March 15, 2005

By Karen Kenworthy

IN THIS ISSUE

What a glorious day!

Here at the secluded Power Tools workshop we had a mild winter. Now we're having an early spring. The yellow roses my friend Michelle planted near the front door are already trying to bloom. And the woods out back are full of the sounds of song birds. My turtle neighbors long ago poked their heads out of their cold-weather homes, and are regularly enjoying their mid-day strolls.

And now you've dropped by! It makes my day complete.

More Discombobulation

Do you remember the last time we got together? We talked a lot about my new URL Discombobulator. As we saw, this little program helps fight evil, by making sense of those deceptive links and URLs found in spam e-mail, phishing web pages, and under other rocks scattered across cyberspace.

By now you know that joining the fight is easy. Just enter or paste a suspect URL into the box on the program's main window, then click the "Discombobulate" button. The program will see through the haze of hexadecimal encoding, obscure URL options, and redirection. In a flash, the URL's true meaning and destination will be displayed.

Unmasking URLs is the program's most important weapon. But do you know the program knows a few other tricks that can come in handy? Three of these have their own buttons, arrayed across the bottom of the program's main window.

Click the first button, labeled "Copy to Clipboard", and the information the program has collected will be placed onto the Windows clipboard. From there you can paste the URL data into a word processing document, spreadsheet, e-mail message, or other document or program.

The second button is labeled "Visit Site". It's only enabled after a discombobulated URL has been selected. Click this button and your default web browser will automatically appear and navigate its way to the URL. Use this option with caution -- often the URLs fed into the Discombobulator aren't too palatable. :)

The third button is brand new. Its label consists of just one word: "WhoIs". As long-time readers have probably guessed, under the right conditions, this button launches Karen's WhoIs program.

What Is WhoIs?

As its name implies, the WhoIs program can answer two important questions that start with the phrase "Who is ...":

"Who is the owner of a particular domain name (such as microsoft.com)?"

"Who is the owner of a particular IP address (such as 207.46.130.108)?"

In addition to the name of the owner, the WhoIs program may also reveal their phone number, fax number, e-mail address, and postal address. Other information is often is available too.

I'm sure you're way ahead of me. First, the URL Discombobulator discovers a URL's true destination - the domain name or IP address your computer will visit if the link is clicked or followed.

Next, the WhoIs program reveals who owns that domain name or IP address, where they live or work, and how to contact them.

A nice combination, don't you think? And the Discombobulator's new WhoIs button makes it easy!

Note: If Discombobulator's WhoIs button is gray or disabled, be sure to install Karen's WhoIs, then run WhoIs manually at least once. That allows the Discombobulator to find WhoIs and launch it.

Doin' The WhoIs Shuffle

My WhoIs program performs its magic by consulting two types of Internet databases. One keeps track of the owners of domain names. The other holds data about the users of IP addresses.

Having just two types of database, one for each type of data, makes the search for information seem simple. But it's not. That's because there are several databases of each type. And the particular data you're after is stored in only one. WhoIs's hardest job is deciding which database to query ...

In the case of domain names, such as "microsoft.com", there are several dozen possibilities. To locate the right database, the program starts by isolating the last few characters of the domain name -- those that follow the last, or rightmost, period. This portion of the full domain name is called the "TLD", or Top-Level Domain. Among the most common TLDs are ".com", ".net" and ".org".

Once the TLD is known, WhoIs consults its table TLDs, and the computers where their domain name data is stored. There the program will discover that domain names ending in ".com" are stored in a database on a server named rs.internic.net.

The table reveals that dirt about owners of domain names ending in ".info" is kept on a computer named whois.afilias.com. And, according to the table, you must ask a computer named whois.aunic.net to learn about the owners of domains whose names end in ".au" (Australia's TLD).

The program's table of TLDs and WhoIs database servers works well most of the time. But sometimes the table needs a little tweaking.

For example, details about ".org" domain names was once stored on a computer named rs.internic.net -- alongside information about ".com", ".net", and ".edu" domains. But recently, ".org" domain data moved to a new home. It's now found on a computer named whois.pir.org.

