how should i pinpoint the location of a particular IP Address??
Printable View
how should i pinpoint the location of a particular IP Address??
Do you mean you own or someone elses.
Personally I usually use NeoTrace Pro. If you don't want to pony up the moola to buy it, try going to www.google.com and doing a search for IP tracking tools.
There are generalized locators, such as Neotrace and Visualroute. They are not without their faults though.
You could always use something along the lines of Sam Spade and acquire the ISP contact info concerning the IP block in question. Now, that won't likely get you near the IP or the physical location at all, but if you have a security/ abuse concern, then it would be wise to send an email to the contact listed for the said ISP.
Regards and hope this helps,
Chefer
Note - I would assume that you are just looking for generalized info as there isn't too much a need for specific details any how. I would probably stick to contacting the ISP's abuse contact if you are having repeated attacks from a specific IP in their block.
NeoTrace is really the best but this site has it's own IP locater. I find it doesn't always give you the most accurate info because it only tells you were your IP is registered.
AO's IP Locater
-NeuTron
You can use ARIN Whois or whois from the command prompt to check who owns the IP addresses. From there you should be able to figure out the location.
check the whois function on
www.ripe.net (european registry)
www.arin.net (american registry)
www.apnic.net (asia pacific registry)
When you find the ip you can see who the registred owner of the ip net is and the contact information etc. from there on you can check the domain (usually exposed by the email address) then check the domain contact information to pinpoint a more exact location. Domains need the name phone number and address of the owner! much closer than that you wil not get unless you contact the owners of the ip net and negoatiate some kind a deal with em!
I agree with the suggestion to check out the Sam Spade program (www.samspade.com). It's free and has a bunch of cool networking utilities all rolled into one easy to use interface. The utilities include, DNS lookup, whois, ping, traceroute, nslookup (I think), and some others. I used it during an independent study of mine to get info about machines that were interacting with my honeypots and never had any problems with the program itself. The one thing I don't really like, though, is that the traceroute interface only gives IP addresses and doesn't translate the actual machine name, like many command line equivilents do. Or, you could always just use the command line utils as well.
There is a pretty cool program that is a GUI version traceroute but a bunch faster you should be able to get a roundabout loctation of where they are. Less accurate but free. He also has a lot of other programs like some packet sniffers and such.
http://www.analogx.com/contents/download/network.htm
http://www.analogx.com
I used to use ip-to-country.com but it seems they've been making so many weird changes to it that it's not reliable anymore... *sigh*
Antionline has a nice IP locator here
http://www.antionline.com/tools-and-toys/ip-locate/
Lets not forget Antionline
EDIT: the red dot is sometimes hard to see, kinda have to look for it.
For those of you who went to samspade.com and noticed theres nothing there about IP tracing and what not.. The actual site is www.samspade.org
Just a little clarification
Thank ya all!! these tips really helped me lot !!
Doh!Quote:
Originally posted here by SirSub
For those of you who went to samspade.com and noticed theres nothing there about IP tracing and what not.. The actual site is www.samspade.org
Just a little clarification
Sorry Folks.
http://www.dnsstuff.com/ contains a lot of neat DNS tools with a web interface but the server seems to be currently down...
Hmmm I now have an identity issue: AO's IP LOcator places me in Troy, NY< USA... but I know I'm not there.
[P.S. It's okay, I know how it goes ;)]
Also remember, the 'location' of an IP address is only that of who registered that IP block. My ISP is about 50 miles away from my house, so an IP locator would give my location as that. For an extended example, if I set up a Dial-Up account in Belgium, and dialed across seas from the US, if you traced me, it would appear that I don't even live in the western hemisphere. So remember those IP locators are not too exact.
Some fire walls have got in built IP tracers. EG good old Norton. :D
Nightfalls_Girl
Even more. I guess it's all about the company that's distributing it... I mean, I know someone else had my IP, maybe someone in Troy, NY. But I guess the location was not updated or something..Quote:
Originally posted here by The3ntropy
Also remember, the 'location' of an IP address is only that of who registered that IP block. My ISP is about 50 miles away from my house, so an IP locator would give my location as that. For an extended example, if I set up a Dial-Up account in Belgium, and dialed across seas from the US, if you traced me, it would appear that I don't even live in the western hemisphere. So remember those IP locators are not too exact.
hypronix > Someone else cannot 'have your IP'. The IP addresses are owned by the ISP or corporation that purchased them. Tracing programs have nothing to do with the person connected to the internet, and they have nothing to do with tracing people. Their names are misleading. All that a 'tracing' program does is do a whois on the IP address, and see the address that they have registered when they purchased that IP or IP block and then relate that postage address to the state, zip code, street, et cetera. You could be an IP tracing program if you just query'd the arin whois database with an IP address then went to mapquest and entered in the address that it said it was.
I have a dynamic IP. Which means someone else had it [I did say 'had']. I may reboot and someone get it then...
hyproxnix > If I lived in antarctica and dialed into your ISP, when someone 'traced' me, my location would be exactly the same as yours. And if you have dynamically assigned IP's through DHCP, then you can simply disconnect, or do a release/renew to change your IP address.
I know :) However why is it that the increments of my IP address [+ and - 1] are where they should be? That is, western Canada. While mine [not this one...] was in NY? My ISP isn't working in US as far as I know. So the address should be somewhere in W. CA.
But anyway, I think we're off topic big time :) Send me a PM please so I can better understand this thing... thanx in advance