-
September 2nd, 2005, 03:22 AM
#1
Program to locate an IP address
Hi,
I recently received a curious email which I would like to investigate further. I discovered the several IP addresses from the header, and also the mail server it was sent from (which, unsurprisingly, was owned by Wanadoo - as the email address ended in @wanadoo.fr). The mail server is based in Ile-de-France, Paris, but that is slightly irrelevant.
Also, does the following bit of the header mean that the sender was in the GMT-7 time zone?
Code:
Received: from smtp12.wanadoo.fr (smtp12.wanadoo.fr [193.252.22.20])
by mx.gmail.com with ESMTP id a2si1016358rnf.2005.09.01.13.39.14;
Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
And the IP above (193.252.22.20) is one of two in the header (but it is just the IP of the SMTP server), and the other seems to be (AMarseille-152-1-51-85.w83-201.abo.wanadoo.fr [83.201.1.85]), but that is also part of Wanadoo...so where is the sender's IP?
Thanks!
edit: Sorry about the thread's title - that's meant to be once I've already found out the sender's IP, and would just like to keep a tab on it until it becomes active, when its location can be pinpointed.
-
September 2nd, 2005, 06:44 AM
#2
Junior Member
try and get ahold of an earlier version of NeoTrace when it was a free demo etc.
http://www.neotrace.com/
see waht that gives you.
-
September 2nd, 2005, 07:05 AM
#3
Program to locate an IP address
You don't need a program to locate an IP address. A website such as www.ip2location.com will locate an IP address for you.
83.201.1.85 = FR FRANCE ALSACE STRASBOURG IP2000-ADSL-BAS
Next useful information would be a simple WHOIS query on the IP address 83.201.1.85 results are:
% Information related to '83.201.1.0 - 83.201.1.255'
inetnum: 83.201.1.0 - 83.201.1.255
netname: IP2000-ADSL-BAS
descr: BSMAR152 Marseille Bloc 1
country: FR
admin-c: WITR1-RIPE
tech-c: WITR1-RIPE
status: ASSIGNED PA
remarks: for hacking, spamming or security problems send mail to
remarks: postmaster@wanadoo.fr AND abuse@wanadoo.fr
mnt-by: FT-BRX
source: RIPE # Filtered
role: Wanadoo France Technical Role
address: WANADOO FRANCE
address: 48 rue Camille Desmoulins
address: 92791 ISSY LES MOULINEAUX CEDEX 9
address: FR
phone: +33 1 58 88 50 00
e-mail: abuse@wanadoo.fr
admin-c: WITR1-RIPE
tech-c: WITR1-RIPE
nic-hdl: WITR1-RIPE
mnt-by: FT-BRX
source: RIPE # Filtered
Looks like ISP is IP2000-ADSL-BAS. Now as far as;
Received: from smtp12.wanadoo.fr (smtp12.wanadoo.fr [193.252.22.20])
by mx.gmail.com with ESMTP id a2si1016358rnf.2005.09.01.13.39.14;
Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
I will attempt to read this header for you. Where it says
"Received: from smtp12.wanadoo.fr"
this is the senders mail server --->smtp12.wanadoo.fr = 193.252.22.20 now where it says by did you recieve this email in gmail?
Now, where it says
with ESMTP id a2si1016358rnf.2005.09.01.13.39.14
ESMTP is Extended Simple Mail Transfer Protocol, which allows transfer of graphics, audio, video files.
2005-09-01 13.39.14= 1:39pm
Is obviously date and time. Can you post the complete email headers just to double check. Hope this helps
-
September 2nd, 2005, 09:15 AM
#4
Re: Program to locate an IP address
J_K7,
Also, does the following bit of the header mean that the sender was in the GMT-7 time zone?
Code:
Received: from smtp12.wanadoo.fr (smtp12.wanadoo.fr [193.252.22.20])
by mx.gmail.com with ESMTP id a2si1016358rnf.2005.09.01.13.39.14;
Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
I would be tempted to say that it was received at 13:39 Pacific time by the Gmail server. And I just checked on Gmail, and that's the case. The header tells you when the email was received by your mail server, and it includes the time settings for that mail server.
So no, it doesn't say anything about the sender's timezone.
Cheers,
BrainStop
"To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule
-
September 2nd, 2005, 10:18 AM
#5
those IP locater programs are very flawed...just a heads up. they gve you the registered address of the company who provides your IP address. Mines shows up in texas...im far from texas.
-
September 2nd, 2005, 11:18 AM
#6
Yeh, mine shows up in the Netherlands, and I'm FAR from there! :P
Computernerd22: Sorry for not explaining myself properly () - the reason I was looking for a program was because, IF I were able to find out the sender's IP, I would like to trace the IP every few minutes. This would be assuming that the IP address is static, and that the sender doesn't have a dynamic one (that is the case around here with broadband users, and that's another thing I'm also assuming - that the sender's using a broadband account). If they're using 56k, then the IP will most likely be dynamic, yet if they are using broadband they may have a static IP - which means that I can trace them! That's why I was looking for a program rather than a site, because then I could set it to refresh every few minutes and retrace the IP until it became active. I also don't know enough about scripts to use one of the sites to my advantage in this way! ;-D
Oh, and I did indeed receive it in Gmail! As for the time...
Thu, 01 Sep 2005 13:39:15 -0700 (PDT)
Further on...
{forwarded on to my account} Thu, 1 Sep 2005 22:39:13 +0200 (CEST)
BrainStop: Yet, why would the Gmail servers be receiving it in Pacific time? Is there a slight chance that it did because that is the sender's timezone (I know I'm probably wrong, but if I'm right, then I've solved the mystery and this person isn't who they say they are)!
XTC: I know...some of them tell me where I actually am, but VERY few! Hehe...
P.S Thanks everyone for you help so far!
-
September 2nd, 2005, 11:31 AM
#7
Timestamp
J_K9,
The GMail servers are located in California, and probably run on Pacific time.
I sent an email from my Swiss ISP to my Gmail account and it showed up with the same PDT timezone in the headers.
Cheers,
BrainStop
"To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule
-
September 2nd, 2005, 11:52 AM
#8
The -0700 is the timestamp for the GMail server, based upon GMT, normally. (A nice wiki can be found at http://en.wikipedia.org/wiki/Coordinated_Universal_Time and information about this standard at http://www.w3.org/TR/NOTE-datetime )
The -0700 suggests the location relative to GMT. And the (PDT) tells the local time format used at that location. Which in this case is Pacific Daylight Time. Since PDT includes the daylight time saving this value is +1 hour from Pacific Standard Time. (PSD is -0800)
However, the mailserver is following a specific time format (Coordinated Universal Time) which is always without daylight saving and relative to GMT.
It is not the sender's timezone. It's the timezone of the Google mailserver.
Wanadoo.fr is a french ISP providing services to a large part of Western Europe. They provide telephony, ADSL, cable and several other services. They are part of France Telecom, btw. And a pretty big player here too.
-
September 2nd, 2005, 12:17 PM
#9
Short Tutorial
You Should find all the answers at
www.stopspam.org/email/headers.html
-
September 2nd, 2005, 07:55 PM
#10
One of my favorite sites for Mail relay testing is http://www.abuse.net/relay.html and also http://spamcop.com/ for future references of course.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|