IP Addresses - finding out

Can any one please tell me how (if) I can find out the location of a particular IP address? And how I can find out if my ip address changes or is static?
I’m still on the trail of sorting my Norton Internet Security as started in this thread, but am attacking it from a different angle. http://boards.straightdope.com/sdmb/showthread.php?s=&threadid=183071 (hope this doesn’t count as a double thread)

IP Address Locator

Oh, I just found out about the Sam Spade (http://www.samspade.org/t/ipwhois?a=239.255.255.250) from Rapunzel’s “email trace” thread (http://boards.straightdope.com/sdmb/showthread.php?s=&threadid=184319). That’s great, BUT …

Now I have traced the IP (239.255.255.250) and know where “System 32\svchost” keeps trying to link to at nearly every internet connection . I don’t know what to do next.

Any ideas please?

svchost seems to be a generic program launcher. See this page for a writeup.

If you know how to use regedit without blowing up your system, I’d look at this:

Check your keys, check your running services, and see if anything in there looks virus or trojan-related. Once you find the real culprit, you can do research on the program that svchost is launching.

You might get better/more responses if you state what your end goal is, rather than asking for the bits of information you think you need to accomplish that goal.

-lv

Oh, I just saw the address it’s connecting to. Will do more research, but I think that’s just autoupdate checking in. try googling for that address and/or uPnP.

-lv

Here is a well-researched paper on the subject (warning, PDF). Basically, ifyou have your own router, it should just drop the packets, if not, your ISP should well before it gets onto the public internet.

-lv

You know, if you use that IP Address Locator and this site it can get pretty creepy…

If you download Process Explorer from www.sysinternals.com you have what amounts to Task Manager on steroids. In particular, you can open up processes such as svchost.exe and find out what the command line was - this will give you a good idea of what it’s really doing.

Could any of this info be used to block spam? I’m currently running at about 50%…

Only if you do two things:
[ul]
[li]Successfully trace the spam down to its actual source, ignoring all of the blinds and false leads the spammers set up to discourage that.[/li][li]Make the ISP give a damn that one of its paying customers is spamming you, who are not a paying customer.[/li][/ul]Those things are tougher than you might think, given the sophistication of some spammers and the general assholish nature of spamhaus ISPs.

Thanx for suggestions, especially to LordVor, here’s some feed back:

From igknighttec.com…'s suggestion I did the run command, typed in tasklist /CVS but to no avail, and the program wouldn’t end properly either … but I don’t know if I would have understood the results anyway :frowning:

The PDF helpdesk suggestion (from pcplus) was v enlightening. So it is the devil’s phone number broadcasting “here I am” to all and sundry on ssdp 1900! But I followed the instructions with baited breath (it wasn’t quite as written but I got there). The Universal plug n play box WAS ALREADY UNCHECKED!!! Arrrrgh! Now what???

Well, LordVor, to answer you, what I want to do is be a private individual, send and receive email (Office Outlook), do some surfin (IE6), maybe in the future upload a couple of web pages (If .docs can go to FTP). What I don’t want is to be attacked, which seems to happen daily if I am on the net longer than 10 minutes (NIS firewall seems to fend them off, although ‘packets’ get dropped - whatever that means), nor do I want have my puter conversing to whomsoever behind my back. Thankfully I v rarely get spam on my pop3 account, so I am not worried about that.

Thanx to DarrenS, but that is just too scary for likes of me!!

In case it may help someone to help me further with this, and I’d be so glad to be able to put this damn thing to bed, when the svchost thing wants to get out (and occasionally I can’t get out to places I have already been, unless I permit it) it shows this:

Program: C:\WINDOWS\System32\svchost.exe
Module: C:\WIN… …32\wbem\wbemsvc.dll
Module: C:\WIN… …32\wbem\wbemprov.dll
Protocol: UDP (outbound)
Remote address: 239.255.255.250:ssdp(1900)
Local address: (here is where things differ each time)
Serviceport 1431 (or another number - higher number each time)
(0r it may say…) 81.131. - then another two sets of digits which vary: 1517 or other (port?) number, again higher number each time. And I did get a “ms-sql-s(1433)” with that.

I originally thought this last lot may have been MY computer’s ip which changed each time, but now I don’t think it is. I still don’t know what mine is and if it changes.

Big thanxes from a fried-brained Swirdle.

PLEEEEEASE, can anybody tell me where to find my own IP address (and how find out if it changes) ??? I have XP.

Thank you.

To find the ip of your local system, the easiest way is to go to http://www.dslreports.com/whois and click the box that says my current IP is

Well, I went to MannyL’s site suggestion yesterday morning, last night, AND this morning; maybe I’m not doing it right but I variously received some “failed” & Done (in taskbar), or nothing & error messages. Arrrrgh!

I just don’t understand why so many brick walls, especially after all the help you guys have given.

Many thanx.

Go to Start…Run (or Windows-Key and R).
Type “cmd”
In the command box, type “ipconfig /all” (without the quotes)
It comes up with a list of things. If DHCP is enabled then your IP changes, but it depends on your ISP exactly how often that happens.
Your IP address is listed there under “IP Address”