Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Program to locate an IP address

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    548

    Program to locate an IP address

    Hi,

    I recently received a curious email which I would like to investigate further. I discovered the several IP addresses from the header, and also the mail server it was sent from (which, unsurprisingly, was owned by Wanadoo - as the email address ended in @wanadoo.fr). The mail server is based in Ile-de-France, Paris, but that is slightly irrelevant.

    Also, does the following bit of the header mean that the sender was in the GMT-7 time zone?
    Code:
    Received: from smtp12.wanadoo.fr (smtp12.wanadoo.fr [193.252.22.20])
    by mx.gmail.com with ESMTP id a2si1016358rnf.2005.09.01.13.39.14;
    Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
    And the IP above (193.252.22.20) is one of two in the header (but it is just the IP of the SMTP server), and the other seems to be (AMarseille-152-1-51-85.w83-201.abo.wanadoo.fr [83.201.1.85]), but that is also part of Wanadoo...so where is the sender's IP?

    Thanks!

    edit: Sorry about the thread's title - that's meant to be once I've already found out the sender's IP, and would just like to keep a tab on it until it becomes active, when its location can be pinpointed.

  2. #2
    Junior Member
    Join Date
    Oct 2002
    Posts
    10
    try and get ahold of an earlier version of NeoTrace when it was a free demo etc.
    http://www.neotrace.com/
    see waht that gives you.

  3. #3
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    Program to locate an IP address
    You don't need a program to locate an IP address. A website such as www.ip2location.com will locate an IP address for you.

    83.201.1.85 = FR FRANCE ALSACE STRASBOURG IP2000-ADSL-BAS

    Next useful information would be a simple WHOIS query on the IP address 83.201.1.85 results are:

    % Information related to '83.201.1.0 - 83.201.1.255'

    inetnum: 83.201.1.0 - 83.201.1.255
    netname: IP2000-ADSL-BAS
    descr: BSMAR152 Marseille Bloc 1
    country: FR
    admin-c: WITR1-RIPE
    tech-c: WITR1-RIPE
    status: ASSIGNED PA
    remarks: for hacking, spamming or security problems send mail to
    remarks: postmaster@wanadoo.fr AND abuse@wanadoo.fr
    mnt-by: FT-BRX
    source: RIPE # Filtered

    role: Wanadoo France Technical Role
    address: WANADOO FRANCE
    address: 48 rue Camille Desmoulins
    address: 92791 ISSY LES MOULINEAUX CEDEX 9
    address: FR
    phone: +33 1 58 88 50 00
    e-mail: abuse@wanadoo.fr
    admin-c: WITR1-RIPE
    tech-c: WITR1-RIPE
    nic-hdl: WITR1-RIPE
    mnt-by: FT-BRX
    source: RIPE # Filtered

    Looks like ISP is IP2000-ADSL-BAS. Now as far as;

    Received: from smtp12.wanadoo.fr (smtp12.wanadoo.fr [193.252.22.20])
    by mx.gmail.com with ESMTP id a2si1016358rnf.2005.09.01.13.39.14;
    Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
    I will attempt to read this header for you. Where it says
    "Received: from smtp12.wanadoo.fr"
    this is the senders mail server --->smtp12.wanadoo.fr = 193.252.22.20 now where it says by
    "mx.gmail.com"
    did you recieve this email in gmail?

    Now, where it says
    with ESMTP id a2si1016358rnf.2005.09.01.13.39.14
    ESMTP is Extended Simple Mail Transfer Protocol, which allows transfer of graphics, audio, video files.

    2005-09-01 13.39.14= 1:39pm
    Is obviously date and time. Can you post the complete email headers just to double check. Hope this helps

  4. #4
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295

    Re: Program to locate an IP address

    J_K7,

    Also, does the following bit of the header mean that the sender was in the GMT-7 time zone?
    Code:
    Received: from smtp12.wanadoo.fr (smtp12.wanadoo.fr [193.252.22.20])
    by mx.gmail.com with ESMTP id a2si1016358rnf.2005.09.01.13.39.14;
    Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
    I would be tempted to say that it was received at 13:39 Pacific time by the Gmail server. And I just checked on Gmail, and that's the case. The header tells you when the email was received by your mail server, and it includes the time settings for that mail server.

    So no, it doesn't say anything about the sender's timezone.

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    those IP locater programs are very flawed...just a heads up. they gve you the registered address of the company who provides your IP address. Mines shows up in texas...im far from texas.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    548
    Yeh, mine shows up in the Netherlands, and I'm FAR from there! :P

    Computernerd22: Sorry for not explaining myself properly () - the reason I was looking for a program was because, IF I were able to find out the sender's IP, I would like to trace the IP every few minutes. This would be assuming that the IP address is static, and that the sender doesn't have a dynamic one (that is the case around here with broadband users, and that's another thing I'm also assuming - that the sender's using a broadband account). If they're using 56k, then the IP will most likely be dynamic, yet if they are using broadband they may have a static IP - which means that I can trace them! That's why I was looking for a program rather than a site, because then I could set it to refresh every few minutes and retrace the IP until it became active. I also don't know enough about scripts to use one of the sites to my advantage in this way! ;-D

    Oh, and I did indeed receive it in Gmail! As for the time...
    Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
    Further on...
    {forwarded on to my account} Thu, 1 Sep 2005 22:39:13 +0200 (CEST)
    BrainStop: Yet, why would the Gmail servers be receiving it in Pacific time? Is there a slight chance that it did because that is the sender's timezone (I know I'm probably wrong, but if I'm right, then I've solved the mystery and this person isn't who they say they are)!

    XTC: I know...some of them tell me where I actually am, but VERY few! Hehe...

    P.S Thanks everyone for you help so far!

  7. #7
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295

    Timestamp

    J_K9,

    The GMail servers are located in California, and probably run on Pacific time.

    I sent an email from my Swiss ISP to my Gmail account and it showed up with the same PDT timezone in the headers.

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  8. #8
    Banned
    Join Date
    Jul 2005
    Posts
    511
    The -0700 is the timestamp for the GMail server, based upon GMT, normally. (A nice wiki can be found at http://en.wikipedia.org/wiki/Coordinated_Universal_Time and information about this standard at http://www.w3.org/TR/NOTE-datetime )
    The -0700 suggests the location relative to GMT. And the (PDT) tells the local time format used at that location. Which in this case is Pacific Daylight Time. Since PDT includes the daylight time saving this value is +1 hour from Pacific Standard Time. (PSD is -0800)
    However, the mailserver is following a specific time format (Coordinated Universal Time) which is always without daylight saving and relative to GMT.

    It is not the sender's timezone. It's the timezone of the Google mailserver.

    Wanadoo.fr is a french ISP providing services to a large part of Western Europe. They provide telephony, ADSL, cable and several other services. They are part of France Telecom, btw. And a pretty big player here too.

  9. #9

    Post Short Tutorial

    You Should find all the answers at
    www.stopspam.org/email/headers.html

  10. #10
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    One of my favorite sites for Mail relay testing is http://www.abuse.net/relay.html and also http://spamcop.com/ for future references of course.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •