To Do so we will be using “netstat” command in windows. If you want to know the IP address of a specific person on facebook or orkut or any chat service, there is only one way: Just invite or ping him for a chat and while chat is ON open ‘Command Prompt‘ on your PC (Start >Run>cmd).
Let's look at how this all works and why the IP address tells you pretty much nothing.
note: before trying this make sure you close all the other tabs in your browser. and only facebook is open. also if possible delete all the history and cache from your browser.
When command prompt opens Type the following command and hit Enter.
And you will get all established connections IP addresses there. Note down all the suspicious IP’s
The Next Step is to Trace that user using his IP address.
To do so we will be using IP tracer service. Go to the below address and paste the IP address in the box that says “lookup this ip or website”. and it will show you the location of the user.
It will show you all the information about that user along with his ISP and a Location in the MAP. Now in the MAP Just click on “click for big ip address location” in the big picture you can actually zoom in. and try to recognize the area. If any serious matter just note down the ISP details in that page and contact them about the IP. they will respond you.
Other netstat commands:
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP.
-s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the
-p option may be used to specify a subset of the default.
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP.
-s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the
-p option may be used to specify a subset of the default.
Let's look at how this all works and why the IP address tells you pretty much nothing.
•
To begin with, you didn't say which IM service is being used. There are of course many possibilities including MSN Instant Messenger, AIM, GTalk, and others. In addition, your dating site may well have implemented their own IM system - it's actually not that hard.
The single biggest problem with IP addresses and most instant messaging services it this: you're connecting to the service, not to the person you're IMing.
It looks more like this:
When you create an instant messaging conversation, you're not connecting to the person you're talking with at all. Instead, your instant messaging program connects to the servers that are used by the IM service. When you send an IM your message is sent to those servers, and then from those servers sent on to whomever it is you're IM'ing.
If I then use the whois lookup at arin.net to see who owns the IP addresses involved, I find:
Now it's easy to say that "most" IM clients connect you through their servers, but it's also true that some do not. In fact, some instant messaging services allow you to establish a "direct connection". I believe that AIM allows you to switch to this type of connection, and some other services such as Skype actually often operate this way natively in some configurations after the connection has been made.
So let's assume, then, that using TcpView during an IM conversation you're able to capture the IP addresses used by your IM program, and one of these represents a direct connection to the person you're messaging.
What can you tell from this IP address?
Pretty much nothing. Still.
So unless you can convince law-enforcement that they should get involved, even having the IP address tells you pretty much next to nothing.
You simply cannot rely on an IP address to mean the same person. IP addresses could be shared, and you can't even imply that an IP address changing means that the person has changed - IP addresses could be reallocated. While you might be able to make some broad generalizations; for example if one IP resolves to an ISP in the United States, and another resolves to an ISP overseas, then perhaps it's not the same person. But then again, to someone really dedicated to hiding his or her identity, even that can be circumvented.
Bottom line: don't read anything into the IP address until or unless you can involve law enforcement. It's just not a reliable enough indicator.
The single biggest problem with IP addresses and most instant messaging services it this: you're connecting to the service, not to the person you're IMing.
It looks more like this:
"When you create an instant messaging conversation, you're not connecting to the person you're talking with at all."
In fact, let's look at the IP's in use when I have a conversation with an MSN Messenger user. Using TcpView during the conversation I see the following connections associated with my IM client, Trillian:- 216.155.193.143 - is owned by Yahoo (Trillian is configured to include my Yahoo account)
- 72.14.253.125 - is owned by Google (Trillian is configured to include my Google Talk account)
- 207.46.108.59 - is owned by Microsoft (Trillian is configured to include my MSN Instant Messenger account)
- 207.46.108.19 - is also owned by Microsoft
- 205.188.7.148 - is owned by AOL (Trillian is configured to include my AOL Instant Messenger account)
- 64.12.165.100 - is also owned by AOL
•
The ExceptionNow it's easy to say that "most" IM clients connect you through their servers, but it's also true that some do not. In fact, some instant messaging services allow you to establish a "direct connection". I believe that AIM allows you to switch to this type of connection, and some other services such as Skype actually often operate this way natively in some configurations after the connection has been made.
So let's assume, then, that using TcpView during an IM conversation you're able to capture the IP addresses used by your IM program, and one of these represents a direct connection to the person you're messaging.
What can you tell from this IP address?
Pretty much nothing. Still.
- They could be behind a router or proxy provided by their ISP. This means that any number of people could "appear" to use that same IP. There's no way to tell which user that is(*).
- Similarly, they could be behind a router or proxy provided by their school or place of work. Once again any number of people could "appear" to use that same IP, and there's still no way to tell which user that is(*).
- They could be behind their own router at home as I so often recommend. Any number of machines could be behind that router, and there's no way for you to tell which machine you're conversing with.
- And finally, even with the IP address of a specific machine or location, there's no way for you to tell where that machine is located(*). The best you can do is identify the ISP that's providing the internet connection to the person you're conversing with.
So unless you can convince law-enforcement that they should get involved, even having the IP address tells you pretty much next to nothing.
You simply cannot rely on an IP address to mean the same person. IP addresses could be shared, and you can't even imply that an IP address changing means that the person has changed - IP addresses could be reallocated. While you might be able to make some broad generalizations; for example if one IP resolves to an ISP in the United States, and another resolves to an ISP overseas, then perhaps it's not the same person. But then again, to someone really dedicated to hiding his or her identity, even that can be circumvented.
Bottom line: don't read anything into the IP address until or unless you can involve law enforcement. It's just not a reliable enough indicator.
0 comments:
Post a Comment