I recently joined a Website for “Singles” which allows instant messaging
between interested parties. I was warned by one of my friends that there are
people on this website who have multiple profiles. These people could IM you
using one profile today and another profile tomorrow.
My friend suggested that one way of knowing for sure whether these two
profiles are two different people or the same person with two profiles, is to
check their IP address when the IM window opens in front of you.
Does that work?
No.
Having said that there are a couple of very rare exceptions where you can
kind of, sort of, maybe tell. But not really.
Let’s look at how this all works and why the IP address tells you pretty
much nothing.
Become a Patron of Ask Leo! and go ad-free!
To begin with, you didn’t say which IM service is being used. There are of
course many possibilities including MSN Instant Messenger, AIM, GTalk, and
others. In addition, your dating site may well have implemented their own IM
system – it’s actually not that hard.
The single biggest problem with IP addresses and most instant messaging
services it this: you’re connecting to the service, not to the person you’re
IMing.
It looks more like this:
When you create an instant messaging conversation, you’re not connecting to
the person you’re talking with at all. Instead, your instant messaging program
connects to the servers that are used by the IM service. When you send an IM
your message is sent to those servers, and then from those servers sent on to
whomever it is you’re IM’ing.
you’re not connecting to the person you’re talking with at all.”
In fact, let’s look at the IP’s in use when I have a conversation with an
MSN Messenger user. Using TcpView
during the conversation I see the following connections associated with my IM
client, Trillian:
If I then use the whois lookup at
arin.net to see who owns the IP addresses involved, I find:
-
216.155.193.143 – is owned by Yahoo (Trillian is configured
to include my Yahoo account) -
72.14.253.125 – is owned by Google (Trillian is configured
to include my Google Talk account) -
207.46.108.59 – is owned by Microsoft (Trillian is
configured to include my MSN Instant Messenger account) -
207.46.108.19 – is also owned by Microsoft
-
205.188.7.148 – is owned by AOL (Trillian is configured to
include my AOL Instant Messenger account) -
64.12.165.100 – is also owned by AOL
Nowhere in there is the IP address of the party to whom I’m speaking. (To
confirm, that “other party” is my wife’s place of business, so I know
what the IP address would be should it have been visible.)
•
The Exception
Now it’s easy to say that “most” IM clients connect you through their
servers, but it’s also true that some do not. In fact, some instant messaging
services allow you to establish a “direct connection”. I believe that AIM
allows you to switch to this type of connection, and some other services such
as Skype actually often operate this way natively in some configurations after
the connection has been made.
So let’s assume, then, that using TcpView during an IM conversation you’re able to capture the IP
addresses used by your IM program, and one of these represents a direct
connection to the person you’re messaging.
What can you tell from this IP address?
Pretty much nothing. Still.
-
They could be behind a router or proxy provided by their ISP. This means
that any number of people could “appear” to use that same IP. There’s no way to
tell which user that is(*). -
Similarly, they could be behind a router or proxy provided by their school
or place of work. Once again any number of people could “appear” to use that
same IP, and there’s still no way to tell which user that is(*). -
They could be behind their own router at home as I so often recommend. Any
number of machines could be behind that router, and there’s no way for you to
tell which machine you’re conversing with. -
And finally, even with the IP address of a specific machine or location,
there’s no way for you to tell where that machine is located(*). The
best you can do is identify the ISP that’s providing the internet
connection to the person you’re conversing with.
(*) Yes, there is a way to tell exactly what machine is represented
by an IP address in most cases. But you can’t get it. You need the
cooperation of the ISP that provides that other person’s internet connection,
and that typically requires a court order or other law-enforcement
involvement.
So unless you can convince law-enforcement that they should get involved,
even having the IP address tells you pretty much next to nothing.
You simply cannot rely on an IP address to mean the same person. IP
addresses could be shared, and you can’t even imply that an IP address
changing means that the person has changed – IP addresses could be reallocated.
While you might be able to make some broad generalizations; for example if one
IP resolves to an ISP in the United States, and another resolves to an ISP
overseas, then perhaps it’s not the same person. But then again, to someone
really dedicated to hiding his or her identity, even that can be
circumvented.
Bottom line: don’t read anything into the IP address until or unless you can
involve law enforcement. It’s just not a reliable enough indicator.
So, does this also mean that someone could log-on from different machines, ie from their workplace, and then say an hour later from home, giving different IP addresses, but actually being the same person. If this is the case, it would be even harder to identify that person. There are sites that give the ‘exact’ location of any given IP address, but on entering mine, are not always accurate, although sometimes frighteningly close. When using Tor, I appear to be at different locations – all over the world. Is it possible that some people can combine Tor (or similar) and their IM application to further muddy the waters?
