WHOIS
What is Port 43?
Port 43 is used by the WHOIS protocol, a query-response protocol for looking up domain name registration data, IP address allocation, and autonomous system information. Originally specified in RFC 3912, WHOIS allows anyone to query a WHOIS server to find the registrant, registration dates, expiration dates, and name servers for a domain. The protocol dates back to the early internet and was essential for network administration. WHOIS data is maintained by domain registrars, regional internet registries (RIRs) like ARIN, RIPE, and APNIC, and the IANA. While GDPR and privacy regulations have reduced the amount of personal data exposed through WHOIS, the protocol remains a key tool for cybersecurity professionals, domain investors, and intellectual property attorneys.
Common Uses
- Domain registration information lookups
- IP address ownership and allocation queries
- Cybersecurity investigations and threat intelligence
- Intellectual property and trademark research
Technical Details
Copy-paste commands to check port 43 (WHOIS) from your terminal
Test connectivity
nc -zv example.com 43
curl -v --max-time 5 http://example.com:43/
telnet example.com 43
nmap -p 43 -sV example.com
(echo > /dev/tcp/example.com/43) 2>/dev/null && echo "open" || echo "closed"
Open port in firewall
sudo ufw allow 43/tcp
sudo iptables -A INPUT -p tcp --dport 43 -j ACCEPT
sudo firewall-cmd --permanent --add-port=43/tcp && sudo firewall-cmd --reload
Security Considerations
WHOIS is a read-only query protocol, so the port itself presents minimal attack surface. However, WHOIS data can be used for social engineering, spear phishing, and domain hijacking attempts. Many registrars now offer privacy protection to obscure registrant details. Rate limiting is common to prevent abuse. RDAP (Registration Data Access Protocol) is the modern replacement offering structured JSON responses.
Popular Ports Reference
The most commonly used and referenced network ports