Objective: Perform BGP AS (Autonomous System) number lookup based on IP address using
If you have used the
traceroute utility on Linux or Mac, then you might have realised that there is an option to perform AS number lookups. This can be done using the ‘
-A‘ option on Linux and the ‘
-a‘ option on a Mac. If your
traceroute utility does not have the AS number lookup feature, then you can instead perform a
whois query to extract the AS number – not that difficult, but just a bit more tedious.
AS Number Lookup Using Traceroute
So, let’s say we want to get the AS number for one of Google’s public DNS IP addresses –
22.214.171.124. On Linux, we can run
traceroute using the below syntax to get the AS number.
$ traceroute -A 126.96.36.199 | tail -n 1
8 google-public-dns-a.google.com (188.8.131.52) [AS19905] 5.215 ms 3.641 ms 4.444 ms
Do you see
AS19905 (inside square brackets) next to the IP address of
184.108.40.206? That is the AS number for IP
AS Number Lookup Using Whois
I did a bit of reverse engineering on how
traceroute perform AS number lookups by analysing the source code as well as looking at
traceroute basically does a
whois lookup at
whois.radb.net with the IP address to determine the AS numbers. So, that’s what we are going to do – perform AS number lookup using the
To determine the AS number for
220.127.116.11 using RADB
whois server, we have to run
whois using the below syntax and
$ whois -h whois.radb.net 18.104.22.168 | grep -e '^route' -e '^origin'
We can see that there are multiple routes and origins (AS numbers) returned for IP
22.214.171.124. But the
traceroute utility only gave
AS19905 as the output.
It made a bit more sense after analysing the source code of the
traceroute program. Only the AS number with the best route prefix is selected. So, in the example above, the route
126.96.36.199/32 has the best route prefix (the bigger the better) of 32 and therefore only the corresponding AS number for that route,
AS19905, is printed out.
If two routes share the same best route prefix,
traceroute will print the AS numbers for both the routes.
I have also recently got to know that Team Cymru also provide an IP to ASN lookup using their
whois service. Their whois server is
whois.cymru.com. To make a ASN lookup for
188.8.131.52 with Team Cymru whois server, use the following syntax.
$ whois -h whois.cymru.com 184.108.40.206
AS | IP | AS Name
15169 | 220.127.116.11 | GOOGLE - Google Inc.,US
Do note that the results of the ASN lookup is different for RADB and Cymru. RADB is giving
AS19905, while Cymru is giving
AS15169. When you get different results, googling might be required to determine the correct AS number. Alternatively, use the corresponding IPv6 address and see which AS has a better match. I did an IP to ASN lookup for
2001:4860:4860::8888, Google’s public DNS IPv6 address using both RADB and Cymru and I got
AS15169. So, in this case, I will assume that
AS15169 is the correct AS as it looks like a better match.