Does An IP Address Provide Useful Tracking Information?

18th January 2011 - 6 minutes read time

An IP address is an address for a computer on the Internet. The usual example used is of a web server that can be accessed via a URL that is translated behind the scenes into an IP address, but IP addresses can be used to find any computer on the Internet.

When a normal home broadband user accesses the Internet they send their transmission through their Internet Service Provider (ISP) who have a collection of IP addresses they use for their users. ISPs tend to get blocks of perhaps several thousand IP addresses that they will use as a pool for their users. When a user logs on they are given an IP address and when they log off this address is sent back to the pool for other users to use. The actual systems in use here are a little bit more complex than this, but this is the essential idea.

How this works in practice is different based on which ISP the user uses to connect to the Internet as different technologies (like NAT) allow ISPs to assign the same users to the same IP addresses. Some ISPs will rotate a IP addresses amongst its users on a daily basis, whilst others will rotate them on a request by request basis so there is no guarantee that the same user will be given the same IP address.

For advanced users it is possible to spend a little bit extra to gain a static home IP address. This means that whenever they access the Internet they will always be given the same IP address, but it is usually only taken up by the advanced users as it is meaningless and useless to most. The vast majority of businesses will connect to the Internet through a static address in this way, but in this case all users will be given a single IP address according to the outside world. If the business infrastructure is good then users can be tied to requests internally, but this isn't always the case.

An added layer of difficulty comes into play when users start using proxy servers to access the Internet. This allows users to bounce their request off of a server (sometimes more than one is used) on the Internet so that from the other side they appear to be coming from a different location than they really are. This might seem like an advanced topic, but it is quite possible to get proxy tools plugins for most common browsers that allow even non technical users to mask their IP address with great ease. It is sometimes possible to detect the original IP address of the user, but only if the proxy has been set up in the correct way.

Some services will allow you to look up the physical location of a user based on their IP address, also called IP geolocation. These systems work by having a large database of IP addresses and where each one is, the amount of detail available is dependent on how much you are willing to spend on the service. The main problem with this is that a users IP address will almost certainly be the location of their ISP and not their actual physical location, so only country based information is really useful. The other issue with this sort of thing is that it isn't always completely accurate and you will find that some people you think come from one place will actually be another one.

Tracking IP addresses is therefore fraught with difficulty and should not be used as an exact science. Using cookies and session identification is a much more reliable way of tracking users in websites and this is what most affiliates and analytics sites tend to do.

I have seen lots of CMS applications that manage session information by recording IP addresses and users, killing off sessions where the user doesn't match the IP address. Most of the time this is fine, but you shouldn't completely rely on it as the same user might not come from the same IP address.

Any IP address, however, can usually be traced back to the user or computer who sent the request. Due to the fact that most users will send their request through an ISP server this will probably require asking ISPs or even businesses to reveal their internal IP address to user tracking (if they have any) and so can usually only be done by the police or those people with the correct paperwork.

Comments

Permalink

A laptop was stolen during a burglary along with $700,000 in jewelry.  The jewelry was in a safe which was also stolen. The owner made a claim for the laptop, the safe and the jewelry.  The insurance company wants permission from the owner to search the owner's IP address (because they don't believe the laptop and jewelry were actually stollen).

My question is this.... Will searching the IP address, by the police and the insurance company, indicate the physical address of where this stolen laptop is presently?

Thanking you in advance,

Lew Pytel

Lew (Mon, 04/11/2011 - 18:08)

Permalink

Interesting question. This depends on lots of factors like where the laptop is, how it connects to the internet and what sort of ISP is involved. But I think the basic answer is "no".

However, what probably happens is that the laptop will connect to the internet through some sort of private network (i.e. a router/gateway setup) which will have it's own IP address. The laptop would then be given a local address like 192.168.1.2, but what address it gets depends on the hardware used. The thing is that this address would be local and can not be found out from the external IP address. This is because of technologies like NAT, which hide internal networks.

There might be a way to match these up by looking at the DHCP table on the router, which should match all IP addresses it uses with their corresponding MAC addresses. I say "might" as not all routers work in the same way and these tables can be cleared.

Permalink

My partner switched on his laptop and it says it has been blocked by the police and he has to pay £100 in 48 hrs or further action will be taken. he has not been on illegal sites and now when he switches the laptop on this message comes up again. How can we fix this matter and is it a genuine message?

Anonymous (Thu, 01/05/2012 - 14:08)

Permalink
Yeah,I dig the situation.It's a scam my friend.Police don't doo that.Ya gotta just get rid of the virus afyer you do this. Start computer in safe mode with networking.Find your email screen first so you have up what you always work with daily'You'll need to connect to another computer or get an external hard drive,and transfer ALL your stuff to said hard drive.That's the downloads,pictures,documents,anything you wanna save.It'll take a while for you to accomplish this,but this way you don't lose your precious work from the past like I did.Once this is accomplished,just reformat the computer and it will be like a new one then.This is the best way to get rid of the SOB that did this.Thenya transfer allya stuff back to the re-formatted computer and your good to go.This,believe me,is much easier than trying to find all those hidden files the virus is hiding from you and you can't get to.Plus this virus wont letya get in anyway.Hence the safe mode with networking.

Rigger (Thu, 11/29/2012 - 21:48)

Permalink
Don't expect high accuracy, unless you're satisfied with country/city precision. It is after all IP based geolocation and in most cases that is limited to your ISP provided data records. Look at an IP location info webtool ( like http://geoipinfo.org/ ) and you'll see approximately where it finds you, and it also provided accuracy at city and country levels - percentage wise. So yeah, the ISP could (if forced) provide exact details about "the ill-intended user".

Pete (Fri, 10/03/2014 - 14:04)

Permalink
What does it mean when two different up address are almost the same except the last two numbers? We believe the emails are coming from the same person but is that prof? Could they not know each other?

Marla (Thu, 11/12/2015 - 06:03)

Add new comment

The content of this field is kept private and will not be shown publicly.