Click the Start button, type 'cmd,' then press Enter. You can open Command Prompt from your Start menu. The Command Prompt window will open, which you can type operating system commands through. Type 'ipconfig' and press Enter. Look for the line that says 'IPv4 Address,' right. Finding Your Private IP Address (iPhone) 1. Open the Settings app. This will display a list wireless networks. Tap the ⓘ button next to your wireless network. This will open the details for the wireless network you are connected. Find the 'IP Address' entry. This will display your. Getting a real address for the public IP address usually requires a search warrant taken to the ISP. Find Your Internal IP Address. Every device that connects to your internal network, be it at.
An IP lookup, also known as an IP address lookup or IP checker, is the act of trying to detect the information behind an IP address, for both IPV4 and IPV6 types of IPs.
When you perform an IP address lookup in real time, you will likely be querying and testing against the ARIN (American Registry for Internet Numbers) database. On other occasions, the query will be answered by a passive DNS, domain or IP database server. In either situation, inputting an IP address will show you detailed information about the ISP and web hosting/server provider using that network block.
You usually don't need to know your IP address, and it's usually assigned automatically, but you can find your Windows PC's local IP address by running a command called 'ipconfig' in a Command. Finding Your Windows Private IP Using the Command Prompt: Open the command prompt.
Most of the time, this sort of information is queried by technical users, system administrators and security researchers performing infosec investigations surrounding phishing domains, spamming, DNS attacks and other illegal activities.
Today we’ll explore the top most effective tools you can use to perform an IP lookup utilizing terminal-based commands and web-based interfaces.
While an IP lookup can be performed from Windows operating systems, Unix and Linux are often the ideal platforms to run a full IP lookup and domain and network diagnostics, due to the wide number of tools available and actions you can perform.
Now let’s analyze the most popular terminal-based tools designed for performing a quick domain IP address lookup as well as a WHOIS IP lookup.
The Ping tool is a cross-platform command available on most modern operating systems. It’s widely used to determine if a network or remote machine is responding to remote network requests—in other words, if it’s “alive” (online).
The Ping command uses the ICMP echo (RFC 792 Internet Control Message Protocol) function to send packets over the network to a specific hostname or IP address. Once the packet has been sent, it will wait for the remote packet response. If the remote host is up, it will return a network packet; if not, it may be a sign that the host is unreachable, down or simply that the ICMP response is disabled by firewall rules on the destination server.
This command is also used to measure the network response speed, packet loss and number of packets sent/received. Ultimately, the main goal of Ping is to resolve the IP address of any host, as you see below:
This way you can perform a simple domain IP lookup. When you target a balanced domain that is listening on multiple IP addresses (as used in Round Robin DNS, for example), the domain IP lookup will sometimes resolve to different IP addresses.
Microsoft’s DNS zone exemplifies this case:
The Ping command can also be used against IP addresses—just replace the target for any IP address, as shown below:
This way, we can get a summary of all the data obtained from this quick IP network lookup:
And there you have it! That’s the easiest way to perform a domain IP lookup.
Dig, know as Domain Information Groper, is a popular domain tool and DNS utility used to query DNS name servers while performing IP and DNS lookups.
To run a simple domain IP lookup using Dig, use the following syntax:
dig A domain.com
In the previous example, dig was querying against the A DNS record type, which answered back showing the
184.108.40.206 as the main IP address.
You can see that there is a lot of information that isn’t directly related to the IP address, such as query time, the DNS server that was queried, query status, and other details.
Here’s a simplified way to achieve the same results:
+noall disables stats, comments and other non-useful things, and
+answer will only include the answer from the DNS server, the very part we need.
For an even easier way to do it, use the
nslookup is another widely-used system and network administration terminal-based tool available on Unix/Linux and Windows systems.
This tool is mostly used while running network diagnostics and system administration tasks, often to query DNS servers as a way to grab the IP address behind a host.
