Tracking an IP address to a location

winsumlusum

How did he track the IP to the internet cafe? an IP only gives an idea of where the computer is

Duggy747

You can't, ISPs hold that information which, it seems, somebody has a friend in.

wexie

Duggy747 wrote: »

You can't, ISPs hold that information which, it seems, somebody has a friend in.

You can resolve an IP address to a hostname though.

Maybe the hostname came back as : host.joeblogsinternetcafe.ie ???

just a thought

winsumlusum

wexie wrote: »

You can resolve an IP address to a hostname though.

how do you do this

edit found it

Maybe the hostname came back as : host.joeblogsinternetcafe.ie ???

that would be where there would be a server? you could not do that to a private address?

Khannie

Nice sting operation...using web server logs to get his IP. Very tasty.

The sting operation involved Mr Carroll setting up another Twitter account called @john_cant_type and interacting with Mr Andrews's fake account.

Mr Carroll then posted a link to an article which was picked up by Mr Andrews, which enabled Mr Carroll to identify the unique IP address of the computer Mr Andrews was using. This was tracked down to a computer in the Amazon internet cafe in Rathmines.

My guess is reverse DNS. Otherwise you would need a friend in an ISP and I'm pretty sure that would be a fair breach of privacy = sue-tastic.

seamus

It's fairly simple as wexie points out, if you can get someone to click on a link, their computer will spit a tonne of information at you, not just the IP address. Depending on how the router/gateway in the cafe is set up, the machine might give the server its full hostname, i.e. computer53.cafenet.amazoncafe.ie

In some cases, the cafe may have a fixed external address for each of its machines (rare, but it can be done). Or at the very least, a bit of a chat with the owner of the cafe about the matter, and they may assist you in identifying which machine was used.

wexie

winsumlusum wrote: »

how do you do this
EDIT http://help.lockergnome.com/linux/resolve-IP-address-hostname--ftopict413770.html

that would be where there would be a server? you could not do that to a private address?

You more likely than not can, pretty much everything on the internet will have some form of hostname (whatever it is you're using to access boards at the moment will have one) so it all depends on how the guy was accessing the internet. If the internet cafe was using static IP addresses and had a recognisable hostname it wouldn't have been hard.

If your hostname is something like laptop then of course it's a lot different.

MiniNukinfuts

He could have used a site like this: http://www.fuglekos.com/ip-grabber/index.html. I tested it out here on boards a few months ago, I got 100s of hits.

winsumlusum

wexie wrote: »

You more likely than not can, pretty much everything on the internet will have some form of hostname (whatever it is you're using to access boards at the moment will have one) so it all depends on how the guy was accessing the internet. If the internet cafe was using static IP addresses and had a recognisable hostname it wouldn't have been hard.

If your hostname is something like laptop then of course it's a lot different.

is the host name the computer name as you get when you right click computer and choose properties in vista?

seamus

winsumlusum wrote: »

is the host name the computer name as you get when you right click computer and choose properties in vista?

Sometimes, it all depends on the network that you're using.

In some cases it may show that hostname. Where the traffic is being run through a proxy, the proxy set up may filter out hostnames and just report the hostname as "proxy.somecompany.com".

wexie

winsumlusum wrote: »

is the host name the computer name as you get when you right click computer and choose properties in vista?

hmmm....it'll be part of it. It depends on the network setup. The hostname you see listed there will be the first part of the FQDN. Or (usually in more structured environments) you might see the full hostname listed where it says ...err....full computer name.

EDIT, or what Seamus said

winsumlusum

MiniNukinfuts wrote: »

He could have used a site like this: http://www.fuglekos.com/ip-grabber/index.html. I tested it out here on boards a few months ago, I got 100s of hits.

but it does not give the persons address does it? Just the ip. I tried it and there is nothing in the log only name of the image and folder. edit was doing it wrong. Got it to work, gives host nake as ip and eircom and says

Note: You will not find the name of the person or his/her street address here.
MAP LOOKUP usually shows the location of the internet service provider, and not the actual street address of the user of that particular ip address. This means that MAP LOOKUP usually only narrows down to the nearest city.

It tells little more than email headers

So he must have known someone in isp

Khannie

winsumlusum wrote: »

So he must have known someone in isp

Not so. Reverse dns may have given the cafe domain.

winsumlusum

Khannie wrote: »

Not so. Reverse dns may have given the cafe domain.

you mean like it gives me as eircom cos they are my host. ?

Khannie

A bit like that. Sometimes when I do a reverse dns on an IP (admins need to do it sometimes) I get "<blah>.company.com" for example.

winsumlusum

MiniNukinfuts wrote: »

He could have used a site like this: http://www.fuglekos.com/ip-grabber/index.html. I tested it out here on boards a few months ago, I got 100s of hits.

how do you send the link to someone else. i sent it to myself and got activation email with a link. Is that the libk you send the other person?

MiniNukinfuts

winsumlusum wrote: »

how do you send the link to someone else. i sent it to myself and got activation email with a link. Is that the libk you send the other person?

All I did was create a link that when clicked, it shows a victim some image or fake website, but in the background, the ip logging tool gets activated.

winsumlusum

MiniNukinfuts wrote: »

All I did was create a link that when clicked, it shows a victim some image or fake website, but in the background, the ip logging tool gets activated.

i just uploaded a jpeg but do not see how to send it to anyone. I wanted to send to a friend as a joke edit worked it out
But won'tpeople catche on when they look at just http://www.fuglekos.com/ as distinct from the full url

RGDATA!

interesting story!



"Mr Carroll compiled a 35-page dossier on his sting -- which some in FF thought was excessive in itself -- and submitted it to party bosses."


"In her statement, Ms Byrne said her husband "spent in total five to six hours spread over several months on this discovery"."
yeah right, 5 to 6 hours total. including staking out the internet cafe? including compiling the 35 page dossier? :rolleyes:

RUCKING FETARD

I was watching an ep where Garcia traced someone back to their second floor bedroom, definitely possible alright.

winsumlusum

RUCKING FETARD wrote: »

I was watching an ep where Garcia traced someone back to their second floor bedroom, definitely possible alright.

Garcia would be able to access the isp. Do you know what episode?

http://ask-leo.com/what_can_people_tell_from_my_ip_address.html

here's a good one