Where is that IP

I would like to know how I can go about finding the location of an IP number. Are the numbers unique or only regional?


AFAIK, all IP addresses are both unique and regional - very very roughly, the first block of digits is the region, the next few is the country, the next block is the organisation, and the final block the individual computer. The best site I know for finding out where an IP emanates from is http://www.samspade.org - scroll down to find the “IP Whois” button.


IP addresses are regional, only in the sense that distributors of them (such as Covad as one example), are regional. But they aren’t distributed like phone numbers, where (408) is in Northern California, 867 is in the Saratoga suburb, and 1234 identifies the house.

However, hosts which use IP addresses do have physically locked positions, and there are large maps of them out there. Such as:




Thakk you jjimm and Bill H.

I tried SamSpade but it couldn’t find the number. It said that the database was closed to further quiries.? don’t know hat that means.

cello.cs warned that it probably could not find all IP’s.

geobytes, however, did the trick. Right down to the city.

Next question, if I may…

How do I go about finding the IP server that’s used by a nik on a chat channel?

Many thanks, guys.
Googling, wasn’t much/ ANY help in this.

Are you trying to track down someone from chat? :confused:


Track down the Ip and country and city/town. Not the person. Only the location.

Any suggestions?


Remedial TCP/IP:

High order bits = network number.
Low order bits = host number within network.
All ones = “everyone.”
All zeros = “me.”

Address space divided into four “classes” yielding a different size and number of networks per class. Networks may divided into subnets for more efficient allocation within a network.

Class A = nnn.hhh.hhh.hhh = 127 networks * ~2 048 000 hosts.
Class B = nnn.nnn.hhh.hhh = 16 384 networks * ~64 000 hosts.
Class C = nnn.nnn.nnn.hhh = 2 097 152 networks * ~254 hosts.
Class D = nnn.nnn.nnn.nnn = used for IP multicasting.

Shortage of address space led to adoption of CIDR (Classless Inter-Domain Routing) which allows networks to be composed of IPs drawn from one or more classes; this means the owner of a particular IP can no longer be reliably determined by network number alone. Conservation methods such as dynamic IP and proxying make it equally difficult to identify a particular host within a network as an organization with dozens or hundreds of clients can be served using only a handful of IPs.

useful protocols

Though Microsoft Windows sports possibly the worst implementation of TCP/IP available under any operating system, there are a few goodies available to you though the DOS Command Prompt:

ping nnn.nnn.nnn.nnn - Tests whether the host belonging to IP number nnn.nnn.nnn.nnn is connected to the network.

tracert nnn.nnn.nnn.nnn - Displays the name and address of every router between you and the destination. Useful for finding out, as LowerLip described it, “the IP server that’s used by a nik on a chat channel,” i.e., which organization owns a particular IP number and very frequently their geographical location.

nslookup name or nslookup nnn.nnn.nnn.nnn - converts a name (straightdope.com) to an IP number ( and vice versa.

Well, OK, I think you have what you need here for part of it, right?

I mean…you can take the IP and find a guess as to where it is from WHOIS and other services. So the break in the chain is you want to find out what IP a person is using in chat? It would depend on what chat program/service you are talking about, really. In IRC, it’s really easy to do. Everywhere else, I’m not sure.

lowerlip, if you’re on an irc service that doesn’t mask ip addresses, and you’re using mirc, you can use my handy-dandy geo-locater… Add the following line to your aliases file (type Alt-A, add this line at the very end, and choose save). Note that this is all one line.

/geog /run iexplore.exe http://www.networldmap.com/TryIt.htm?GetLocation&Template=demo.htm&ipaddress= $+ $dll(resolve.dll, HostToIP, $mid($address($1,2),5,100))

Now you can type “/geog fred”, where fred is a fellow irc user, and up will pop a web page showing where he is geographically. It’s been a while since I did this, and I can’t recall if the “resolve.dll” is built into mirc, or if I had to find it elsewhere. If it doesn’t work, lemme know.

Let’s try that without URL parsing. And sorry for mispronouncing your name, LowerLip

/geog /run iexplore.exe http://www.networldmap.com/TryIt.htm?GetLocation&Template=demo.htm&ipaddress= $+ $dll(resolve.dll, HostToIP, $mid($address($1,2),5,100))

Anthracite, Bill H., KoalaBear

Thank you for the help. I’ll spend the weekend putting the informaton to work. I’ll let you know the results.


Keep in mind, too, that it’s fairly trivial to bounce your traffic through a proxy somewhere and therefore mask your location. In 99% of the cases this won’t happen, but if you’re tracking someone “suspicious” (let’s say someone you suspect as having launched an attack on your computer) it could easily be the case.

With no offense to jjimm, that was possibly the most entertaining interpretation of IP address structure I’ve seen yet. :smiley:

I did say “very very roughly”. :wink:

I used to have a link to a now-defunct website that had a list of all known IP addresses, and they kind of broke down like that, hency my reply.

I’ll shut up now.

I’ll chime in to echo and build upon ed’s warning about proxies.

I’m also assuming that you’re interested in this originating IP information because you are the victim of network unfriendly activity.

The first thing script kiddies learn about not getting caught is not to use connectivity that is linked to them in any way. It is much easier to trade compromised or fraudulent internet accounts, or better yet…just scan for a few hundred virus-infected hosts and remotely connect to them during a day at the DOSing office. If the activity is traced back to Grandma’s owned box 10 states away…no skin of their nose.

Have you tried sending in an Abuse complaint? If they aren’t trying to hide their tracks, a warning e-mail or phone call from their ISP might solve your problem.

Another thing to keep in mind that people tend to forget is that if you’re tracing down an IP address, the person at the other end of it could be pretty much anywhere. What you’re really going to find out is where they’re connected to.

While the way most ISPs are setup would tend to lend itself to the type of trace you’re trying to do, it’s not a guaruntee. Joe Q. ScriptKiddie (assuming he took no explicit steps to hide his origin) could be dialed into a NYC UUNet POP, but he could very well be in southern florida for all you know - All you’re going to get back is that he was dialed into NYC at the time.

Like I said, not terribly likely, but it is a possibility. I’m not sure how commonplace 1-800 (usually used for “roaming” access) dialin numbers are with large ISPs now, but it would screw up your geographic search pretty quickly.

It’s even less likely in the case of DSL, Cable, etc. But I thought I’d point it out anyway.

Bill H.

I tried the code line, but what happens is that when Geo is loaded ‘$dll(resolve.dll…’ appears in the Ip address box.

I have also noted that while some niks have an Ip number, many do not. They have alpha-numeric identifiers and a country ending.

Is there a way to decode the alpha-numeric location to an Ip number and then slot that into Geo?


I believe you are refering to the reverse DNS of an IP.

My IP address is currently []. The reverse DNS of my IP is: user-1120pk4.dsl.mindspring.com.

Simplified: Forward DNS maps names to numbers…Reverse DNS
maps numbers to names.

I think you’ll find the “Do Stuff” field in Sam Spade should be able to convert your alpha-numeric reverse DNS to a numeric IP for you…or go the other way just as easy.

How the reverse DNS looks depends on the naming conventions of the owning network. Sometimes the country of origin is included, sometimes it is not.

thanks for the info honeydewgrrl

I’ll do just that.

With reference to Bill H. I would like to steamline the location with just a click on the user nik.

Thanks for the info on SamSpade and I’ll delve into it further.