Let’s illustrate how to use nslookup to run a simple domain IP lookup:
One way to use the host command to perform an IP lookup is to query against an IP address. You can also use it bidirectionally when querying hostnames — host can help security researchers perform DNS lookups to translate hostnames into IP addresses, and vice versa. It supports different lookups for various DNS records such as A, MX or NS records.
To find the IP address of the remote securitytrails.com server, just type:
This will return something like:
As you see, you obtained the main IP address (220.127.116.11) from the A-type DNS record, as well as the MX records from Google G-suite.
Let’s see the opposite now with the IP addresses of two [popular DNS servers][blog_dnsservers] such as Cloudflare’s
18.104.22.168 and Google’s
In this case, we obtained the rDNS or PTR record from the IP network provider. This is also called reverse IP lookup, or rDNS lookup.
The WHOIS command is one of our favorite terminal commands, as it can reveal a lot of information about any IP address.
As seen in our WHOIS History article, the WHOIS command dates back to the time of ARPANET, and its development has continued to the present day.
When you use WHOIS to perform an IP lookup, your host will try to pick the right WHOIS database server to ask for the information you need. Other times, it will connect to whois.networksolutions.com for NIC handles, or to ARIN at whois.arin.net when you need to perform network and IPv4 lookups.
While it can also be used to fetch domain information, we’ll use it this time to fetch IP information.
The syntax is pretty simple:
Output example against Cloudflare’s
22.214.171.124 IP address:
As you see, this tool gave us a few important details about the IP address, such as the network source (APNIC), the AS number (AS13335), INET number (
126.96.36.199), description of the network (APNIC and Cloudflare DNS Resolver project / Routed globally by AS13335/Cloudflare), abuse email address ([email protected] / [email protected]), as well as the full mail address (6 Cordelia St, PO Box 3646, South Brisbane, QLD 4101 - Australia).
You’re reading this correctly: Nmap is not only one of the best network mappers and port scanners around, it’s also a useful utility when it comes to IP lookups.
By using Nmap with its powerful NSE scripts, you can also run any IP WHOIS lookup.
The whois-ip NSE script queries the Regional Internet Registries (RIR) WHOIS databases and tries to fetch as much information as possible about the target, such as inetnum, inetname, description, country, organization name and associated email address.
nmap target --script whois-ip
BGPView allows any visitor to perform network and IP lookups using a web-based interface, or an API, to view details about IP addresses, ASN, prefix or any resource name on the Internet.
When it comes specifically to IP lookups (in this case bgpview.io/ip/188.8.131.52), it can reveal a lot of information (similar to the whois command), but a handy feature with this tool is its rDNS lookup, and the ability to cross data and jump into related network data such as AS (bgpview.io/asn/13335) or explore the full IP range (184.108.40.206/24).
Nowadays, network, domain and IP history are critical for investigating any infosec incident, offering the information needed to expose useful information such as where the domain was hosted, technical and personal details about the person involved, where the web servers were hosted, or what MX servers were used to send an email.
SecurityTrails IP History is one of the easiest ways you can perform a historical IP lookup. You can do it by using our web-based interface, or by API. Let’s see two practical examples of how you can perform a simple IP lookup.
In less than a second, you’ll have the full IP lookup with all the IPV4 records found for that server, including domain name, Alexa rank, web hosting provider and email provider.
One of our tool’s handiest features is the IP neighbors function, which lets you find all the neighbors hosted on the same IP address ordered by IP range and number of sites hosted.
By using our API you can accomplish the same results. Our API supports a wide range of programming languages and integrations, but for this quick example we will launch a query against our database using the old terminal-based curl utility:
Expected output will show something like this:
Our Passive DNS API allows you to fully integrate our intelligent cybersecurity database within your own apps, automating the entire OSINT process in just minutes.
SurfaceBrowser™ is our enterprise-security OSINT tool that allows you to test, access and correlate domain, DNS and IP data-sets in mere seconds.
Chosen by public and private infosec agencies to perform deep and thorough investigations into all cybersecurity aspects of domain names belonging to any company in the world, it’s also a great way to perform IP research.
