Learn about IP and how it can point right at you and your location

Introducing the IP (Internet Protocol)

What´s the IP? The topic of IP is a complex one, and here we can only touch on the basics. The reader is actively encoureged to research on their own. For the sake of simplicity, we will say that the IP number is very much like a phone number, identifying EVERY computer ON the Internet with a specific number, UNIQUE TO that particular computer. The IP address is to the computer as your fingerprint is to you: it is unique, such that there cannot be two computers with the same IP address. to see your IP address quick, type WINIPCFG on the START+RUN
IP Internet addresses are 32-bit (4 bytes) long logical numbers, normally written as 4 bytes or octets (in decimal form) using the numbers 0 to 255 and separated by periods, e.g. Althought 8 bits have 256 possible combinations, the 0 and 356 are reserved. Both networks, hosts and clients can only use 0 through 254.

Originally, addresses were broken into classes-A, B, C and the IP addresses were assigned by InterNIC (internet Network information Center) the agency responcible for Internet addressing and managment, and is currently owned by Network Solutions. The class system is no longer in use, but it still can provide an easy way to describe the networks. The first octet or byte is the class.

CLASS SIZE OF NETWORK ADDRESS RANGE Possible Networks Possible # of Computers
per network
Class A Very large, the first octet is the class, the 3 others are for the indivigual computers(clients) from 1.xxx.xxx.xxx through 126.xxx.xxx.xxx, The NIC only assigns the first octet, leaving 24 bits for individual host addresses.
it allows for 16,387,064 computers to be attached to one network (254 X 254 X 254)
Class B Large from 128.xxx.xxx.xxx through 191.254.xxx.xxx, and the NIC assigns only the first TWO octets, leaving the last two octets - 16 bits - for the holder of that Net-ID so this can yeild up to 64,516 computers
Class C Small from 192.xxx.xxx.xxx through 223.254.254.xxx since the first of the four numbers 8-bit values is greater than 191. This means that the NIC assigns the first three octets (callled the "Net-ID") and the owner of that Net-ID can use the the last octet as he wishes for individual Hosts. 621,999,996 This yields up to 254 clients(computers)

NOTE: For more mind numbing information, read the how the Internet works FAQ.

Past: Before the Internet was commercialized, IP addresses were parceled out unsystematically. For example, the address block beginning with the number 192 was broken up and distributed all over the world. Network administrators refer to this block as "the swamp" because of the resulting routing complexity. It was allocated in May 1993. Tracing these older addresses can be difficult.

Present: The Internet Assigned Numbers Authority(Welcome to the InterNIC) allocates blocks of IP address space to three regional Internet registries--Arin-US regions (covering North and South America), Ripe.net NCC (covering Europe) and Apnic.net(APNIC) (covering the Pacific Rim). There is also BetterWhois.com, Global One, Network Tools look up ping trace, DNS look up, Whois.Com.Au
These groups allocate blocks of IP address space to local Internet registries, which assign the addresses to companies such as Internet service providers. ISPs parcel out addresses to customers based on several factors, including geography, to aid overall network efficiency. Tracing many of these addresses is relatively easy.

Future: Internet engineers are preparing to overhaul the existing system of 4.2 billion IP addresses, known as IPv4, with a new, bigger system, dubbed IPv6. While implementation is likely years away, the switch could include a highly organized IP address allocation system based on location. Tracing IP addresses in such a system could be made trivial.

Anything sent over the internet needs a 1. specific origin and 2. a specific destination. For this reason, every computer must have it's own IP address. The IP information is placed in the header of the data being transferred to ensure correct forward and return data transmission.

So Watch your Trail!

Since your IP is attached every time you request a page, that IP address is sent to the page that you are browsing (along with a LOT of other personal information). What OTHER personal information?..Just about everything about your computer- the OS, the name of your computer on the Net(from Net BIOS),
(note: to check the name of your PC on the Net, do the following: find your Network Neighborhood Icon, select Properties, then the Identification tab. Right there is your computer's name, which could have been set by some other piece of software. Change it to something else, click on ok. I believe you'll have to reboot your computer before the change takes affect END of NOTE) your email address, the Time, the Date, Browser Type, Referer from(where you came from or the last web page before the current one even silly things like your screewn resolution, ets, ets

For more info on what information your browser sends out read the The Secret Life of your Web Browser Revealed! FAQ .

All this info (IP address + everything else) can be recorded by the host site through Java/Javascript, a counter, . The newest idea is to include a counter as one single pixel wide hidden inside an image to grab your IP number. Some Bulletin Boards even post your IP along with your post, making it available for anyone to see. This is why we recommend using an anonymizer OR proxy whenever surfing the web, and especially when browsing unknown sites or posting to boards. See the next section (- Anonymous Surfing) for more information on using anonymizers.

