-
February 9th, 2003, 12:25 AM
#1
Junior Member
how do you find the ip in an email
This question was spurred by me getting the yaha virus.
When someone sends you an email, can you find out the ip address of the computer that it was sent from? Meaning, can I find out the ip address of the computer that sent the email to their mail server.
If my teaching serves me right, their mail server then sends the email to my mail server and soon after that I retrieve the email.
I believe that there are a few ip addresses involved. The ip of the mail servers are two. But can I get the ip of the computer that initially sent the email?
My guess would be to put some kind of sniffer on my mail server. That's my guess anyway.
And the real question is, of course, how can someone send an email to me (for instance) using the mail box of another user. [I Think that's called 'spoofing'??]
---------------------------------------------------------------------
A day without sunshine is like...well....night!
---------------------------------------------------------------------
-
February 9th, 2003, 12:30 AM
#2
Senior Member
Ok. To get the ip of someone who sent you mail, all you have to do is look at the header. There are different ways to view the header depending on what mail software you use. Like in outlook express you right click, and click on more iformation, or something like that. Looking at the help file should tell you how to get to this.
The only four things i need are food, water, a computer, and the internet.
-
February 9th, 2003, 12:41 AM
#3
Junior Member
- Madseel
When I look at the header, it tells me the ip of the senders mail server for only some. Why is that? For instance, I get
Received: from melinda (host30.64-79-80.bignet.net [64.79.80.30])
by smtp1.bignet.net (8.11.6/8.11.6) with SMTP id h17IkSW08490
for <mikecali@nalpac.com>; Fri, 7 Feb 2003 13:46:28 -0500
is the ip for "melinda"'s computer the "host30.64-79-80.bignet.net" or is that melinda's mail server ip address?
btw, what does the (8.11.6/8.11.6) mean anyway?
-
February 9th, 2003, 12:41 AM
#4
F.Y.I. When peaple spoof mail it's usually done through a SMTP program like a re-mailer. You see... they don't actually use what you call the 'mailbox' of another user infact I could send you a completely bogus e-mail from aaa@bbb.ccc LOL they are really just taking advantage of mail services not actual addresses
Host30.64-79-80.bignet.net <--- LOL it even says 'HOST' and you mistake this for that user's IP?
-
February 9th, 2003, 12:46 AM
#5
Senior Member
Cali
That doesn't look like the compleate header. The ip address would also be the numbers.
The only four things i need are food, water, a computer, and the internet.
-
February 9th, 2003, 12:52 AM
#6
Junior Member
if i'm correct, host can mean a lot of things....right???
- Madseel
here's the whole header
X-From_: lsgxhkd@4Anything.com Sat Feb 8 15:26:10 2003
Return-Path: <lsgxhkd@4Anything.com>
Received: from kphbmmo (hnllhi1-ar3-4-42-103-124.hnllhi1.dsl-verizon.net [4.42.103.124])
by mx-1.bignet.net (8.11.6/8.11.6) with SMTP id h18KQ8N03184
for <cliff@nalpac.com>; Sat, 8 Feb 2003 15:26:09 -0500
From: Grove David <lsgxhkd@4Anything.com>
To: <cliff@nalpac.com>
Subject: Hey cliff..Your Overnight Pharmacy!
Date: Sat, 08 Feb 2003 15:26:07 -0500
Mime-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: base64
Message-Id: <juhfokvtspo@4Anything.com>
from this header, what would be the ip of the sender....not the ip of the smtp server, but the ip of the computer that sent it to the smtp server.
-------------------------------------------------------------------------------
-
February 9th, 2003, 02:30 AM
#7
Senior Member
ok. if im not mistaken, the first recieved from line usually tells you the ip of the senders computer. so apparently this persons ip is 4.42.103.124. here is a link that shows you how to read email headers. http://www.happyhacker.org/gtmhh/vol3no4.shtml
The only four things i need are food, water, a computer, and the internet.
-
February 9th, 2003, 05:58 AM
#8
Junior Member
-Madseel
ur the best. VERY good link.
Ever hear a wannabe hacker complaining he or she doesn't have the addresses of any good computers to explore?
...even though I'm not a "wannabe hacker", I am interested in how it's done, so thank you for the link
I wish i knew how to give you "positives"....but i don't. I'm very new to the "newsgroup" scene. When I find out, you're the first. Very informative and knowledgable.
Gracia
------------------------------------------------------------------
When you get where you're going, drop me off
------------------------------------------------------------------
-
February 9th, 2003, 02:11 PM
#9
To view there ip make sure (if your using hotmail,Yahoo) to tick your advance settings then look below the head you will there ip for example 89.909.090.09 etc hope this helps
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|