Catching a Thief via His IP Address

Reply

  #1  
Old 06-08-05, 08:26 AM
W
Member
Thread Starter
Join Date: May 2004
Posts: 87
Received 0 Votes on 0 Posts
Catching a Thief via His IP Address

Assuming I can persuade a criminal/thief to visit a particular website and know for a fact he is the only person visiting the site, is it possible to figure out his location based on his IP address? Iím sure itís possible for the feds to do, but is it possible for anyone else to do? I had someone recently steal some valuable electronic equipment from my home. Iím going to try and lure him to a webpage Iíll design that tracks visitors. Iím going to put up signs in my neighborhood telling him I have his picture via surveillance (I actually donít, but he doesnít know). I know the serial number from some of the equipment. Iíll suggest to him to visit the website and make part of the address the last 4 digits of a serial number on a particular piece of equipment. That way, only he will know the address and he will be the only visitor. I donít think this person will be sharp enough to realize what Iím doing. Iíll tell him that Iím dealing with privacy issues regarding making his pictures public, but I want him to know I have his picture (something along those lines) to lure him to the page.

Thanks,
William
 
Sponsored Links
  #2  
Old 06-08-05, 10:13 AM
J
Member
Join Date: Sep 2002
Location: welland ontario
Posts: 7,520
Received 236 Votes on 207 Posts
You can track him his ISP. Any further than that will require the cooperation of his ISP.
 
  #3  
Old 06-09-05, 07:09 AM
W
Member
Join Date: Jan 2005
Posts: 49
Received 0 Votes on 0 Posts
In a nutshell, no - it's not possible for the average user to track a web site visitors identity via IP address. Using standard TCP/IP tools will only get you as far as his ISP's border router (router separating ISPs network from the public internet), and that only tells you (maybe) which city he lives in.

Even if you could see his IP address, what would it tell you? It will be a dynamically assigned private network IP address and one that is used by thousands of computers all over the world at the same time.

You might be able to do this by using a packet sniffer to look at the Ethernet frame. There will be a source and destination MAC address (this is a hardware address that is [in theory] unique to every network device in the world, whether it be a router or a NIC). In an 802.3 Ethernet frame, the source MAC comes right after the preamble (the preamble is 8 Bytes, the MAC address is 6 Bytes). Incidentally, you should see your MAC address (the destination address) in the 6 Bytes after the source MAC address.

Now, I've never had occasion to do this, so I'm not sure it works. Most likely you'll get the MAC address from the ISP's router, not the users' Network Card. Maybe somebody else here knows for sure.

But even if you do get the MAC address, which is a pretty iron clad indicator, how are you going to know if this is the MAC address on that person's computer NIC? You're going to have to get access to his computer and see for yourself by running an ipconfig (of ifconfig if its a linux box). The ISP might not even know this persons true MAC address (as almost every firewall has a 'MAC spoofer' incorporated into it nowadays), and they wouldn't release that information anyway.

One thing to be aware of -- if this person uses a "third party" proxy server service, you won't get any further than the proxy server.

A more elegant solution, if you going to go through the trouble of creating a website for this person, is to entice him into entering personal information on that webpage. That's far easier than hacking through an ISP's network.

Let us know how you do!
 
  #4  
Old 06-09-05, 10:34 AM
R
Member
Join Date: Sep 2003
Location: Central New York State
Posts: 13,973
Received 0 Votes on 0 Posts
Actually winjer, his IP address will not be a private IP address, but rather the public IP address that his ISP assigns him. Private IP addresses are not transmitted across the Internet, and cannot be routed anywhere except locally.
 
  #5  
Old 06-09-05, 11:51 AM
W
Member
Thread Starter
Join Date: May 2004
Posts: 87
Received 0 Votes on 0 Posts
Thanks for the Responses

I appreciate the responses. I'll let you know if we catch him. I'll have to get really creative.

William
 
  #6  
Old 06-09-05, 03:42 PM
W
Member
Join Date: Jan 2005
Posts: 49
Received 0 Votes on 0 Posts
Eng Bob:

Isn't the PAT done at the ISP's border router(s)? IOW, the public IP is only used from the WAN side of the "senders ISP router" to the WAN side of the "receivers ISP router"? Once the packet is in the ISP's network, doesn't the ISP's network addressing scheme take over? (and I guess this could be either public or private at that point).

I understand Verizon using public IP's in its network (since it IS the internet), but what about "joes gas station and ISP?". Doesn't Joe register one public address and connect his 100 customers via private addressing to that one public port via PAT?

be gentle. I don't do this for a living.
 
Reply
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: