Re: Is nslookup the best there is for reverse IP address to domain name?

It isn't a requirement that any given IP address also has a DNS entry; it's OK for nslookup to have no answer for some IP addresses. Almost any given IP address *should* have a "whois" record, which indicates who that block of addresses is assigned to. The command-line tool whois can be used to look this up.

The simplest query is like this:

whois 74.125.103.57

which tells me that that IP address is in a block assigned to Google. If you don't have the command-line 'whois' tool on your radio, a desktop Linux distribution will. There are also many online 'whois' tools that can be used from a web browser. I don't know if Windows ships with a whois tool or not.

Microsoft.

Google again.

This is part of a big block (23.235.224.0/19) assigned to Secured Servers LLC in Tempe, Arizona. Secured Servers has in turn "sublet" some of this block (23.235.255.0/24) to MC Pro Hosting of Fort Lauderdale, FL. (See the "Found a referral..."

Matt Roberds

mroberds wrote, on Tue, 12 Aug 2014 03:52:57 +0000:

Hi Matt,

Thanks for suggesting "whois" and for running the tests.

I just logged into the rooftop radio to test if "whois" is there:

$ ssh 191.168.1.20 -l ubnt -p 22 (login=ubnt, ssh port=22)

BusyBox v1.11.2 (2014-02-05 18:21:05 EET) built-in shell (ash) Enter 'help' for a list of built-in commands.

XM.v5.5.8# whois 74.125.103.57

-sh: whois: not found

Drat. As you had surmised, "whois" isn't on the radio linux.

But, you're right. The "whois" command worked just fine on a desktop Linux, so, what I can do is somehow figure out how to "rcp" the radio /proc/net/nf_conntrack to my Linux machine.

I tried "rcp" & "ftp" but neither was found on the Radio Linux.

Do you know of a way to get the entire /proc/net/nf_conntrack over to my Linux machine?

Since you can ssh into the radio, scp from the desktop Linux machine might work:

$ scp -P 22 ubnt@191.168.1.20:/proc/net/nf_conntrack nf_conntrack

This should give you a copy of the radio's nf_conntrack file in the current directory on the desktop Linux box.

Otherwise, you might be able to do something like this, starting on the desktop box:

desktop$ script conntrack.txt Script started, file is conntrack.txt desktop$ ssh 191.168.1.20 -l ubnt -p 22 radio# cat /proc/net/nf_conntrack [contents of file appear here] radio# logout desktop$ exit Script done, file is conntrack.txt

This will put everything that came to the screen in conntrack.txt on the desktop box. It will include control characters and stuff, so you'll have to edit that out of conntrack.txt with your favorite text editor before proceeding.

Matt Roberds

Have you tried scp from the machine where you ssh from? scp ubnt@191.168.20:/proc/net/nf_conntrack

-- HASM

mroberds wrote, on Tue, 12 Aug 2014 15:37:49 +0000:

Hi Matt, The scp command, from Linux, worked perfectly.

Thanks Matt, as that's a very nice command! It has a lot of funky characters in the results, but other than that, it's a really nice trick!

1. Start the script on the Linux laptop: $ script /tmp/net.script
2. Log into the rooftop modem (transceiver): $ ssh -p 2200 -l ubnt 192.168.1.20
3. Spit out the file: # cat /proc/net/nf_conntrack nf_conntrack
4. Exit out of the radio # exit
5. Exit out of the script $ exit
6. Strip the funky characters out of the results: $ col -b /tmp/net.script > /tmp/net.txt