tcpdump 的测试数据包:tcpdump/whois.pcap at master · the-tcpdump-group/tcpdump · GitHub
whois(读作“Who is”,非缩写)是用来查询域名的IP以及所有者等信息的传输协议。
WHOIS 协议内容:
①先向服务器的TCP端口43号端口建立一个连接,②发送查询关键字并加上回车换行,③然后接收服务器的查询结果。
WHOIS服务是一个在线的“请求/响应”式服务。WHOIS Server运行在后台监听43端口,当Internet用户搜索一个域名(或主机、联系人等其他信息)时,WHOIS Server首先建立一个与Client的TCP连接,然后接收用户请求的信息并据此查询后台域名数据库。如果数据库中存在相应的记录,它会将相关信息如所有者、管理信息以及技术联络信息等,反馈给Client。待Server输出结束,Client关闭连接,至此,一个查询过程结束。
Whois来查看域名的当前信息状态,包括域名是否已被注册、注册日期、过期日期、域名状态、DNS解析服务器等。
ICANN Lookup 以百度为例显示响应的信息有哪些。
命令行查询:
whois 响应消息的特征,域名信息:
baidu.com_whois查询_域名查询_阿里云企航(原万网)-阿里云 (aliyun.com)
这个阿里的有详细的文本信息:
Domain Name: baidu.com Registry Domain ID: 11181110_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-09-01T03:54:43Z Creation Date: 1999-10-11T11:05:17Z Registrar Registration Expiration Date: 2026-10-11T11:05:17Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Reseller: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Registrant State/Province: Registrant Country: Name Server: NS1.BAIDU.COM Name Server: NS2.BAIDU.COM Name Server: NS3.BAIDU.COM Name Server: NS4.BAIDU.COM Name Server: NS7.BAIDU.COM DNSSEC: unsigned Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>>Last update of WHOIS database: 2023-02-12T14:21:07Z <<< For more information on Whois status codes, please visit https://icann.org/epp