Before Caller ID was introduced to telephones, people with telephones couldn’t tell who was calling them, either before they picked up the handset or even afterwards. There was no up-front “call screening” nor was there any way to tell the phone number of the caller even once the call was answered. Starting in the 1970s, Caller ID has been a standard feature on both analog and digital telephones as well as VoiP, so caller identification is pretty much standard these days.
The idea of identifying who has sent you a communication over the Internet is, however, somewhat more difficult. As you’ve probably seen on crime TV shows, the signal can bounce around all over the planet, effectively obscuring it’s origin. This may be by design, as hackers like to hide the source of their malware, or simply due to the realities of load balancing, as the Internet regulates itself to provide the fastest delivery speed.
Let’s start at the beginning. Each and every computer on the Internet has its own address. It’s called an “IP” address, which stands for “Internet Protocol”. When combined with a high level protocol like TCP (which stands for “Transfer Control Protocol”), a connection between a sender and a receiver is established over the Internet. Just like your physical home address establishes a place for you to receive physical paper mail and the U.S. Postal System delivers it to you from the sender, IP addresses e-mail and sends it to the Internet e-mail system and then TCP delivers it to the correct IP address.
All IP addresses look the same, usually four sets of up to three digits, separated by periods. Like 192.168.24.56. There’s a lot more to IP addresses, which you can find out about if you click HERE and also HERE, but for purposes of our discussion, this is sufficient.
You should know that, even if you only see someone’s “Domain Name,” like eBay.com or TheComputerCoach.net,” there is still always an underlying IP address for that domain name. Available free online software like HCIDATA that can translate back and forth between domain names and IP addresses for you, just like you can type in either the domain name or IP address in most browsers and you’ll be taken directly to the desired web page.
The problem with tracing IP addresses is that most of the time you will only see the last “hop” before the missive reaches your computer, if that. But the e-mail may have been sent between servers many times on many continents before it reaches that last hop. So that doesn’t help you identify the point of origination. The originator may have used something like an “onion” router (like Tor), which peels away and erases each “hop” (or layer) as it continues on to the next server. Therefore, more sophisticated software is necessary to make a full identification.
Moreover, the information you get may be limited. It’s not like Caller ID, where you may get a caller’s name and phone number. Despite the magic you see on TV crime shows, you’ll not get any private information such as a name, street address or telephone number. You will get a general location by country and area.
Tracing IP origins falls into two categories: E-mails and web pages. Most commonly, people attempt to trace the origin of e-mails sent to them in order to determine if they’re true, or whether they’re spam or worse. So let’s take e-mail tracing first.
With respect to e-mails, you can trace their origin by locating and pasting the header into a free online program like LevineCentral’s Mail Parse or ipTRACKERonline.com. O.K., so what’s the header and where do I get it to copy and paste. And remember, you need he complete header, so that you can trace the entire route from the sender to the receiver. It depends on the way you’re retrieving your e-mail.
Extracting the headers varies with each e-mail program. Here are the common ones:
Gmail – Open the e-mail message, then click the down arrow adjacent to the Reply link in the upper right corner of the e-mail message, then click Show Original.
Hotmail – After logging in to your account, click on the Options tab on the top navigation bar, then click on the Mail Display Settings link. Change the Message Headers option to Full, then click the O.K. button.
Microsoft Outlook – Although it varies with the version, generally you click File on the menu bar, then Properties from the drop-down menu, then locate the internet headers at the bottom of the popup window, which you can highlight, then copy and paste.
Microsoft Exchange – Although it varies with the version, generally you click File on the menu bar, then Properties, then the Details tab. After that, click Message Source, then highlight, copy and paste.
Yahoo – Once logged into your account, click on the Mail Options link on the left nav bar, then click General Preferences on the right. Locate the Show Headers heading, then select All. Copy and paste.
Once you’ve found the complete e-mail header, copy and paste it into the box in one of the referenced programs, then click the “Go” or “Get Source” button.
Copy and paste it into the box in one of the referenced programs and click the “Go” or “Get Source” button.
Of course, even with the complete e-mail header, you may not be able to determine the true source of the e-mail. This could be because the sender may be hiding behind a server which is only a gateway (like a GoDaddy web hosting account) or because the header itself is “forged” to purport to be coming from somewhere it really isn’t. There isn’t much you can do about this, except to view it as a possible “red flag” if you’re concerned about its content.
[By the way, if you want to find your own IP address, there are also online services for this. Go to whatismyip.com or ipchicken.com and you can get it quickly. This is useful when tech support requests this information and you’re clueless.]
Looking up the origin of web pages is a slightly different process, requiring different methods and software. The following are a few different IP tracing methods:
First, open the Command Console on your computer (if you have a Mac, it’s called the “Terminal”). On a PC, you click “Start,” then All Programs, then Accessories, then Command Prompt.
From the command console, you can first simply “Ping” an address (URL) that you have found by using one of the online services discussed above. Typing “ping” before the address, will send out a signal to that address and bounce back with website information as well as the time in milliseconds that the trip took. So, if you type “ping www.thecomputercoach.net” you will receive return information, including the IP address.
From the Command prompt, you can also take the IP address from the e-mail header, then type “who is 190.234.567.22” and you will receive more detailed information.
Another alternative is to try the geo-location of an IP address. First, obtain the IP address by one of the methods discussed above. Then, go to an online site like IP Lookup or IP Geolocation and find a site that will offer geolocation information for that site.
Finally, try Traceroute. Again, open the PC Command Console. (on Max OS X and Linux, open a shell), then type the command “traceroute <ip address>”. You’ll get a step-by-step analysis along with with the time consumed by each step.
There are tools, many of them free, which will graphically and visually trace the route to a website from the U.S., Europe and Asia simultaneously. See, for example, www.monitis.com/traceroute/.
Most of these traceroute tools are for network professionals who are trying to detect bottlenecks in delivery of their web pages. However, because they identify the source of the web pages, the information may become useful in detecting malware. First, you can find out if that e-mail or web page is really from, say, Florida, as the content seems to say. Or if that e-mail is really from the person or company you think it’s from. If it originates in Russia, you’ve already got a pretty good idea that it’s not what you think it is, and is probably a hoax, spam or (even worse) a carrier of malware or viruses.
As with anything computer, there are several ways of accomplishing anything, and this is no exception. You’ll find that different methods may achieve slightly different results.