Blog

How to Trace an IP Address Using Command Prompt?

Olivia Dehaviland | October 11th, 2017 | Forensics

Are you looking for the ways to trace an IP Address using Command Prompt (cmd)? This article explains the steps for tracking IP address from email in the following segment. Now, you can easily find IP address of the email sender using CMD in simple steps.

The Internet Protocol Address (IP Address) is one of the core components of the Internet. All computers or devices use IP address for communication that is allotted either on a Static or Dynamic basis. This is the main reason why Law Enforcement Agencies all over the World use IP Addresses to trace a Cyber Criminal or Accused. An IP Address may not be what it appears to be on the first look; it can be involved in many IP address Spoofing cases, that’s the reason why we cannot rely solely upon an IP address to convict a Cyber Criminal.

Tracking IP Address of Emails is the most common form of exercise in the cyber field. Most email clients provide useful header information in the source field. In many cases, investigators can take help to get the relevant information on suspect email. There are many incidences in which tracing an IP address may involve, like, Cloud Computing Incidences, Social Media Investigations, E-Discovery Requests, etc.

The most crucial phase about gathering Electronic Evidences is that they are “Time Sensitive” and “Fragile” in nature. If the investigator spends more time on getting them, then the chances of obtaining actual information become lesser. The Examiner can find IP address of the email sender by using the multiple Command Prompt (cmd) commands.

There are basically two steps involved in the process of tracking an email of the suspect:

  • IP Address in the email header section.
  • Location of the IP Address.

ip-address

 

Let’s go ahead and take a look at how you can trace an IP address in an email header for Google Gmail: –

  • After login to Gmail account, Click on the Right arrow > Show Original.
  • The line of text that starts with “Received: from” will show the IP address.

gmail-header

After tracking IP address from email, investigators can use multiple tools to find the location of an IP address like http://network-tools.com/.

IP Configuration Command (ipconfig): –

Step 1: – Press the Windows Key to access the Start screen. Enter cmd in the field and click OK.

Step 2: – Enter “ipconfig” and press the (Enter key).

ipv4

  • The IPv4 Address is your computer’s IP address.
  • The IPv4 Default Gateway is your router’s IP address.
  • Subnet Mask identifies the network address of an IP address by performing a bitwise AND operation on the netmask.

IP Configuration Command (Traceroute): –

Traceroute command shows the path, a packet of information takes from your computer to the one you specify. It creates a list of all the routers it passes through until it reaches its destination, or fails to and is discarded. In addition to this, it also shows that how long each hop from router to router takes.

trace-cmd

1 is the internet gateway on the network this traceroute was done from (an ADSL modem in this case).

2 is the ISP, the originating computer is connected to (xtra.co.nz).

3 is also in the extra network.

4 show timed out.

5 – 9 are all routers on the global-gateway.net.nz network.

10 – 14 are all gnaps.net in the USA (a telecom supplier in the USA).

15 – 17 are on the NAC (Net Access Corporation) network and an ISP in the New York area.

18 is the router on which the network mediacollege.com is hosted on.

Finally, 19 is the computer mediacollege.com is hosted on (sol.yourhost.co.nz)

IP Configuration Command (Ping): –

The ping command is used to test the ability of the source computer to reach a specified destination computer. The ping command is usually used to verify that a computer can communicate over the network with other computer or network device.

cmd

Number of Pings: – By default, the ping cmd sends out 4 packets of 32 bytes each.

Size of Packet: – By default, the packets sent are a small 32 bytes. A user can set own size up to the maximum 65500 bytes.

Time Out: – The timeout by default is 4,000 milliseconds which amounts to 4 minutes.

There could have been several occasions, in which you received an email from an unknown person and that email could be about anything like threatening, suggestion or some obscene stuff. In each email, there is a lot of more information available “under the hood” and this information can be extracted from email headers. For that, it is important to trace an IP address using Command Prompt (cmd) to make a wild guess about who this anonymous email sender is. The above tutorial can help you to find IP address of the email sender using CMD.