Users ISP

Anon

I'm looking for a way to check each users ISP.
I can grab the IP and use this to see the ISP is use by a simple whois search, not sure of the site, but I've seen it done. Just wondering if there is any way, or a seperate HTTP function that allows me to do this automatically.

Also, while there have been lots of posts about users country, none seem to answer it fully, can someone tell me is there a PHP function to do it, or is the language one the only available choice (without using Java)

Thanks

Anon

For the simple whois search you mentioned, the syntax is:
<code>whois -h <host> <ip>
</code>or (more recent version):
<code>whois <ip>@<host>
</code>
for example, to determine the ISP of a user coming from 206.152.250.9:
<code>
whois -h arin.net 206.152.250.9
</code>
You can bypass the actual "whois" client and use sockets to connect directly to TCP port 43

Example using telnet:
<code>
ra:root> telnet arin.net 43
Trying 192.149.252.21...
Connected to arin.net.
Escape character is '^]'.
206.152.250.9
Cable & Wireless USA (NETBLK-CW-O7BLK) CW-O7BLK 206.150.0.0 - 206.157.255.255
MAIN NET (NETBLK-CW-206-152-250)CW-206-152-250 206.152.250.0 - 206.152.250.255

To single out one record, ...
</code>

This would be a fairly efficient approach to determining to whom the client's IP address has been allocated (normally their ISP).

Anon

This is assuming you have the host variable though, not sure what this is, can you provide more simple information please, I don't really get it.

Currently this is the script...

<?php
$remoteip = $GLOBALS['REMOTE_ADDR'];
$forwarder = $GLOBALS['HTTP_X_FORWARDED_FOR'];
if (($forwarder != "")&&($forwarder != "unknown")) $remoteip = $forwarder;
$remoteip = explode(",", $remoteip);
$remoteip = $remoteip[0];
$arr = explode(".",$remoteip);
$oct1 = $arr[0];
$oct2 = $arr[1];
$oct3 = $arr[2];
$oct4 = $arr[3];
echo "$remoteip\n\n";
?>

The $oct variables are just used as each section of the IP address.

Thanks

Anon

The good news is that no special attention needs to be given to parsing the remote ip address at all. "whois" queries againts ARIN's database will resolve to the delegated ISP regardless of which ip you query on (ie. you don't have to quess at what the network address is or what the subnet mask is). Here's the script that pulls up the whois information:

<?php
$remoteip = $GLOBALS['REMOTE_ADDR'];
$forwarder = $GLOBALS['HTTP_X_FORWARDED_FOR'];
if (($forwarder != "")&&($forwarder != "unknown")) $remoteip = $forwarder;
echo "Whois query on $remoteip...\n";

$fp = fsockopen("arin.net", 43, $errno, $errstr);
if (!$fp) {
echo "ERROR: $errno - $errstr<br>\n";
} else {
fwrite($fp,"$remoteip\n");
echo "<pre>\n";
echo fread($fp, 1000);
echo "</pre>\n";
fclose($fp);
}

The output could be captured to a string and then parsed. The last ISP in the list should be the one with the narrowest scope of assignment. For example, my address shows that the first allocation of my IP is to C&W, who has then sub-delegated it to a much smaller ISP (MainNet):

Cable & Wireless USA (NETBLK-CW-10BLK) CW-10BLK 208.128.0.0 - 208.175.255.255
MAIN NET (NETBLK-CW-208-163-84) CW-208-163-84 208.163.84.0 - 208.163.87.255

From here, we could query on: "!NETBLK-CW-208-163-84"

And we would get the address name and phone number of the ISP's technical contact.

Pretty cool, huh?

BTW, the validity of this info depends on ISP's appropriately SWIP'ing their delegated address space through their upstream or ARIN.

Anon

Cool, thanks, just one more question then, this picks up US ISPs (I assume), and Canadian ones (from a mate whos over there) but not UK ones, tells me its a UK ISP and to use Ripe.net or something to do it manually, any idea how to get around this one?

Thanks

andrewrice

Hm... forgot about the distributed registries...
Well, RIPE also has a whois server, at:
whois.ripe.net
I suppose you could first query arin, and check to see if the output contains the error message referencing "Ripe".
If the message is found, re-issue the query on whois.ripe.net

I found that whois.ripe.net has a nice and verbose telnet interface (on the normal port 23), as well as the non-verbose functionality on port 43.

There is a third authority for Asian and Pacific IP's at whois.apnic.net

If you exhaustively query all three servers, you're bound to find the information you're looking for.

Anon

Thanks, I'll give it a shot and let you know any luck (or problems) I have :-)

Anon

$fp = fsockopen("ripe.net", 23, $errno, $errstr);
if (!$fp) {
echo "ERROR: $errno - $errstr<br>\n";
} else {
fwrite($fp,"$remoteip\n");
echo "<pre>\n";
echo fread($fp, 1000);
echo "</pre>\n";
fclose($fp);
}

or 43, I thought it would be that easy, just generates "ERROR: 0 -" though.
As you can probably tell I'm still fairly new, so I don't get much of the above to start with, but I thought it'd be that easy, I'm guessing its the 1000 that has to be altered as well? Or maybe this just isn't possible due to different laws in the US\Canada and Europe\Asia.

Any ideas would be welcomed.

andrewrice

Try the hostname whois.ripe.net instead of ripe.net.

The 1000 in the fread statement isn't really that important - it just instructs PHP to attempt to read up to 1000 characters (bytes) from the socket. If it encounters end-of-file prior to 1000 bytes, it will be well behaved and return what it was able to read. 1000 characters should be sufficient to get the important part of the text.

Anon

Thanks, all works now!

You've been a great help, thanks again.