ip tracing

Say, the victim has registered a domain name and you want to use it to find out the city in which he resides. Now, one thing to remember in this case is that, if the victim has registered the domain name using any of the various free .
com registration services like Namezero.com etc, then the domain name would probably be registered on thecompany’s name and not the victim’s name. So, a WHOIS query will give information on the ISP and not the victim.

NEWBIE NOTE: The WHOIS service by default runs on Port 43 of a system. Try performing a WHOIS query by
telnetting to Port 43 and manually typing out the query. I have never tried it, however, it might be fun.

Yet another and probably the second most efficient method (after Reverse DNS queries) of tracing an IP to its exact geographical location, is to carry out a ‘traceroute’ on it. The ‘tracert’ or ‘traceroute’ commands give you the names
or IP’s of the routers through which it passes, before reaching the destination. Windows users can perform a trace of an IP, by typing the following at the command line prompt:

C:\windows>tracert IP or Hostname
For more information about the usage and syntax of this command, type: ‘tracert’ at the command prompt. Anyway, now let us see what is the result, when I do a tracert on my IP. Remember I live in New Delhi which is a city in India. Watch the names of the hostnames closely, as you will find that they reveal the cities through which the packet passes.

C:\windows>tracert 203.94.12.54
Tracing route to 203.94.12.54 over a maximum of 30 hops
1 abc.netzero.com (232.61.41.251) 2 ms 1 ms 1 ms
2 xyz.Netzero.com (232.61.41.0) 5 ms 5 ms 5 ms
3 232.61.41.10 (232.61.41.251) 9 ms 11 ms 13 ms
4 we21.spectranet.com (196.01.83.12) 535 ms 549 ms 513 ms
5 isp.net.ny (196.23.0.0) 562 ms 596 ms 600 ms
6 196.23.0.25 (196.23.0.25) 1195 ms1204 ms
7 backbone.isp.ny (198.87.12.11) 1208 ms1216 ms1233 ms
8 asianet.com (202.12.32.10) 1210 ms1239 ms1211 ms
9 south.asinet.com (202.10.10.10) 1069 ms1087 ms1122 ms
10 backbone.vsnl.net.in (203.98.46.01) 1064 ms1109 ms1061 ms
11 newdelhi-01.backbone.vsnl.net.in (203.102.46.01) 1185 ms1146 ms1203 ms
12 newdelhi-00.backbone.vsnl.net.in (203.102.46.02) ms1159 ms1073 ms
13 mtnl.net.in (203.194.56.00) 1052 ms 642 ms 658 ms

So, the above shows us that the route taken by a data to reach the supplied IP is somewhat like this:

Netzero (ISP from which the data is sent) ---à Spectranet (A Backbone Provider) -----à New York ISP ---àNew
York Backbone -à Asia --à South Asia -à India Backbone --à New Delhi Backbone --à Another router in New
Delhi Backbone ---à New Delhi ISP.
So, basically this tracert does reveal my real location, which is: New Delhi, India, South Asia. Get it?
Sometimes, doing a ‘tracert’ on an IP, does not give useful information. You see in the above example, the
hostnames returned revealed the city or country in which the system is located. Although, more often than not, you will get such helpful hostnames, sometimes the hostnames returned are very vague and unhelpful. So what do you do then? Well, fret not. Simply do the below procedure. Let us say that the trace ends at the hostname abc.com. This is very vague and gives absolutely no clue as to where
the system is located. However, what you could do is, launch your browser and

visit: http://www.abc.com/ Now, abc.

com is probably an ISP and an ISP, will definitely give its location and the cities in which it operates. So, you could still have a good chance of learning the definite city of the victim. A very interesting utility is the VisualRoute utility, (http://www.visualroute.com/) which traces a hostname or IP and shows the path taken by the packet to reach the destination on a world map. It is very useful and reveals some excellent information. However, it sometimes does tend to be inaccurate.