What this tutorial is about
This tutorial will guide you on the steps needed to find the individual or company who is responsible for a specific server at the planet.
What You're gonna need
For windows users, It is recommended that you install jwhois windows whois client. You can find directions for obtaining and installing it at this thread
. If you are running a linux or freebsd system, jwhois comes with most distributions of linux. You can pick it up ftom ftp://ftp.gnu.org/gnu/jwhois/
'doing it' on windows
Step One, Open up your command line window, and find the ip address of the machine you are looking up. This can be accomplished with either nslookup, tracert, or even ping.
For this example, we're going to look up my friend's website - cameroncox.com .
Tracing route to cameroncox.com [188.8.131.52]
over a maximum of 30 hops:
1 152 ms 149 ms ^C
Pinging cameroncox.com [184.108.40.206] with 32 bytes of data
Reply from 220.127.116.11: bytes=32 time=205ms TTL=55
Reply from 18.104.22.168: bytes=32 time=187ms TTL=55
Reply from 22.214.171.124: bytes=32 time=185ms TTL=55
Reply from 126.96.36.199: bytes=32 time=182ms TTL=55
Ping statistics for 188.8.131.52:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 182ms, Maximum = 205ms, Average = 189ms
In each of these commands, the same ip address is returned: 184.108.40.206 .
Step Two, After obtaining the ip address of cameron's website. We're going to write a simple little command to query rwhois.theplanet.com:4321.
C:\>whois 220.127.116.11 -h rwhois.theplanet.com -p 4321
18.104.22.168 is interchangable with whatever the ip address you're looking up is. the -h rwhois.theplanet.com -p 4321 part of the query is required for querying the planet's rwhois server.
After you hit enter, jwhois is going to spit out alot of information that you may, or may not understand, depending on your experience with computing, and networking. The only real data you need to pay attention to are:
network:IP-Network-Block:22.214.171.124 - 126.96.36.199
The first line specifies what ip addresses are bound to this machine. This value may change depending on if your target orders new ip addresses.
The second line tells us the organization / individual who owns the server. In this case, his name is Michael Cottingham.
The third, forth, and fifth lines tell us the city, and zip code of owner.
The fifth line tells us the type of account the target has. In most cases, it will return "Customer".
The sixth and seventh lines tell us the nameservers the customer is using.
The next two lines tell us who to contact in the even to fabuse.
The final two lines tell us when the records were created, and updated. If the user orders new ip addresses, or changes his contact information, the date of the order / change will be displayed.
'doing it' on *nix
The steps are pretty much the same, You're just going to have to find the ip address using the "host" tool. All the command arguments are the same, and there won't be any difference in output.
If you have any questions, reply to this thread, or PM me.