Hotmail and other "anonymous" mailers send your IP in the header of your message. We suggest that you use an anonymous Remailer to send e-mail, and include your hotmail address (or other mail address not associated with your own ISP) in the message if you want a reply. One good Remailer can be found at: http://www.gilc.org/speech/anonymous/remailer.html.

For more Remailers, ideas, read Proxies and where to find them,

Remember that its best too err on the side of caution. The fewer that see your IP, the better.

Static vs. Dynamic IP's

The IP may be Static or Dynamic. A static connection means that your computer has one specific IP address assigned to it, and keeps that number irregardless of whether you are logged on or off the local network or the internet. A dynamic IP means that when you log onto the network, your ISP (Internet Service Provider) assigns you the next available IP address from its bank of available addresses. That address remains assigned to your computer until you log off. The next time you log on to your ISP, you will most likely have a different IP number. The ISP computer writes in its internal log file "at hour xxxx date xxx the user xxx is using the xxx.xxx.xxx.xxx account".
Dynamic IP's are used by nearly every ISP. The reasons for this are simple. First, with more and more people accessing the internet, many with multiple accounts, there would be a shortage of available IP addresses if everyone had there own. Also, assigning each computer a static IP would tend to make a mess for the backbone routing systems, causing fragmentation, and a great loss of efficiency of routing, resulting in longer transfer times.

DNS (Domain Name System)

You know how you can just type www.microsoft.com for example and you will be connected to them. Well this is accomplished with the Domain Name System- DNS where an name is mapped to a particular IP address, since it is easier for us humans to rememeber a name than a string of numbers. This adress name sets itself together from all other names.

DNA names are read from right to left, while IP addresses are read from left to right

As an example the IP adress correspondents to the combination for the ftp.urz.uni-heidelberg.de (university - heidelberg - germany). On the left site ever stands the PC name in this example it is "ftp" this name could be any other name too.The administrator sets it up. The next is "urz" this keeps all the PC's in the calculating mashine center together. Followed by the domain "uni-heidelberg" that keeps all the PC's from the whole university together. And at last "de" it's the "top or level" domain for all PC's in Germany.

For these reasons, amongst many, many others, the DNS system is hierarchical. A simplified (but reasonably accurate) illustration should give you a general idea.

Each top level domain (say, .com) has its own server. Within this domain, there are many sub-domains (say, .ibm.com). Within this subdomain there are many machines (say, www.ibm.com) as well as sub-domains (say, .software.ibm.com). Now the administrators at .ibm.com could, of course, list all their machines and respective addresses in the .com DNS server. But that is not the case. What actuall happens when the .com DNS server is queried for a name within the .ibm.com domain, it directs the querier to ns.ibm.com, the primary nameserver for this domain. The ns name usually stands for 'Name Server' (duh). The ns.ibm.com server resolves the query and returns the address of the machine. This makes the .ibm.com admins happy, the .com admins happy and the traffic and demands on the .com links and machines are very much reduced. Everyone wins.

Mail addresses usually have a form somewhat like the following 'someone@somewhere.com'. Those of you who are still with me are thinking 'Hey!, isn't somewhere.com a domain? How can you send mail to a domain instead of a machine in a domain?' Well, that's another nice thing about DNS. You see, the DNS server for .somewhere.com has what is called an MX record (MX for Mail eXchange) that points to something like mail.somewhere.com. The mail you send to someone@somewhere.com will be directed to someone@mail.somewhere.com and you have to admit, someone@somewhere.com looks a lot better than someone@mail.somewhere.com. Right? I thought so.

So as you can see, domain names and email addresses are read right to left, not left to right like an IP address.

URL structure

URL stands for Uniform Resource Locator or Universal Resource Location or a variation thereof. The schools of thought vary here, but then again, they often do. (An aside, there is a popular window manager for X called FVWM. The manual page states 'No, I don't know what this means either, but what the hell, this is an acronym-based society anyway.' - learn from this). URLs have the following structure:


Usually you only see them as http://www.ibm.com or a variation thereof. This means, literally, 'connect to www.ibm.com using the http protocol and get whatever it gives you after passing along a few standard headers. Well, it does if you type it into your browser. If you do it by hand, that's another matter enitrely. Now, your browser 'knows' that the standard port for http traffic is port 80. It also knows what it should pass once it gets a connection. It then processes what the server gives it and, hey presto, you have a page to read. Now as an exercise, try doing this manually.

What about the ISP logs?