The scoop on domains ending in ".br" (Brazil's TLD) has moved too. It was once found in the computer named whois.registro.fapesp.br. But thanks to a recent change, the WhoIs program must now contact whois.nic.br to learn the latest about domain names in the land of Alberto Santos-Dumont.

Regional Registry Roundabout

There are fewer places information about an IP address, such as 207.46.130.108, can hide. Only five computers store this data, each belonging to a different RIR (Regional Internet Registry). As their name suggests, each RIR, and the database they maintain, holds information about a different region of the world:

whois.arin.net - This computer is operated by the American Registry for Internet Numbers (ARIN). It currently stores data about IP addresses assigned to ISPs (Internet Service Providers), companies and individuals located in North and South America.

whois.ripe.net - Réseaux IP Européens (RIPE) controls this computer, which contains data about IP addresses assigned within Europe, the Middle East, and Central Asia

whois.apnic.net - Here you'll find the database of the Asia Pacific Network Information Centre (APNIC). Yep, you're right. It covers IP addresses assigned in Asia and countries surrounding, and within, the Pacific Ocean.

whois.lacnic.net - The Latin American and Caribbean Network Information Centre (LACNIC) uses this computer to record IP address assignments throughout Latin America, and the Caribbean. This organization, and their database, is a little over two years old. Before it was born, the IP addresses it controls where allocated by ARIN.

whois.afrinic.net - This is the real baby of the family. The African Network Information Centre (AFRINIC) went online just last month, on February 21, 2005. It now allocates and tracks IP addresses used throughout Africa and the Indian Ocean. Previously, ARIN handled addresses in North Africa, while RIPE was responsible for addresses in southern, or Sub-Saharan, Africa.

So, when looking for information about an IP address, the WhoIs program has only five choices. But which RIR is the right RIR for a particular address?

Unfortunately, there's no easy answer to that question. Over the years thousands of noncontiguous blocks of IP addresses have been doled out to RIRs. For example, the first 32,768 addresses that begin with "24.152" have been delegated to LACNIC. But the remaining 32,768 address with that prefix are managed by ARIN.

Addresses that begin with "62.8" are even more fragmented. The first 16,384 addresses, and the final 40,960 addresses, belong to RIPE. But the 8,192 IP addresses in-between have been delegated to AFRINIC.

Of the 65,536 IP addresses that begin with "64.28", two blocks totaling 28,672 addresses have been delegated to ARIN. LACNIC has been given 4,096 addresses, while the remaining 32,768 have yet to be assigned to any RIR!

Fortunately, each RIR periodically publishes a list of IP addresses that are under its control. I've written a little program that merges and massages these lists, converting them into a table used by Karen's WhoIs. The most recent version of the table, accurate as of March 4th, 2005, contains 22,292 IP address blocks and the RIR that manages each one.

Whew! That was a lot of numbers and acronyms, wasn't it? But that's the world of the Internet. Hopefully, my little programs will make that world a little safer and easier to understand.

If you'd like to put the new versions of Karen's URL Discombobulator or Karen's WhoIs to work, drop by the programs' home pages at:

    https://www.karenware.com/powertools/ptlookup     https://www.karenware.com/powertools/ptwhois

As always, both programs are free for personal/home use. If you're a programmer, you can download their Visual Basic source code too!

Better yet, get the latest version of every Power Tool on a brand-new, shiny CD. You'll even get three bonus Power Tools, not available anywhere else. The source code of every Power Tool, every issue of my newsletter, and some articles I wrote for Windows Magazine, are also included. And owning the CD grants you a special license to use all my Power Tools at work.

Best of all, buying a CD is the easiest way to support the KarenWare.com web site, Karen's Power Tools, and this newsletter! To find out more, visit:

    https://www.karenware.com/licenseme

Have a safe trip home. If you take the path along the creek, say "Hi" to my turtles. And until we meet again, if you see me on the 'net, be sure to wave and say "Hi!"