When using traceroute -A, where does the ASN come from

bgpcommand-line-interfacedomain-name-systemnetworking

I haven't cracked open the source code yet, but I was curious which whois service the traceroute program uses to look up ASNs for a given IP.

Best Answer

The copy running on my Linux box gets its answers from 198.108.0.18. I was able to tell this by running tcpdump at the same time as running a traceroute.

The PTR records for that IP resolve to rpsl-p.merit.edu, and it happens that whois.radb.net. and whois.ra.net. point to the same IP address.

Further examination of the binary (with "strings") reveals that it's actually using the whois.radb.net hostname. There's also a pair of (undocumented) environment variables ($RA_SERVER and $RA_SERVICE) which can change the host and port used for these queries.

Related Solutions

Windows – Useful Command-line Commands on Windows

A little known one is

getmac

It shows the MAC address(es) of your network adapter(s).

Screenshot of running getmac from a Windows commandline window.

Good (free / open source) tools for analyzing TCP capture files

Basically this boils down to a question: what OSI level are you interested in? If you want to know about what exactly was transmitted, you cannot avoid Wireshark, tcpdump or alike. But if you are interested to learn patterns that appear in your network you have to analyze netflows, packet capture is simply an overkill.

And for netflows there are many tools:

http://nsmwiki.org/index.php?title=Argus

http://www.networkuptime.com/tools/netflow/

http://www.mindrot.org/projects/

http://code.google.com/p/flow-tools/

http://www.ntop.org/nProbe.html

Best Answer

Related Solutions

Windows – Useful Command-line Commands on Windows

Good (free / open source) tools for analyzing TCP capture files

Related Topic