whois

The whois command is a network utility used to query and retrieve information about domain names, IP addresses, and other network resources.

Basic Usage

whois [options] [domain or IP address]

How to extract files using whois

Set a Listener

Send the files you want

/etc/passwd extracted

we can see in the print below that it sends through the protocol WHOIS:

Wireshark Results

TCP Stream