Redhat / CentOS: Install Internet whois / nicname Client

by on May 20, 2011 · 7 comments· LAST UPDATED May 20, 2011

in

How do I install whois client to see whois information about domain and ip address using command line options under Fedora / RHEL / Redhat / CentOS / Scientific Linux?

jwhois is a whois client that accepts both traditional and finger-style queries under RHEL. You can install the same using the yum command. Login as root and type the following command to install the jwhois client:
# yum -y install jwhois
Sample outputs:

Loaded plugins: priorities, rhnplugin
70 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package jwhois.x86_64 0:4.0-18.el6 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
 Package      Arch         Version             Repository                  Size
================================================================================
Installing:
 jwhois       x86_64       4.0-18.el6          rhel-x86_64-server-6       104 k
Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)
Total download size: 104 k
Installed size: 0
Downloading Packages:
jwhois-4.0-18.el6.x86_64.rpm                             | 104 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : jwhois-4.0-18.el6.x86_64                                 1/1
Installed:
  jwhois.x86_64 0:4.0-18.el6
Complete!

You can use the whois command as follows:
$ whois cyberciti.biz
$ whois 75.126.153.206

Sample outputs:

[Querying whois.arin.net]
[Redirected to rwhois.softlayer.com:4321]
[Querying rwhois.softlayer.com]
[rwhois.softlayer.com]
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.75.126.128.0/19
network:Auth-Area:75.126.128.0/19
network:Network-Name:SOFTLAYER-75.126.128.0
network:IP-Network:75.126.153.200/29
network:IP-Network-Block:75.126.153.200-75.126.153.207
network:Organization;I:SoftLayer Technologies, Inc.
network:Street-Address:1950 Stemmons Freeway Suite 2043
network:City:Dallas
network:State:TX
network:Postal-Code:75207
network:Country-Code:US
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@softlayer.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20070218
network:Updated:20091220
network:Updated-By:ipadmin@softlayer.com
%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 7 comments… read them below or add one }

1 Ryan November 3, 2011 at 2:20 pm

I already installed jwhois but the output is always

[root@mo ~]# whois 67.xxx.xx.xxx
[Querying whois.arin.net]
[Unable to connect to remote host]

How do I fix this? Is there a port that I need to allow in my firewall?

Reply

2 Dan October 4, 2012 at 11:10 pm

I know the question above is old, but you need to have TCP port 43 open. You may also need to open up ports for referral whois (rwhois), which is usually TCP port 4321.

Reply

3 Nick June 24, 2013 at 8:57 am

I know it is a reply to an old answer but I have the same issue as Ryan. I have installed jwhois via yum but still have the following result on any domain queried:-
[root@machine]# whois somedomain.com
[Querying whois.verisign-grs.com]
[Unable to connect to remote host]

Have tried opening both the ports suggested by Dan but still the same issue.
Help would be very welcome here.

Reply

4 Dan June 24, 2013 at 5:54 pm

Hi, Nick,

I’m not able to test it currently, but you might want to try testing the connectivity to see if there’s something else blocking your connection. Try:

telnet whois.verisign-grs.com 43

And see if it connects. You can also verify where it’s trying to go with tcpdump:

tcpdump -s0 -p ‘host whois.verisign-grs.com’

Likely the port is blocked, the response is blocked (perhaps missing an established), or the response isn’t recognized (such as PAT changing the IP address or port).

-Dan

Reply

5 Dan June 24, 2013 at 6:00 pm

By the way, if you’re not on a busy network, you can run tcpdump in promiscuous mode (no -p) and remove the filter to see all of the traffic. I usually write it to a file (-wfilename.cap) and then analyze it with wireshark.

Reply

6 Wellington Torrejais da Silva June 25, 2014 at 6:57 pm

Thanks!!!

Reply

7 Rodrigo Pichiñual August 21, 2014 at 8:50 pm

Thank

Always it is usefull have this information avaible

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: