Tracking An Ip How is it done exactly ?

[longtimeago 0]

Hello, im aware that all of us, that is all online users have an IP address and we are tracked by that, so i have an issue regarding tracking IP address. Tracking is really simple if the user has an static IP address, even though if an user has an dymanmic Ip address then too its gonna be really simple for the network admins, all they need to do is that check up their DHCP server as at what time the particular IP was assigned and to whom it was assigned.But what if some one runs a network and it involves those class c Dummy IP's which falls under NATing. Suppose there is a very large network with 3000 nodes in it, the nework is connected to the external world through a router and the router is assigned a static IP and that particular static IP is shown to the outside world. Lets suppose behind the router we have the firewall and it hold the resposiblility of NATing . The entire network has been assigned with class c IP's that is 192.168.***.*** with the required subnet maskNow here in this scenario i understand that when a packet moves form a Node to the outside world the packet cannot move with the class C dummy IP, if the router sees that IP its gonna discard the packet. So for this purpose the packets IP is falling under NATing and the static IP if assigned to the packet and it travels into the internet. Now for all the 3000 will fall under NATing for all the 3000 people the external IP is the same. So lets leave the concept of DHCP like assigning IP address with MAC address etc. The network is so simple that nothing of resolving IP address for the MAC address or something like that takes place. All 3000 have just one IP and they use the internet.Now when some one sends a packet to the external world the packet has the source and the destination address, im sure the destination address is gonna be the address to which the node wanna connect and the source IP is gonna be the Static IP of the router ( the external IP ) .So when a packet out of the 3000 computer in the LAN gets its Source IP translated and moves out of the private network and returns how it gets NATed back and the sender recieves the packet he need ?? I do understand that the MAC address in the data link layer plays a maijor role in this regard.My main doubt is, suppose if someone sends some prank emails or anything from such a large network, all the officials can do is track the static IP and come to the server room ( from where the 3000 nodes access internet ) and in the server room they will maintain a log, showing which IP was assigned to whom. here from this LOG how will the officials find out from which computer that the particular mail was sent ??

[rpgsearcherz 5]

Hello, im aware that all of us, that is all online users have an IP address and we are tracked by that, so i have an issue regarding tracking IP address. Tracking is really simple if the user has an static IP address, even though if an user has an dymanmic Ip address then too its gonna be really simple for the network admins, all they need to do is that check up their DHCP server as at what time the particular IP was assigned and to whom it was assigned.
But what if some one runs a network and it involves those class c Dummy IP's which falls under NATing. Suppose there is a very large network with 3000 nodes in it, the nework is connected to the external world through a router and the router is assigned a static IP and that particular static IP is shown to the outside world. Lets suppose behind the router we have the firewall and it hold the resposiblility of NATing . The entire network has been assigned with class c IP's that is 192.168.***.*** with the required subnet mask

Now here in this scenario i understand that when a packet moves form a Node to the outside world the packet cannot move with the class C dummy IP, if the router sees that IP its gonna discard the packet. So for this purpose the packets IP is falling under NATing and the static IP if assigned to the packet and it travels into the internet. Now for all the 3000 will fall under NATing for all the 3000 people the external IP is the same. So lets leave the concept of DHCP like assigning IP address with MAC address etc. The network is so simple that nothing of resolving IP address for the MAC address or something like that takes place. All 3000 have just one IP and they use the internet.

Now when some one sends a packet to the external world the packet has the source and the destination address, im sure the destination address is gonna be the address to which the node wanna connect and the source IP is gonna be the Static IP of the router ( the external IP ) .So when a packet out of the 3000 computer in the LAN gets its Source IP translated and moves out of the private network and returns how it gets NATed back and the sender recieves the packet he need ?? I do understand that the MAC address in the data link layer plays a maijor role in this regard.

My main doubt is, suppose if someone sends some prank emails or anything from such a large network, all the officials can do is track the static IP and come to the server room ( from where the 3000 nodes access internet ) and in the server room they will maintain a log, showing which IP was assigned to whom. here from this LOG how will the officials find out from which computer that the particular mail was sent ??

On routers you can see who is given a specific LAN IP by the mac address of the specific PC. For example, you can set your router to where everytime 7C-7A-7C-7A-7C-7A-7C-7A logs on to the network, they are given the IP 192.168.1.109. Doing so would keep that IP for JUST that PC. Running DCHP isn't efficient in large networks, so the chances are they have them set up as static(like stated above).

Along with this, PC's have "Names" for LAN as well. So in big businesses they name them to keep track. Something like "DataRoom 1," "DataRoom2," etc. to make them easier to track.

So if you were to send something, the external sources would not be able to tell which PC it was sent from(well...They could by sniffing headers) but they could file a report and it would be easy to tell which PC it came from.

To better illustrate it, here is a list from my router showing who is logged on it:

Host Name IP Address MAC Address Client Lease Time

Blocked out.. 192.168.1.114 xx:xx:xx:xx:0C:7D 1 day 00:00:00
Vista-Ultimate 192.168.1.102 xx:xx:xx:xx:1E:15 1 day 00:00:00
Blocked out... 192.168.1.132 xx:xx:xx:xx:CC:2A 1 day 00:00:00

Using this, it is very clear which PC is on which IP. The PC I'm on now(Vista-Ultimate) is the one ending with Mac Address 1E:15. So a list of all the mac addresses would make this a very easy trace.



Now, I'm not sure if you were wanting to know this just for knowledge, because you wish to trace someone, or because you want to do a prank, and I won't go into details on how it is done but yes, you can falsify your PC's information. For example, someone could use your home email address to send mail to someone using your IP, your router mac, and your PC mac address(even without having access to your email account). But I wouldn't worry about that happening because the number of people who actually know how to do it is slim, .
Edited April 14, 2009 by rpgsearcherz (see edit history)