To perform an IP lookup check with SurfaceBrowser, you simply need to follow these steps:
Important: if you don’t have a SecurityTrails account with SurfaceBrowser™ enabled, book a demo today with our Sales team! Or sign up for a 7-day trial for only $49.
As you can see, by using the IP lookup tool you will be able to access IP details such as associated rDNS, ASN number, Organization, Type of Company and IP route. A real-time map of the geographical IP address origin will be displayed as well.
The same applies to IP ranges—you can extract all the intel about any IP range in the world. In the following example, we’re exploring Cloudflare’s range 220.127.116.11/24:
If you click ‘Explore nearby IPs’, you will find many additional IP ranges associated with your initial IP search, letting you find sites hosted on each one of those ranges instantly.
SurfaceBrowser™ also allows you to explore all the hosted domains within any IP address, and find details about every one of them. The filter lets you order results by hostname, Alexa rank, computed company name, registrar, expiry date, creation date, mail and hosting provider.
It’s an easy and efficient way to cross data and pivot between all information extracted from that single IP address.
A PTR record is also known as reverse DNS, or rDNS. Quite simply, it’s the reverse information shown for the A DNS record.
Usually when you analyze an A record, you’ll find that it points to a domain name. On the other hand, a PTR record will map an IP address to a hostname—just the opposite.
PTR records are not only useful for finding data correlation in your infosec research, but also to protect against spammers and malicious domain names that will try to exploit your mail server. Therefore, most popular email providers always check for PTR records by performing domain and IP lookups before accepting any incoming email from external hostnames.
SurfaceBrowser™ has the ability to show you every PTR record from any company domain name in existence.
In this case, while analyzing cloudflare.com, we were able to get all the associated PTR records from each hostname, as well as the IPs responding to that hostname:
And for each one of those PTR records, you’ll be able to find critical information such as open ports and associated IP addresses.
By clicking the right column, all associated IP addresses belonging to that record will be displayed:
Performing an infosec investigation will always require the use of manual tools (such as ping and dig) when you run isolated tests and tasks. But when you need to accomplish a number of IP lookups, the entire process can become slow and time-consuming.
Fortunately, there’s a solution. By using our daily-updated historical IP database, you’ll be able to avoid using slow manual commands and start fetching results from our API database with your own apps.
Alternatively, SurfaceBrowser™ is a great infosec tool to cross data between your IP lookups, rDNS lookup, open ports, domain and DNS information in an instant.
Get your free API account today, or book a SurfaceBrowser™ demo with our sales team so you can get a deep IP lookup approach against any IP address and domain name in the world!
Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.
Do you know what’s on your network? In this guide, we’ll show you a few simple ways you can find an IP address on your network. We’ll also go over a few great tools that can speed up this process and give you further insight into your network.
Whether you’re managing an office network, or just doing some troubleshooting at home, knowing how to find a device’s IP address is critical in solving a number of networking problems.
Let’s start with the most basic method of finding your own local IP address in two easy steps.
In the command prompt, you’ll find your IPv4 address towards the top. Under it, you’ll see your subnet mask and your default gateway. This information is vital, especially if you’re having issues connecting to the internet.
But what about finding other IP addresses that might be on your network?
To find other IP addresses that are on your local network, type arp -a in the same command prompt window and press enter. A list of IP addresses will populate on your screen along with additional information you might find helpful.
In the far left-hand column you’ll see a list of IP addresses that were discovered on your network. Towards the bottom of the list, you may see some addresses starting with 224, 239, or 255. These addresses are generally reserved by your router for administrative purposes, so these can be looked over.
In the second column under Physical Addresses we’ll see each device’s physical address. This is also commonly referred to as a MAC address. A physical address is a unique identifier that every network device comes with. Unlike IP addresses, this number cannot be changed. Knowing a device’s physical address is important, especially if you want to identify exactly what is on your network.
The last column displays the address’s type. There are two types of IP addresses, dynamic and static. A dynamic address means that a DHCP server gave that device an IP address. A static address means that the device was configured to use a specific IP address, one that won’t change.
