The Whois protocol is an information service not unlike the finger service. The Whois protocol provides the client or user with information about the owner of a domain or specific IP address. Information provided by the Whois protocol contains contact information such as address, company, telephone number, and e-mail address.
Whois is a very well known information service that runs on port forty-three (43) and accepts connections from clients with one-line queries. The whois service runs on the server in a passive open environment. When a user issues a query to the server, it responds to this query then closes the connection to the client. The query results are formatted in plain ASCII text and are human readable.
Looking up information via the Whois service is a great way to find information about the owners of websites, or the ISPs of people who spam or are abusive users. When you query a users IP address, it should give you the contact information of their Internet Service Provider (ISP) and provide you with detailed contact information and an e-mail for abusive users.
Anyone who runs a server should consider learning how to use the WHOIS information service. This is a very valuable tool that you can use in conjunction with your security logs to contact ISPs regarding problem users, or just for the average user who wants to report a spammer!
The formal technical documentation and specifics of the whois information service is defined in RFC 954.