Redhat / CentOS: Install Internet whois / nicname Client

Posted on in Categories last updated May 20, 2011

How do I install whois client to see whois information about domain and ip address using command line options under Fedora / RHEL / Redhat / CentOS / Scientific Linux?

jwhois is a whois client that accepts both traditional and finger-style queries under RHEL. You can install the same using the yum command. Login as root and type the following command to install the jwhois client:
# yum -y install jwhois
Sample outputs:

Loaded plugins: priorities, rhnplugin
70 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package jwhois.x86_64 0:4.0-18.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package      Arch         Version             Repository                  Size
================================================================================
Installing:
 jwhois       x86_64       4.0-18.el6          rhel-x86_64-server-6       104 k

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 104 k
Installed size: 0  
Downloading Packages:
jwhois-4.0-18.el6.x86_64.rpm                             | 104 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : jwhois-4.0-18.el6.x86_64                                 1/1 

Installed:
  jwhois.x86_64 0:4.0-18.el6                                                    

Complete!

You can use the whois command as follows:
$ whois cyberciti.biz
$ whois 75.126.153.206

Sample outputs:

[Querying whois.arin.net]
[Redirected to rwhois.softlayer.com:4321]
[Querying rwhois.softlayer.com]
[rwhois.softlayer.com]
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.75.126.128.0/19
network:Auth-Area:75.126.128.0/19
network:Network-Name:SOFTLAYER-75.126.128.0
network:IP-Network:75.126.153.200/29
network:IP-Network-Block:75.126.153.200-75.126.153.207
network:Organization;I:SoftLayer Technologies, Inc.
network:Street-Address:1950 Stemmons Freeway Suite 2043
network:City:Dallas
network:State:TX
network:Postal-Code:75207
network:Country-Code:US
network:Tech-Contact;I:[email protected]
network:Abuse-Contact;I:[email protected]
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20070218
network:Updated:20091220
network:Updated-By:[email protected]

%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

9 comment

  1. I already installed jwhois but the output is always

    [[email protected] ~]# whois 67.xxx.xx.xxx
    [Querying whois.arin.net]
    [Unable to connect to remote host]

    How do I fix this? Is there a port that I need to allow in my firewall?

  2. I know it is a reply to an old answer but I have the same issue as Ryan. I have installed jwhois via yum but still have the following result on any domain queried:-
    [[email protected]]# whois somedomain.com
    [Querying whois.verisign-grs.com]
    [Unable to connect to remote host]

    Have tried opening both the ports suggested by Dan but still the same issue.
    Help would be very welcome here.

  3. Hi, Nick,

    I’m not able to test it currently, but you might want to try testing the connectivity to see if there’s something else blocking your connection. Try:

    telnet whois.verisign-grs.com 43

    And see if it connects. You can also verify where it’s trying to go with tcpdump:

    tcpdump -s0 -p ‘host whois.verisign-grs.com’

    Likely the port is blocked, the response is blocked (perhaps missing an established), or the response isn’t recognized (such as PAT changing the IP address or port).

    -Dan

  4. By the way, if you’re not on a busy network, you can run tcpdump in promiscuous mode (no -p) and remove the filter to see all of the traffic. I usually write it to a file (-wfilename.cap) and then analyze it with wireshark.

Leave a Comment