A Quick Guide to ARIN’s Whois [Archived]

By Leslie Nobile

Most of you have heard of Whois and have some fundamental familiarity with it. But how well do you really know the ins and outs of Whois, and in particular, of ARIN’s Whois service? To help you get a better understanding of how to use ARIN’s Whois service, we’ve developed a Quick Guide to ARIN’s Whois that we think will be your one resource for all things Whois.

First, the basics. The term “Whois” refers to any query and response protocol that is used for searching databases that store registered users or assignees of an Internet resource (e.g. IP addresses or domain names). Specifically, ARIN’s Whois service allows a user to retrieve information about IP number resources, organizations, and Points of Contact (POCs) registered with ARIN. It pulls this information directly from ARIN’s database.

As for how to access Whois, you have a few options. You can use one of the various web interfaces that ARIN (and many others) provide, an Application Program Interface (API), or a command-line interface (CLI) client like the terminal on a Mac or the Windows command prompt. In our quick guide and in this blog, we’ll focus on how to use Whois from a Mac terminal window using different flags to customize your searches.

To submit a Whois query from a terminal, you’ll want to structure your search like this:

whois -h whois.arin.net “flag search-term”

The parts of this command are:

• whois: the command itself

• -h: specifies that the hostname of the Whois server will follow

• whois.arin.net: the name of ARIN’s Whois server

• flag: narrows the search by restricting the results to those that match criteria designated by the flag (this piece varies depending on your search)

• search-term: the information for which you are searching (this piece varies depending on your search)

Some common types of flags you may use are “n” for the specified network address space, “p” for specified Points of Contact, or “o” for an organization. There are many more flags you can use to narrow your search, so we’ve compiled a complete list of Whois flags you can use. You can also use wildcards in conjunction with any flag.

But once you’ve entered your search, how do you make sense of the results? It’s easy to feel overwhelmed by the lines of text that Whois may display, but once you know what key fields you’re looking for, the results make perfect sense.

The different result fields are grouped into five main categories that are shown below, along with some of the result fields that are returned:

• Network Information

  • NetRange

  • NetName

  • NetHandle

• Organization Information

  • OrgName

  • OrgTechName

  • OrgAbuseName

• ASN Information

  • ASNumber

  • ASHandle

• Point of Contact (POC) Information

  • Name

  • Handle

  • Company

• Delegation/Reverse DNS Information

  • Name

  • NameServer

Some other common fields that appear in the results of all kinds of queries include address, “RegDate” (date that the resource was initially registered in the ARIN database), and a last updated date. But keep in mind that this list is not all-inclusive! To see a complete list of all result fields and their respective descriptions, you’ll want to visit the “Interpreting Whois Results” section of the Quick Guide.

Now that you have a better picture of what information Whois contains and how to access it, we hope that you’ll make the most of one of ARIN’s most useful services!