It’s typically very easy to find out your IP address or the IP address of someone with whom you are communicating somehow on the internet.
Unfortunately, many people believe that with an IP address, it’s possible to find out all sorts of information about the person at that connected computer.
That’s simply not the case.
The very short answer? Not much.
Finding an IP address
Visit my article What’s my IP address? and I’ll show you your IP address and a few other bits of information that web servers get whenever you visit any web page on the internet.
Many (though not all) email services will include the IP address of the machine on which email originated in the normally hidden email header information. (As I said, not all, and even for those that do, it’s often not on all messages. If it’s not there, it’s not there.)
If you make a point-to-point connection with an instant message program (typically during a file transfer), a peer-to-peer communications program (for example Skype, depending on how the connection is made), then your IP address is also available to the computer with which yours is communicating.
The very nature of how the internet works dictates that when two computers talk to each other, they must know each other’s IP addresses.
But once you’ve received an IP address, what can you tell about it?
Domains and reverse DNS
Some IP addresses are easy; they’re static (unchanging) and have a DNS name associated with them. For example, in a Windows Command Shell, enter the following command:
ping -a 126.96.36.199
That’s my quick-and-easy way to do what’s called a “reverse DNS lookup”. Normally, DNS maps names (like “askleo.com”) to IP addresses (like 188.8.131.52). In this case, it does the reverse and reports the official domain name associated with that IP address:
Pinging askleo.com [184.108.40.206] with 32 bytes of data: Reply from 220.127.116.11: bytes=32 time=77ms TTL=52
Knowing the domain name, you can then do a “whois” lookup. One of my favorites is that provided by domaintools.com. For example,
Will tell you that askleo.com is owned by some guy named Leo Notenboom with a mailing address in Woodinville, Washington.1
There also exist services, typically referred to as private registration, which essentially replace all the public registration information with that of a third party, so as to keep even the basic registration information hidden.
What if the ping doesn’t work or doesn’t return a domain name? Then, things get less precise.
IP address ownership
The important thing to realize is that you do not own your IP address – your ISP or service provider does. Thus, all public information about that IP address will in all likelihood refer only to them.
We can use domaintools.com again to perform a “whois” lookup on an IP address we care about:
The information that results will tell you that the IP address in the example above is owned by LiquidWeb – the hosting provider I use for askleo.com.
If the IP address is owned by an overseas provider, the information may direct you to a whois provider specifically for the overseas region in which that provider is located.
There are two extremely important things to know about these “geo-location” services:
- They typically locate the endpoint of your ISP’s distribution equipment. What that means is the closest that they often get is the location of your ISP’s router – which could be next door, or it could be many miles away, depending on exactly how your ISP has configured their network, and where their equipment resides.
- Geo-location services are notoriously inaccurate. Depending on which service is used, my home IP address has been located as “Woodinville” (the postal region
which encompasses 18 square miles and some 10,000 residential addresses), Seattle (roughly 10 miles from my house), Portland, Oregon (150 miles) and even southern California (close to 1000 miles).
As you can see, occasionally geolocation of an IP address can get close – perhaps identifying the city in which an IP address might be located, but its accuracy is always seriously suspect.
Getting more details
Everything I’ve described above – reverse DNS, whois lookups, geolocation – is all based on public information or publicly available services.
Most notably missing from all the information above?
Not without help.
We’ve seen that using a whois lookup on an IP address will tell you the ISP that owns it. It’s that ISP that can then tell you who, exactly, that IP address is connected to.
Note that while they can tell you, that doesn’t mean that they will. That information is typically regarded as private and ISPs are reluctant to divulge it, no matter how desperate your plea.
What they can and do respond to, however, are court orders.3 If your situation merits the involvement of law enforcement, if laws have been broken and it is worth their effort to look into it, then a properly issued warrant or order from the court will get the information.
And you know what? Even that may not be enough.
An IP address is not a computer
Chances are you have more than one computer at home. In fact, chances are you have a router that allows those several computers or other internet-connected devices to share your single connection to the internet.
They, in turn, share the single IP address you’ve been assigned on the internet.
The IP address alone cannot be used to specifically identify a specific device behind your router.
Now, in many cases, that may seem inconsequential. An IP address might lead to a home, and it doesn’t matter which computer was used; you pretty much know at that point who owns the home and the computers therein.
There are two very important exceptions:
- Sharing your connection, intentionally or otherwise. The classic case that you’ve probably heard of is an unsecured wireless access point being used – without permission – by a nearby neighbor. That neighbor’s activity would appear coming from your IP address.
- Businesses, large and small, often share a single or limited number of internet IP addresses among dozens (if not hundreds or thousands) of different computers on their internal network. In the extreme case, while the internet IP address might be seen as being located in a city housing, the company headquarters, or IT center, the network behind the internet-facing router could span many cities or even countries.
In cases such as these, you would need the assistance of the local network administrator to identify a specific machine, if that’s even possible.
At home, where you’re the network administrator, it’s important to simply realize that the actions of all computers sharing your internet connection will be associated with your IP address.
I hear often from individuals who have an IP address and they desperately want to identify who is at that IP address.
As we’ve seen by now, it’s not that simple and it’s just not realistically possible.
Unless of course you have the assistance of law-enforcement.
As someone with an IP address that identifies our connection to the internet, that should reassure you (unless, of course, you’re doing things you shouldn’t).
If you’re someone being harassed or otherwise wronged by someone whose IP address you were able to identify, it can be frustrating – but realize that the hoops you might have to jump through are the very same hoops that protect you as well.