IP Address & spoofing issues (Academic purpose)

[ommy]

Well..great forum..I must say..my another question to the gurus is wot if i want to know the IP address of the person i m chattin with on msn messenger...i can do it on irc...
i was thinkin that wot if we can edit the outgoing packet that carries the destination address...and yes if we can edit the packet...then wot if somebody edit his source ip address...
is this wot is called Ip spoofing? and how does a tcp/ip three way handshake work when Ip spoofing takes place..
these are some confusions in ma mind..
i hope to get the maximum replies and maximum knowledge..
i would really appreciate the anticpation..
thank u
have fun
ommy

P.S Please remember my all questions are for the sake of knowledge and learning ..i have no destructive ambitions...Thank u
and i promise i ll neevr miss use the knowledge that i would acquire frm here....
and sorry if anybody of u get offended for tat..

[souleman]

Yes you can edit the souce address of your ip packet and that is considered IP spoofing. Only one problem. When you do that, the other end reads the packet and replies to the source IP address. This means that whoever you are talking to will reply to a machine that is not yours, so you will never be able to see what they type.

[el-half]

I'm not 100% sure, but if you send the person you're chatting with a file (he first has to accept it ofcourse), a direct connection with his pc is established. So while he's downloading the file from you, bring up a dosprompt and type netstat -an, you'll probably see more connections but the one with him is in the list. Correct me if I'm wrong!

[keezel]

I've heard of that before....I think I actually tried the netstat thing on one of my friends and then told him what his IP address was and he thought it was pretty cool. I trust him so I told him how I did it.

[One Who Watches]

That's exactly how I got one of my friend's IPs. I pulled up netstat and looked at all of the IPs, then sent her a file and did netstat again while she was downloading it and noticed an extra IP. It was her IP and she admitted it. However, she was using a router, so all I had was her router's IP, not her computer's internal IP.
I'm still trying to figure out how to get her internal IP. I scanned her router with NMap but didn't get anything. *shrugs*
The search continues.....
Watcher

[HTRegz]

Originally posted here by ommy
Well..great forum..I must say..my another question to the gurus is wot if i want to know the IP address of the person i m chattin with on msn messenger...i can do it on irc...
i was thinkin that wot if we can edit the outgoing packet that carries the destination address...and yes if we can edit the packet...then wot if somebody edit his source ip address...
is this wot is called Ip spoofing? and how does a tcp/ip three way handshake work when Ip spoofing takes place..
these are some confusions in ma mind..
i hope to get the maximum replies and maximum knowledge..
i would really appreciate the anticpation..
thank u
have fun
ommy

P.S Please remember my all questions are for the sake of knowledge and learning ..i have no destructive ambitions...Thank u
and i promise i ll neevr miss use the knowledge that i would acquire frm here....
and sorry if anybody of u get offended for tat..

I'm sorry but I refuse to even finish reading that. If anyone wants to translate it, I'll take a look at it and reply if I have anything useful.

Ommy: Would it be too hard to spell check that, or at least use somewhat proper grammar and language skills.

[SirDirge]

Sending a file to somebody and then using netstat -n to find the IP works fine, however finding an IP of somebody whom your talking to but not transfering files to is harder.
I'm not absolutely sure though if your talking to somebody and do a netstat -n you'll get a list of virtual servers your connected to (which then connect to the person whom your talking to) and this is where the tricky part comes in; you have to port scan that virtual server and then use an open port from it to check whom else it is connected to.
I don't know for sure that it will work but aparently it does.

[ommy]

well....anyone have an idea..how does an ip spoofer works....coz it cannot establish a three way connection..then how can it be spoofed...

[neel]

HTRegz >> I can read it if I try... he's from pakistan so I can't blame him

ommy >> You can establish a connection with spoofed packets, but you won't be able to decently communicate. Like souleman said, the other computer will send it's packets to the source ip reading from the packets. You changed that source, so it will be sent to another computer. The only purpose of ip spoofing is to hide the source if you only need to send data and not recieve anything back perce. That why the use is almost always malicious. DoS and DDoS etc. attack don't need to recieve anything back and the source likes to be unknown...
A three way handshake isn't possible with spoofed packets.

[HTRegz]

neel: Technically I could. English is a universal language and it is also the business language. When I am writing in french or german, I will spend hours composing a single paragraph so that I'm sure everything is correct. I feel it's an insult to use someone else's language incorrectly. Anyways... I went back and gave it a try and the netstat responses do apply. At least to anyone who attemts to understand what he's put.

my another question to the gurus is wot if i want to know the IP address of the person i m chattin with on msn messenger...i can do it on irc...

So the netstat responses do have something to do with what he asked. At least that's how myself and apparently several others understood that part of the question. If the question had been more clearly worded, or at least used sentences, maybe we all would have understood.