Andrew, France
Very interesting article I find,no further comments…..
all that is true but, here is something that could be helpfull:
If you want to nkwo the IP of somebody thru an IM system the easiest way is try to send or recieve some file from the other user, this will make a direct connection between the users (this wont work always but most of the times do)
In any case if you dont truyt the person, dont open anything this person send you.
I think is not likely that you will meet 2 persons that are behind the same router. even if you do you can ask the person where is he/she located. if he lies, well he is already not saying the true and is not trustfull anyways…
Leo you give excellent feedback
I used Abika.com and paid $100.00 to have them trace a AOL Instant Messenger (AIM) screen name. They reported back one week later with the physical address and IP address of the computer. Called the address and got the problem taken care of. Believe me, it’s well work the money. They send you an official document also to take to law enforcement if you have to.
hello
iv been having problems with my best mates msn account. some1 hacks into her account and starts giing all her friends grief and its no getting out of had. i just want to know how i could find out the ip address this hacker is using so i can pass it on to the right authorities.
please help!!
an unknown person sent me a message in friendster, can i locate where he is, he may be using a home computer
nice article very interesting.i would like to know whether we can just come to know the geographical location of the person we are instant messaging?
http://www.tracemyip.org/
this website works
but how does it work..
if u find answer to this question then i think u can find ip adress of a chatter..
try using this below tool to get some awsome queries on ip adresses http://www.foundstone.com/us/resources/proddesc/vision.htm
The “Vision” product looks pretty much like the free tool TCPView available on the Microsoft site: http://ask-leo.com/d-tcpview.
I’ll keep saying it: there is NO reliable way to trace an IP address using only publicly avialable information. Only police and law enforcement can do more with a court order.
-Leo
Dear ,
Very nice article . But i could not beleive that ip address tracking while using any IM is impossible as there are certian tools available.
With Regards,
Khalid Rauf.
27-Oct-2008
Actually, I had a chat with my friend using MSN and I could see his ip on netstat, however every other time I couldn’t. This was the only time and it was using a quite weird port number (port 35631). I loggod off the msn, and after loggin in again this connection disappeared. Does anybody have any idea what could that be? Thanks for any advice.
Very nice article,
here is a good tool to get someone IP address
how to: http://www.myiptest.com/article.php/find-other-person-ip-address.html
link to tool: http://www.myiptest.com/staticpages/index.php/how-about-you
14-Apr-2009
Someone added me on msn, and bascally said:
‘ive retrived you IP address and your not who you say you are, im reporting your IP address, expect a letter in a couple of days’
are they being idiots or whats happening?
Im 17 and my parents pay for the internet, i live in Britain, and i havent done anything illegal etc on the internet, besides normal porn which i dont tink is illegal.
The guy hept trying to coax me into going on cam etc and saying i was fake, i didnt even know the person and then he said all that stuff when i didnt go on.
Please Help me
16-Sep-2009
Actually you must send a file to your friend through msn, even it being server based his IP will appear in the file transfer. Then with the IP you can use tracert on command prompt to see which servers it is passing through. There are a lot of websites who can tell accuratelly the location based on your friend’s IP (google it). And finally, you can use a tool like nmap to see which ports are open on his router or his computer, in some cases, then you can send info directly to these ports using telnet, echo > with a “virtual mounted device” that points to his IP and many other 3rd party tools.
sir, during the gtalk chat ! i find ip addresses by netstat -n—it shows port 5222 with someone’s ip!
but its not the real ip . i wana find the real ip address if the person is not even behind any firewall..can tcpview make it this too !!
waiting 4 d answer !!!
crackconfig
Actually there is no way to accurately get one person’s ip address. Even if you do get an ip address, you wouldn’t be able to find anyone by it since a whole neighborhoods could have the same ip address, sometimes whole towns.
Not to mention, most ip addresses will trace back to the service provider, with exceptions of course. There is no reason you would need one anyway and stalking is really unnecessarily.
How do you know if you are being scammed by a person on Yahoo Mesenger. ?????
Ann
i need to know the yahoo messenger chat persons ip address some people use bad words some hurts so i must know them details of that person. is there any action can take to them the people who hurt by using bad words
01-Sep-2011
Plz wil u tel me the gtalk ip tracer ???
i hv added that person in gmail account, is there any possibility to trace his ip address ,, then i will able to find that man… will help me ,, its very serious matter wid him … thanx
Dear sir,
I want to trace I.P. Address of email sender , how I can trace pl guide me .
Regards.
Lalit
@Lalit
The following article from Ask Leo talks about that. Unfortunately, there’s not much you can find out from an IP number of an email.
How can I trace where email came from?
Someone tried to get my ip address using file transfer via msn live messenger but blocked out by my norton 360. Did he establish direct connection successfully and manage to get my ip address in this way? Your kind help is much appreciated.
12-Dec-2011
To find someone elses ip address, try the service at http://www.fuglekos.com/ip-grabber/ Not rocket science.