whois
(Adapted from a tutorial by Ed
Falk - see his original document for the
full details)
When you hit the whois button - 
- Sam Spade will
contact one of the network registries to find out contact information
for the current domain or IP address
Magic?
whois can be used in two different modes. You select between
these using the whois server box
Simple whois
Usually the Magic server is selected, and Sam Spade will
automagically choose the right whois server to contact.
In this mode Sam Spade will try to perform a sensible whois
lookup for any form of address entered in the address box
The whois result will appear in a new window.
Advanced whois
You can select a specific server in the whois server box
to send whois queries to. When you do this you have access to a
much wider selection of arguments (which can be entered in the
address box):
(These are the arguments accepted by whois.internic.net.
Use the help command to find the arguments accepted
by other servers)
- help
- Get information on various arguments and their meanings.
- sitename
- Where sitename is the domain name of the site for which
you want information. Only give the domain name (e.g. online18.com), and
not the full host name (e.g. www.online18.com). This will give you all
the information the internic has about the given site. The whois server
will attempt to match this name against all types of records: name,
nicknames, hostname, net address, etc.) If there are multiple matches,
whois will list them, one per line. If there is a single
match, whois will give all the information about it.
- pattern.
- Where pattern. is the partial pattern you wish to match
(note the terminating dot). Whois will return all patterns that
begin with this pattern. Example: online18.).
- IP Address
- Where IP Address is the full IP address in
dotted-decimal notation of a host, (e.g.206.138.239.10).
Whois will return the hostname for this address if it is found
in the database. This can often be used to determine
a site's network server.
- subnet (this is the same as the
IP Block tool)
- Where subnet is the IP address in dotted-decimal notation
(e.g 206.138.239.0 or 206.138.239)
Whois will return the site or
sites listed under this subnet. If there is no match, make the
search more broad (e.g. 206.138.0.0 or 206.138); this can
often be used to determine
a site's upstream provider.
- subnet.
- (Note the terminating dot). Find all addresses matching this pattern,
e.g. 206.138.239. returns all hosts belonging to Online18.
- HA handle
- !handle
- Where !handle is a handle returned when there are multiple
matches, (e.g. !ONLINE16-DOM or !CF624
This will return the single indicated record.
- NAme name
- .name
- Search only the Name field. Example: .Chandler, Andrew
- M mailbox
- mailbox@addr
- Search only the Mailbox field. Example: admin@xxxyes.com
- DOmain pattern
- Search only domain records, e.g. "COM", "DOM MIT" or "DOM MIT.EDU".
- GAteway pattern
- Search only gateway records.
- HOst pattern
- Search only host records, e.g. HO WWW1032-HST
- SErver pattern
- Search only server records. This can be very useful for finding out
which sites share the same server. For example, the search:
server www1032-hst.
reveals that the porn spammer Online18 is the
same as -- or associated with -- the Psychic Spammer
- ASm pattern
- Search only autonomous system numbers records.
- NEtwork pattern
- Search only network records, e.g. NE WWW1032-HST
- O pattern
- Search only organization records.
- Full search
- Give full records, even if multiple matches.
- SUMmary search
- Give summary records, even if single match.