very similar:<\/p>\n<div><\/div>\n<div>\n<pre>$ whois -h asn.shadowserver.org peer 17.112.152.32\n3356 7018 | 714 | 17.112.0.0\/16 | APPLE-ENGINEERING | US | APPLE.COM | APPLE COMPUTER INC<\/pre>\n<\/div>\n<p>The output is as follows<\/p>\n<div><\/div>\n<div>\n<pre>Peer(s)   | ASN | Prefix        | AS Name           | CN | Domain    | ISP<\/pre>\n<\/div>\n<p>A more verbose mode is also available:<\/p>\n<div><\/div>\n<div>\n<pre>$ whois -h asn.shadowserver.org peer 4.5.6.4 verbose\n 3356 | 4.0.0.0\/9 | LEVEL3 | US | DSL-VERIZON.NET | GTE.NET LLC\n\n  209    ASN-QWEST             Qwest\n  293    ESNET                 Energy Sciences Network\n  701    UUNET                 MCI Communications Services, Inc. d\/b\/a Verizon Business\n  702    AS702                 Verizon Business EMEA - Commercial IP service provider in Europe\n  1239   SPRINTLINK            Sprint\n  1668   AOL-ATDN              AOL Transit Data Network\n  2497   JPNIC-ASBLOCK         AP JPNIC\n  2828   XO-AS15               XO Communications\n  2914   NTT-COMMUNICATIONS-2  NTT America, Inc.\n  3257   TISCALI               BACKBONE Tiscali Intl Network BV\n  3303   SWISSCOM              Swisscom Solutions Ltd\n  3333   RIPE-NCC              AS RIPE Network Coordination Centre\n  3356   LEVEL3                Level 3 Communications\n  3549   GBLX                  Global Crossing Ltd.\n  3561   SAVVIS                Savvis\n  4513   Globix                Corporation\n  4637   REACH                 Reach Network Border AS\n  5459   LINX                  AS London Internet Exchange Ltd.\n  5511   OPENTRANSIT           France Telecom\n  6079   RCN-AS                RCN Corporation\n  6395   BROADWING             Broadwing Communications Services, Inc.\n  6453   GLOBEINTERNET         VSNL International\n  6461   MFNX                  MFN - Metromedia Fiber Network\n  7018   ATT-INTERNET4         AT&amp;T WorldNet Services\n  8075   MICROSOFT-CORP---MSN  Microsoft Corp\n  12956  TELEFONICA            Telefonica Backbone Autonomous System<\/pre>\n<\/div>\n<div><\/div>\n<h3><a id=\"toc5\" name=\"toc5\"><\/a> Whois\/Prefix<\/h3>\n<div>\n<pre> \n$ whois -h asn.shadowserver.org prefix 8075\n64.4.0.0\/18                                                           \n65.54.8.0\/22                                                          \n65.54.48.0\/20                                                         \n65.54.74.0\/23                                                         \n65.54.80.0\/23                                                         \n65.54.83.0\/24                                                         \n65.54.86.0\/23                                                         \n65.54.92.0\/23                                                         \n65.54.94.0\/23                                                         \n65.54.96.0\/20                                                         \n65.54.120.0\/21                                                        \n65.54.128.0\/19        \n&lt;&lt;CHOPPED&gt;&gt;<\/pre>\n<\/div>\n<div><\/div>\n<h2><a id=\"toc6\" name=\"toc6\"><\/a> Whois Batch Mode<\/h2>\n<p>The Whois server also supports batch mode where a list of IP addresses can be handled.&nbsp; For example:<\/p>\n<div><\/div>\n<div>\n<pre>begin origin\n4.5.4.3\n17.112.152.32\n208.77.188.166\nend<\/pre>\n<\/div>\n<p>Use <a href=\"http:\/\/netcat.sourceforge.net\/\" rel=\"nofollow\">netcat<\/a>, telnet, or perl to send your list to the whois server:<\/p>\n<div><\/div>\n<div>\n<pre>$ netcat asn.shadowserver.org 43 &lt; \/tmp\/list\n3356 | 4.0.0.0\/9 | LEVEL3 | US | DSL-VERIZON.NET | GTE.NET LLC\n714 | 17.112.0.0\/16 | APPLE-ENGINEERING | US | APPLE.COM | APPLE COMPUTER INC\n40528 | 208.77.188.0\/22 | ICANN-LAX | - | - | -<\/pre>\n<\/div>\n<div><\/div>\n<h2><a id=\"toc7\" name=\"toc7\"><\/a> DNS<\/h2>\n<p>The format for a DNS based <em>origin<\/em> lookup is:<\/p>\n<div><\/div>\n<div>\n<pre>$ dig +short 32.152.112.17.origin.asn.shadowserver.org TXT\n\"714\" \"|\" \"17.112.0.0\/16\" \"|\" \"APPLE-ENGINEERING\" \"|\" \"US\" \"|\" \"APPLE.COM\" \"|\" \"APPLE\" \"COMPUTER\" \"INC\"<\/pre>\n<\/div>\n<p>And the format for a &#8221;peer&#8217; lookup is:<\/p>\n<div><\/div>\n<div>\n<pre>$ dig +short 32.152.112.17.peer.asn.shadowserver.org TXT\n\"3356\" \"7018\" \"|\" \"714\" \"|\" \"17.112.0.0\/16\" \"|\" \"APPLE-ENGINEERING\" \"|\" \"US\" \"|\" \"APPLE.COM\" \"|\" \"APPLE\" \"COMPUTER\" \"INC\"<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"http:\/\/www.shadowserver.org\/wiki\/pmwiki.php\/Services\/IP-BGP\">http:\/\/www.shadowserver.org\/wiki\/pmwiki.php\/Services\/IP-BGP<\/a><\/p>\n<figure style=\"width: 500px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/bohu.net\/blog\/wp-content\/uploads\/2013\/02\/shadowServer_transp_2-500x167.png\" alt=\"\" width=\"500\" height=\"113\"><figcaption class=\"wp-caption-text\">Shadowserver<\/figcaption><\/figure>\n<p>Other Res&nbsp;:&nbsp; BGP Monitoring&nbsp;&nbsp; <a href=\"http:\/\/www.team-cymru.org\/Monitoring\/BGP\/\">http:\/\/www.team-cymru.org\/Monitoring\/BGP\/<\/a><\/p>\n<figure style=\"width: 210px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/bohu.net\/blog\/wp-content\/uploads\/2013\/02\/tc-community-logo.png\" alt=\"\" width=\"210\" height=\"207\"><figcaption class=\"wp-caption-text\">Team Cymru<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>IP-BGP On this page&#8230; (show) Introduction Whois Wh &hellip; <a href=\"https:\/\/as32.net\/blog\/118\/\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">\u201cIP-BGP \u4ee5\u53ca BGP Monitoring \/ BGP \u76d1\u6d4b\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[86,128,203,249,342,372,572,587],"class_list":["post-118","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-bgp","tag-dns","tag-ip","tag-monitoring","tag-shadowserver-org","tag-team-cymru-org","tag--whois","tag-587"],"_links":{"self":[{"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/posts\/118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/comments?post=118"}],"version-history":[{"count":1,"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/posts\/118\/revisions"}],"predecessor-version":[{"id":9871,"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/posts\/118\/revisions\/9871"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/as32.net\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/media?parent=118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/categories?post=118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/as32.net\/blog\/wp-json\/wp\/v2\/tags?post=118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}