675,865 reviews,
402 today

mskitty · 06-04-2003, 01:00 PM

If I have an IP address from Yahoo (which I got from the senders header info). can that IP address be traced back to the state it was writen from ie. if the email was written in Tx can the person in CA who opened it tell that it came from TX?

Any help on this would be great!!!

Thanks,
mskitty

goldenbuddha · 06-04-2003, 01:07 PM

if the IP number is not faked, you can even use the ISP number and time the email was sent, and find out which computer the email was sent from, takes a little investigative work tho.

Redwolf · 06-04-2003, 01:09 PM

I'm assuming this is to track down an e-mail with a faked addy or something similar. Well...

http://www.usus.org/elements/tracing.htm

mskitty · 06-04-2003, 01:09 PM

Thanks for the qucik response. How would they get the ISP number from the header info in the email? I guess if they do get the ISP info they would know the email came from Tx, right?

mskitty

mskitty · 06-04-2003, 01:13 PM

Redwolf,
Yes this is to try to see what state the email was created in. The person who got the email wants to find out what state the email was created in. From appearances it looks like they are in CA, but can the person track the IP address down and find out that it was actually writting in Tx?

meese · 06-04-2003, 07:28 PM

You can use WS_PingProPack by www.ipswitch.com . Use the "WHO IS" feature and type in the ip address. It will tell you where that IP came from.

Siliconjunkie · 06-05-2003, 02:12 AM

You can goto this page and put in an IP address and it will tell you who the owner of that netblock is:
http://www.eye-net.com.au/itools/inetnum.php

krohnjw · 06-05-2003, 08:24 AM

You can also give http://www.samspade.org/ a look, that's what I use a lot for reverse lookups here at work.

Now, if the guy who spoofed it was really up to snuff, it's probably a spoofed source IP also, but if he just connected to an SMTP server and did it there then it will list his true IP address, or at least the last machine he was on (if he made multiple connections to get there). I wouldn't put too much stock on that IP address, as I can telnet to a shell acount in CA, then telnet to an smtp server and it will appear that the email came from CA, when I am in IL.
But you can use quite a few tools to do a WHO IS and lookup who owns that address block.

675,865 reviews, 402 today

675,865 reviews,
402 today