Please Help Me

Printable View

January 8th, 2002, 08:28 PM
Stanz

Please Help Me

:confused: Please Help Me. I posted a message asking help on how to get an IP Address from an email sent to me. I was told to check the heading and I right clicked on it and then I was even more confused. Can someone please tell me step to step how to find and Ip Address from an email that was sent to me? Thank You very much
January 8th, 2002, 08:42 PM
Vorlin

In all that jumble of the header, you should see a "From" field. Take this information and shove it through nslookup. To do that, do this:

1: open up a command prompt (start->run->command)
2: run 'nslookup name_here'

That should give you some information about where it came from. Also, you could shove it through visualroute 6 and see where it came from on the map.
January 9th, 2002, 02:05 AM
Ouroboros

IP

your mail account should have, in its options, how to have the header displayed...choose 'Advanced'...depending on what service you use, you will see a big mess of numbers and letters, but the first IP after the 'From:' should be the IP that originated the message.

As far as tracing it, routewise, i'd try Visual Trace from McAfee...it'll usually give you the location, network, and name of the account holder.

Ouroboros
January 9th, 2002, 02:25 AM
protocool

do you use linux. it's much better to use linux on looking ip's. however, if your using 'pine' you can view its ip address in the 'mbox' located to your $HOME directory. all of it's content and information about the email is stored here. that's why it should not be deleted. another way is to look at /var/pool/mail directory all of the information about the email is there. just like 'pine' but i prefer to use pine! :)
January 11th, 2002, 06:29 AM
Tedob1

go to SamSpade.org, they've got some very in depth tuterials on tracking e-mail
January 11th, 2002, 06:39 AM
Tedob1

================================
Return-Path: <info@ >>>>catalyst.com<<<< >
Delivered-To: me
Received: (qmail 4174 invoked from network); 10 Jan 2002 23:46:11 -0000
Received: from mail.>>>>catalyst.com<<<< (128.242.217.170)
by mail2.wlv.netzero.net with SMTP; 10 Jan 2002 23:46:11 -0000
Received: from web2797.dn.net by catalyst.com
with SMTP (MDaemon.v3.5.7.R)
for <me>; Thu, 10 Jan 2002 16:21:47 -0500
Date: Thu, 10 Jan 2002 19:25:45 -0500

=================================

look for the line that has a match for the domain name in the "return path" i've marked it >>>> <<<< to make it easy to see. its easy for some one to spoof the names but the ip address in parens is usually correct.