IP Tracing

IP Tracing

Getting the Internet Protocol or the IP Address of a remote system is said to the most important step in hacking of a system. Sometimes, however we get an IP in order to get more information on someone or some host. But, how can
an IP Address be used to get more information on the location etc of a system? Well, this manual is aimed at answering just this question.
Actually, the IP address (Actually the entire TCP/IP Protocol) is structured or designed such that one cannot tell as to in which country a system having the given IP is situated, by simply looking at it. An IP Address has no fields, which
tell you the country in which the computer using it resides in. So, all myths like ‘The Second or the third field of an IP stands for the country in which the system using it resides’ are definitely false and untrue. However, yes sometimes one can guess or deduce as to in which country and even in which city the system using an
IP resides in, by simply looking at the first three fields of the IP. Let us take an example to understand what I mean to say by this. Now, before I move on the example, let us understand how exactly IP Addresses are awarded to you.
Firstly, your ISP registers at the central authority and gets a particular range of IP addresses between which the various customers (people who dial into their servers) can be awarded IP addresses. Most ISP’s are given a Class C
network Address. A class C Network address contains a 24-bit Network Prefix (the first three fields) and an 8-bit Host number (the last field). It is referred to as "24's" and is commonly used by most ISP's.


Like in the real world, everyone has got an individual Home Address or telephone number so that, that particular individual can be contacted on that number or address, similarly all computers connected to the
Internet are given a unique Internet Protocol or IP address which can be used to contact that particular computer. In geek language an IP address would be a decimal notation that divides the 32- bit Internet addresses (IP) into four 8-
bit fields.


Does the IP address give me some information or do the numbers stand for anything?

Let take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the
network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:


Address Class Dotted Decimal Notation Ranges


Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx

Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx

Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx

The various classes will be clearer after reading the next few lines.
Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix. In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's". A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as "24's" and is commonly used by most ISP's. Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a
new network could be installed at their site. This is where sub-netting came in.
Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:

xxx.xxx.zzz.yyy

where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain
the same and only the last part i.e. yyy is variable.

For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP,

whose first three fields are 203.98.12. Get it?

So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect
would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses. This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which
ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be. In my country, say there are three main ISP’s:

ISP Name Network Address Allotted

ISP I 203.94.47.xx

ISP II 202.92.12.xx

ISP III 203.91.35.xx


Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I