Static addresses are great for devices that are permanent, like printers or servers. Most home networks will be fine using DHCP to hand out IP addresses. DHCP servers assign IP addresses that have leases. Once that lease is up, that device might get a different IP address.
From your command prompt, you’re a bit limited in how you can interact with devices on the network. You can attempt to ping an IP address on your network by typing ping 192.168.XX.XXX (Replace the X’s with your IP address.)
Most devices will answer the ping and reply back. This is a quick and easy way to determine if there are any latency issues between your PC and that device. For further troubleshooting, we’re going to need to use some network analyzer tools.
These tools are great for quickly finding devices on your local network and spotting problems fast. They also provide a lot more details than your trusty old command prompt can give you.
Below are three of my favorite network scanning programs.
If you need more detail and functionality from your Port Scanner then SolarWinds has you covered. You can easily scan your network by IP ranges and filter by ports to identify what services a device is running. SolarWinds Port Scanner is currently a Windows tool only.
SolarWinds Port Scanner also automatically resolves hostnames to help you identify what devices are on your network faster. The GUI interface is easy to use and boasts a cleaner display than Angry IP Scanner.
For those who live in the command line, you’ll be glad to hear this tool comes with a fully functional CLI and support for batch scripting.
While these tools are great, they won’t proactively alert you to problems on your network such as duplicate IP addresses, or DHCP exhaustion.
If you’re a small business administrator, or just a curious tech looking for a bit more insight into your network, SolarWinds Port Scanner is an excellent tool and is available as a free download.
If you’re a network administrator like myself, you’ll find PRTG Network Monitor an extremely valuable tool when it comes to troubleshooting problems across your network. PRTG is really the evolution of a scanning tool and more of a complete network monitor.
PRTG first scans the entire network in its network discovery process, listing any devices it can find. Once the scan is complete it keeps a real-time inventory of all devices and records when any are removed or added.
PRTG’s sensors are perfect for in-depth testing across your networks. Ping sensors can easily monitor a device’s connectivity over the long term, and alert you to those intermittent connection problems that can be difficult to pin down.
The PRTG scanner goes a step further by also incorporating database monitoring into its suite of tools. This sensor will alert you to any outages or long wait times in almost any SQL environment. Database monitoring can help identify small problems such as stalled processes before they cause major downtime.
Lastly, PRTG can thoroughly monitor bandwidth and network utilization for your environment. When things slow to a crawl, you’ll be able to quickly identify which IP addresses are using the most bandwidth and pinpoint exactly what that traffic is.
Is someone streaming too much Netflix? With the usage monitoring sensor, you’ll never have to guess what is hogging up your bandwidth again. This data is beautifully displayed as a chart, and broken down by IP address, protocol, or top connections.
When you have a sample of data you’d like to save, you can easily export it to XML or CSV. You can even tap into the PRTG API and export your data in real-time.
PRTG is a powerful on-premise tool and is geared mostly for medium to large businesses. It installs in a Windows server environment and gives you full control of what sensors you’d like to activate. If you’d like to test it out yourself you can download a 30-day free trial.
One of my favorite free tools is the Angry IP Scanner. It’s compatible with Mac, Linux, and Windows and allows you to quickly find detailed information about devices that are on your network.
Simply select an IP range at the top and let Angry IP Scanner work its magic. Almost instantly Angry IP will begin pulling information about the IP range you specified.
At a glance you’ll be able to see what IP addresses are open for assignment, taken by devices, and how many ports each device has open.
If you’re having trouble finding a device on your network, Angry IP Scanner makes it simple to track down that device for further troubleshooting.
Angry IP Scanner has personally helped me find devices that have lost their static IP address without having to physically go to the device.
If you’re looking to export and save your findings, you can easily download your results in CSV, XML, or text format. It is available as a free download.
No matter what size network you’re troubleshooting, understanding how to find a device’s IP address is essential.
Whether you’re quickly looking up the ARP table with the arp -a command, or utilizing a network tool like PRTG, having a solid grasp of what’s on your network will help keep all of your device safe, and yourself headache free.