Summary: Instant messaging programs often do not actually connect directly to the other person. Even when they do the IP address doesn't tell you much.
I recently joined a Website for "Singles" which allows instant messaging between interested parties. I was warned by one of my friends that there are people on this website who have multiple profiles. These people could IM you using one profile today and another profile tomorrow.
My friend suggested that one way of knowing for sure whether these two profiles are two different people or the same person with two profiles, is to check their IP address when the IM window opens in front of you.
Does that work?
•
No.
Having said that there are a couple of very rare exceptions where you can kind of, sort of, maybe tell. But not really.
Let's look at how this all works and why the IP address tells you pretty much nothing.
•
To begin with, you didn't say which IM service is being used. There are of course many possibilities including MSN Instant Messenger, AIM, GTalk, and others. In addition, your dating site may well have implemented their own IM system - it's actually not that hard.
The single biggest problem with IP addresses and most instant messaging services it this: you're connecting to the service, not to the person you're IMing.
It looks more like this:
When you create an instant messaging conversation, you're not connecting to the person you're talking with at all. Instead, your instant messaging program connects to the servers that are used by the IM service. When you send an IM your message is sent to those servers, and then from those servers sent on to whomever it is you're IM'ing.
In fact, let's look at the IP's in use when I have a conversation with an MSN Messenger user. Using TcpView during the conversation I see the following connections associated with my IM client, Trillian:
If I then use the whois lookup at arin.net to see who owns the IP addresses involved, I find:
-
216.155.193.143 - is owned by Yahoo (Trillian is configured to include my Yahoo account)
-
72.14.253.125 - is owned by Google (Trillian is configured to include my Google Talk account)
-
207.46.108.59 - is owned by Microsoft (Trillian is configured to include my MSN Instant Messenger account)
-
207.46.108.19 - is also owned by Microsoft
-
205.188.7.148 - is owned by AOL (Trillian is configured to include my AOL Instant Messenger account)
-
64.12.165.100 - is also owned by AOL
Nowhere in there is the IP address of the party to whom I'm speaking. (To confirm, that "other party" is my wife's place of business, so I know what the IP address would be should it have been visible.)
•
The Exception
Now it's easy to say that "most" IM clients connect you through their servers, but it's also true that some do not. In fact, some instant messaging services allow you to establish a "direct connection". I believe that AIM allows you to switch to this type of connection, and some other services such as Skype actually often operate this way natively in some configurations after the connection has been made.
So let's assume, then, that using TcpView during an IM conversation you're able to capture the IP addresses used by your IM program, and one of these represents a direct connection to the person you're messaging.
What can you tell from this IP address?
Pretty much nothing. Still.
-
They could be behind a router or proxy provided by their ISP. This means that any number of people could "appear" to use that same IP. There's no way to tell which user that is(*).
-
Similarly, they could be behind a router or proxy provided by their school or place of work. Once again any number of people could "appear" to use that same IP, and there's still no way to tell which user that is(*).
-
They could be behind their own router at home as I so often recommend. Any number of machines could be behind that router, and there's no way for you to tell which machine you're conversing with.
-
And finally, even with the IP address of a specific machine or location, there's no way for you to tell where that machine is located(*). The best you can do is identify the ISP that's providing the internet connection to the person you're conversing with.
(*) Yes, there is a way to tell exactly what machine is represented by an IP address in most cases. But you can't get it. You need the cooperation of the ISP that provides that other person's internet connection, and that typically requires a court order or other law-enforcement involvement.
So unless you can convince law-enforcement that they should get involved, even having the IP address tells you pretty much next to nothing.
You simply cannot rely on an IP address to mean the same person. IP addresses could be shared, and you can't even imply that an IP address changing means that the person has changed - IP addresses could be reallocated. While you might be able to make some broad generalizations; for example if one IP resolves to an ISP in the United States, and another resolves to an ISP overseas, then perhaps it's not the same person. But then again, to someone really dedicated to hiding his or her identity, even that can be circumvented.
Bottom line: don't read anything into the IP address until or unless you can involve law enforcement. It's just not a reliable enough indicator.
Related:
-
Ask Leo! - What can people tell from my IP address?
-
Ask Leo! - How do I figure out who owns an IP address?
-
Ask Leo! - Getting all worked up over IP tracing (Podcast with transcript.)
Article C3097 - July 26, 2007
Leo you give excellent feedback
Posted by: theresa at July 30, 2007 6:40 AMI used Abika.com and paid $100.00 to have them trace a AOL Instant Messenger (AIM) screen name. They reported back one week later with the physical address and IP address of the computer. Called the address and got the problem taken care of. Believe me, it's well work the money. They send you an official document also to take to law enforcement if you have to.
Posted by: Rob K at August 9, 2007 2:59 PMhello
Posted by: lucas k at November 27, 2007 12:32 PMiv been having problems with my best mates msn account. some1 hacks into her account and starts giing all her friends grief and its no getting out of had. i just want to know how i could find out the ip address this hacker is using so i can pass it on to the right authorities.
please help!!
an unknown person sent me a message in friendster, can i locate where he is, he may be using a home computer
Posted by: jenny at March 3, 2008 2:31 AMnice article very interesting.i would like to know whether we can just come to know the geographical location of the person we are instant messaging?
Posted by: manmeet at May 29, 2008 8:54 PMhttp://www.tracemyip.org/
this website works
but how does it work..
if u find answer to this question then i think u can find ip adress of a chatter..
try using this below tool to get some awsome queries on ip adresses http://www.foundstone.com/us/resources/proddesc/vision.htm
The "Vision" product looks pretty much like the free tool TCPView available on the Microsoft site: http://ask-leo.com/d-tcpview.
I'll keep saying it: there is NO reliable way to trace an IP address using only publicly avialable information. Only police and law enforcement can do more with a court order.
-Leo
Dear ,
Very nice article . But i could not beleive that ip address tracking while using any IM is impossible as there are certian tools available.
With Regards,
Khalid Rauf.
27-Oct-2008
Actually, I had a chat with my friend using MSN and I could see his ip on netstat, however every other time I couldn't. This was the only time and it was using a quite weird port number (port 35631). I loggod off the msn, and after loggin in again this connection disappeared. Does anybody have any idea what could that be? Thanks for any advice.
Posted by: Mon at November 13, 2008 1:23 PMVery nice article,
here is a good tool to get someone IP address
how to: http://www.myiptest.com/article.php/find-other-person-ip-address.html
link to tool: http://www.myiptest.com/staticpages/index.php/how-about-you
14-Apr-2009
Someone added me on msn, and bascally said:
'ive retrived you IP address and your not who you say you are, im reporting your IP address, expect a letter in a couple of days'
are they being idiots or whats happening?
Im 17 and my parents pay for the internet, i live in Britain, and i havent done anything illegal etc on the internet, besides normal porn which i dont tink is illegal.
The guy hept trying to coax me into going on cam etc and saying i was fake, i didnt even know the person and then he said all that stuff when i didnt go on.
Please Help me
16-Sep-2009