Okay, so now you know that your ISP has a log of who is logged in under which IP number at any particular time. They also maintain a log of data transfers, logging each transfer of information, the originating IP, and the destination IP. So it is a routing process to do a search of the logs and find any illegal activity, and associate it with the exact computers involved. So know that the ISP can and will have a nice log of at least all of your recent internet activities, all emails sent and receaved, ets. I still hear of cases of people getting caught sending and reseaving unapproprite unencripted images using their work or home email accounts, or using their work accounts to "surf the Web" looking at porn. Majorly silly, eh?? I say they deserved to be caught. ^_^

So why do the ISP's maintain logs of all internet activity? Well, for several reasons, depending on the countries they are in. Some law enforcent agencies require them to. Other ISP's just like to cooperate with the cops, in case to protect their backs. Your workplace will defiently monitor your Internet usage. But if you ask them , they will say they do it mostly for the purpose of debugging. If the ISP servers develop a problem or they crash, technicians may scan the logs to determine if a particular transfer was involved with the problem. Riiiight.

Now consider a normal day surfing the web. In a normal day I can download/upload 2000 or 3000 files (the gifs of the pages, the wallpapers, etc. etc.). Now if the ISP has 10000 or more clients (normally an ISP needs at least 10000 users to survive)that results in: 10000 x 3000 = 30,000,000 operations in a day. Every line has 128 lines (or bytes) = 3.840.000.000 bytes... The logs takes 3 Gigs from the disk !!! :) but thats a drop in the ocean to the storage devices available now. So again, watch your steps ^_^ and learn how to use a proxy quick.

The Dangers...

However, if a federal agency has a search warrant with probable cause, they have the authority to demand a search of the logs. If the logs for that time period are available, they can trace that data transfer to you. If almost anyone else gets your IP address and tries to identify you, they have practically no chance of doing so.

Your biggest danger is if you are using a computer at work, at school, or in a public library. They keep their own logs, which are usually much smaller than a regular ISP. They also have more incentive to search their logs, to keep their image clean, and keep an eye on the activities of their employees/students. We recommend that you do not use such computers for any questionable activity.

Let's continue even deeper:

Names and addresses used in this document are not meant as valid.


The internet runs on a suite of protocols collectively known as TCP/IP. The TCP and IP protocols form the backbone for most connections. IP stands for Internet Protocol. It is the routing protocol that delivers packets from one machine to another. TCP stands for Transmission Control Protocol. This is the protocol that sets up and maintains the state of a connection. One of the nice things about TCP and UDP is that the ports that various services run on have a scheme that has become de facto by now. If you're not sure what I mean, take a look at the file /etc/services, it has read permissions for all users on any sane unix system.

Name lookups

The IP stack of a given device has a network address known as (surprise!) the IP address. It is a 32-bit number usually represented in what is known as the dotted-quad notation. This means that the 32-bit field is divided into 4 8-bit fields and each field is represented as a decimal number. These numbers are seperated from each other with a period. This gives us the familiar form of ''. As more and more machines became connected to the internet it became increasingly inconvenient to remember all the different addresses. To save time, effort and major headaches all-round, the wonderful service of DNS was invented. DNS stands for Domain Name Service. Its purpose is to translate names to addresses and vice-versa. Thus, when you connect to a machine called 'www.somewhere.com' your program connects to its DNS server and requests a translation to an IP address. Upon receiving this address it proceeds to connect to it. Now having one DNS server that has a database with all the addresses on the internet in it might sound alright, but once you start thinking about it, you run into some major difficulties. To name but one, you'd rarely be able to connect to it, as the whole world would be trying exactly the same thing. The machine would get swamped with requests and the stream leading to it would be bogged down with DNS traffic. To name another, the maintenance would be hell. Helpdesk work would almost be preferable.

This is a simplified version. Setting up a DNS server is certainly no task for beginners and can wreak havoc on other DNS servers if incorrectly configured. Needless to the, the admins whose setup you disturb will not look kindly on your efforts. For more information, go to your nearest RFC archive, do a web search or buy a book on DNS (try DNS/BIND from O'Reilly).

There are two extras I would like to point out here.
  • Many sites on the web are 'virtually hosted'.
    This means that the people who maintain the site are not responsible for the networking setup and can get on with putting flashy animated .gifs on their site without worrying about setting up a permanent internet link, monitoring it for unwanted traffic or other activities that require a competent sysadmin, all of which cost a lot of money that small companies simply cannot afford. These sites are hosted by a different company that has (one hopes) high-speed links, competent admins and a love for networking. Oh, and of course, want to make money. There are a number of possibilties in this case and most of them involve DNS directly. One of these is that the company has its own machine with its own IP address. In this case, the name maps to the address, which in turn will lead the connection directly to this machine's web-server. Another possibility is that the site is 'virtual'. This basically means that the web-server will determine which site you want to access based upon the requested URL.