tags:

views:

107

answers:

4
Q: 

How an application or website finds your ip?

I think there are only two ways a application or a server could get your IP.

  1. If it is an application, java/flash, I think it could check your network settings locally and send your IP back to the server. Then the server would know.

  2. The other way it could find is that it could analyze the packet headers. Then find there your IP information.

But if I wanted it to stop doing it.

  1. If it was analyzing locally my IP information I could stop that packet or change its information so the website would be confused about the IP information.

  2. If it was analyzing the packet headers and if knew what packets it was analyzing because it wont analyze every packet, I could stop sending those packets.

Example:

Websites that checks your IP, how does it do it? If you are not downloading any application, you would exclude the 1. scenarion. Then the only possibility is that it was analyzing packet headers but what kind of packets?

It was not one question only but if anyone knows something about it, I would like to know too. :)

Thanks

+8  A: 

You can't prevent a website to know your IP. If you do prevent it, it would be unable to answer your request. If you are really interested in anonymity have a look at proxy servers, especially at high anonymity proxies.

nc3b  2010-05-30 20:26:04
+1  A: 

As soon as you establish a connection to a remote host, your IP address is revealed. You can not simply say, "I'd like to connect, and by the way, my IP address is 123.123.123.123".

The webserver will tell what ever script it executes, from which IP address the connection was established (and request made).

aioobe  2010-05-30 20:26:34
Yes you can. It's called spoofing.
Konerak  2010-05-30 20:27:43
@Konerak: Except then you won't be able to get any return data.
Matti Virkkunen  2010-05-30 20:33:28
It'll be harder, true. But sometimes you don't want any return data, or other times you can see all traffic pass by anyway.
Konerak  2010-05-30 20:34:58
@Matti Virkkunen I dont want to spoof every packet. Only the packet the website analyses it for IP checking. It wont analyse every packet.
 2010-05-30 20:35:10
@johnkills: Unfortunately the packet they "analyze" is the same one that they also use to figure out where to send the return data.
Matti Virkkunen  2010-05-30 20:36:39
@Matti yeah but what if I dont want that information back but want others back?
 2010-05-30 20:52:48
@johnkills: The first packet (part of the three-way handshake) is what the server uses to determine your IP address in the first place. All further packets will be sent to that IP, so if you put the wrong address in that one, you'll never get any data back. Stop trying to be a cool hacker kid and just use a proxy if you don't want people to be able to find out your IP address.
Matti Virkkunen  2010-05-30 20:56:35
@Konerak: If we're talking about the public Internet, you'd have to be pretty lucky to be able to see all the data the server is sending. Not impossible, but for this guy, highly unlikely.
Matti Virkkunen  2010-05-30 20:57:16
@Matti I wont get any data back from that "session" or whetever you call it. if the data back was to say on the website my IP so I could view it. If I had to receive that information and I dont it is fine if I dont receive it. But after, if I download a video from the same website with all my IP information correct, I will receive it. But the server will be confuse ONLY when trying to get my IP and not when it was sending me a video. So if the admin would check the "IP" logs, it would get a different one. It is thinking about how things works that got many things started in MIT.
 2010-05-30 21:06:48
@johnkills: If I had some videos, I'd definitely log the requests for the videos themselves carefully. If you're going to request the video with your non-spoofed IP address, what's the point of the first request? It's *not going to do anything*. It won't give you any cookies because you don't get the result back, and it won't establish a session with your IP because it's spoofed. The server log might show an extra entry in the logs, but what's the point in doing that? And that last thing about "MIT" and whatnot was just stupid.
Matti Virkkunen  2010-05-30 21:14:03
@Matti No, it was not. Then explain why it was "stupid". It is easy to say it was but you dont have an explanation why it was. Try it. People in MIT and caltech are known to think different. Saying someone is trying to be "cool hacker kid", that was stupid. The term "hacker" comes from MIT.
 2010-05-30 21:28:21
@johnkills: It's stupid because throwing in the name of a famous university isn't going to make *you* seem any smarter. And I used the word "hacker" intentionally here, because most of the cool hacker kids wouldn't know the word's actual meaning. We're straying from the point however, what would you do with that first request of yours, that seemingly doesn't do anything?
Matti Virkkunen  2010-05-30 21:35:55
@Matti Sure throwing a name of a famous university helps my argument of thinking different. If they think different then thinking different can only be a good thing. I dont think all your actions you do on a website, you need to get the results for the server to execute it. IF there was a flash application and you had to press a button for it to do something. Do you think you would need to get the packet from the server back? The server would execute it anyway. Java too.
 2010-05-30 22:01:07
@user354191: You're still missing my point. If all you want to do is download a video, *why try to spoof another request in the first place?*
Matti Virkkunen  2010-05-30 22:28:17
A: 

You can't prevent a website from knowing the IP, that sent the request. At best you can route it through a proxy, so the website resolves the IP of the proxy server.

You should read up on TCP/IP. In short, TCP/IP packet contains the originating IP address, because it must conform to the IP protocol and send a valid IP header.

driis  2010-05-30 20:28:14
You can prevent the website from knowing the IP that sent the request. It'll just be a bit harder to get the response ;P
Konerak  2010-05-30 20:29:36
Why is this -1? +1 back t0 0
Daniel  2010-05-30 20:33:17
I dont want to spoof every packet header. Only the packet the website analyses it for IP checking. It wont analyse every packet.
 2010-05-30 20:35:53
All your packets are "analyzed" (that is, interpreted).
nc3b  2010-05-30 20:39:59
Yeah but all information from all packets stored in the server after you finish a connection? Do you think a web server stores all packet headers?
 2010-05-30 20:52:33
johnkills: actually, most servers have an Access log, and each line of the access log containst the IP address of the user... so yes, they store it.
Konerak  2010-05-30 21:02:28
@ Konerak Interesting, I didnt know servers would have an access log for EVERY information sent.
 2010-05-30 21:09:11
+1  A: 

Your IP address is in every TCP segment. The remote web-server (to which your web browser makes the connection) will make this information available to the hosted site.

To send a different IP address, you have a couple of options. You could use a proxy server and have its IP address transmitted. Alternatively, you could use IP Spoofing, if you don't want to receive any information back!

Johnsyweb  2010-05-30 20:36:53
Where in the TCP packet is the IP address? Or did you mean IP packet?
Konerak  2010-05-30 20:45:07
Thanks @Konerak. The IP address is in the TCP *segment* or in the IP packet. Typo corrected.
Johnsyweb  2010-05-30 20:51:59

related questions

Windows packet sniffer that can capture loopback traffic?
Sockets and Processes in Java
Getting the Hostname or IP in Ruby on Rails
How do I measure bytes in/out of an IP port used for .NET remoting?
How do I read and write raw ip packets from java on a mac?
Tool for degrading my network connection?
How do you find out which NIC is connected to the internet?
How do you parse an IP address string in C#?
Spread vs MPI vs zeromq?
How do you get the ethernet address using Java?
Leaving your harddrive shared
Should a wireless network be open?
Wifi Management on XP (SP2/SP3)
Broadcast like UDP with the reliability of TCP
Default Routes
Optimizing for low bandwidth
What workshops / user groups / conventions do you attend?
Why is Peer-to-Peer programming a hard topic to obtain good research for?
Boundary Tests For a Networked App
Remoting server auto-discovery. Broadcast or not?
How do I interpret 'netstat -a' output
Default Internet connection on Dual LAN Workstation
Objective-C/Cocoa: How do I accept a bad server certificate?
Easiest way to provide VPN access easily for all client OSes?
How to setup Quality of Service?