IPWhois is a utility program that can be used to query Whois servers to find out where and to whom an IP address is assigned. Now why would you want to do that? There are some instances when all you have to go on is the IP address. For example, you live in North America and you receive an email from your financial institution requesting some action. Is this a phishing attempt, or is the email genuine? Virtually the only thing that cannot be spoofed on an email is the originating IP address. To determine if the email is legitimate, you can find the originating IP address in the header and do a Whois lookup on it. If the originating IP is assigned to Europe, Asia, or South America, you can be pretty certain that the email is not genuine.
There are many online utilities available that will perform this function (and more), but IPWhois accesses the primary Whois servers directly through TCP port 43. The default is the ARIN server, which offers a Referral Service. IPWhois has an option that allows it to follow that referral to the other primary servers, or even to a private Whois server. At the present time, ARIN does not always offer a referral to whois.afrinic.net.
The current version of IPWhois supports both IPv4 and IPv6 transport. You do not need to use IPv6 transport to query an IPv6 address. You can query it over IPv4. But because IPWhois uses system calls that are IP version independent, it will not run or compile on Windows operating systems that do not support dual stack. This pretty much restricts it to Windows Vista or better.
IPWhois uses the newest version of SimpleSock, which has been updated to permit simple DNS queries. That post will be updated separately.
J.A. Coutts
There are many online utilities available that will perform this function (and more), but IPWhois accesses the primary Whois servers directly through TCP port 43. The default is the ARIN server, which offers a Referral Service. IPWhois has an option that allows it to follow that referral to the other primary servers, or even to a private Whois server. At the present time, ARIN does not always offer a referral to whois.afrinic.net.
The current version of IPWhois supports both IPv4 and IPv6 transport. You do not need to use IPv6 transport to query an IPv6 address. You can query it over IPv4. But because IPWhois uses system calls that are IP version independent, it will not run or compile on Windows operating systems that do not support dual stack. This pretty much restricts it to Windows Vista or better.
IPWhois uses the newest version of SimpleSock, which has been updated to permit simple DNS queries. That post will be updated separately.
J.A. Coutts