How can we know our own EXTERNAL IP address on the CLIENT (=our computer); NOT our internal IP address, NOT through an existing web site, NOT through a new website we would fabricate for this question; JUST with pure client OS commands scripting and/or JavaScript? Is that possible? In fact, if someone as a way to do that they should collect 1 million dollars because nobody has EVER come up with an answer to that on ANY website on this planet to my knowledge, A.R.
I think somebody DID ask that already, but using C#
IPHostEntry host;
string localIP = "?";
host = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress ip in host.AddressList)
{
if (ip.AddressFamily == AddressFamily.InterNetwork)
{
localIP = ip.ToString();
}
}
return localIP;
I don't know the OS you're targeting, but you might create an console application and read the value from it
Hope it helps
As Gricha mentioned, it can be requested via external site. There is an open source project that is also hosted.
You can get your external IP info in JSON format by calling this API:
curl http://ip2country.sourceforge.net/ip2c.php?format=JSON
in C#, there must be a similar method to call web API.
The project info is here: http://code.google.com/p/ip-address/
You can't find an external ip address from a simple system call. You can receive it from the router, which is probably router specific, or you need to make a call from an something out side of your lan. Typically this is done through a HTTP request or some other popular internet service.
Also, individual computers on a local network don't have an external ip. The router has one address and forwards packets to the individual device.
You can't do that without going out of your current network.
To know your IP address you need to ask your router about. It's your router that gives you the IP in his network.
To know the IP address that belongs to your router in their network - you need to ask someone in that network about your IP. Because that network gives him an IP.
Finally if you want to know your IP outside your ISP's network - you need to ask someone outside your ISP's network about it.
Related
I'm new here and to all of this stuff but there is a question on my mind for a long time that I didn't find an answer to it. My question is, is there any possible way for someone to get my or someone's else IP address if they are both connected to the same server? For example, let's say that person A and person B are playing a video game that uses dedicated servers, is there any possible way of person A to get the IP address of person B? I know that they can get the IP address of the server that they are connected to it but is there a way for some of them to get even more information and get the IP address of the other client that is connected to the same server?
As I said I'm still a newbie to all this networking stuff so any info would be appreciated!
Thanks!
It all depends on how the application is built, if its only communicating to the server and its not passing the IP to the other clients then its not possible. If the Application have a peer-2-peer functionality you should be able to do "netstat -a" in CMD and see the IP of the other client. Alternative you need to access the server itself.
Not without having the administrative access to the server itself (or if application that they both use, offers this information - but this is rare currently).
I'm building a home IoT device and I can't figure out a way of setting a static IP which would work on any network. I want to be able to ship this device to anyone having previously set a static IP and all they would have to do is connect to the internet and be good to go.
Any help is appreciated!
Consider using Teredo(Miredo in OpenSource world). Following is an excerpt copied shamelessly from Wikipedia.
In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. Unlike similar protocols, it can perform its function even from behind network address translation (NAT) devices such as home routers.
You can let your customers to configure the robot like a normal IoT device. Once the device is up and running, it will automatically connect to relay server and get an IPv6 address. This IPv6 address can be static or dynamic, updated to your server without using any third party.
This will give you seamless bi-directional connectivity between your server and robot(s) without resorting to port forwarding. You may have to address the security concerns by restricting the access to IPv6 address using PKI infrastructure.
Checkout Miredo at https://www.remlab.net/miredo/. You can even consider setting up your own Miredo server/relay.
the gateway IP of home routers changes constantly. this is why there is No-IP, DynDNS,... and similar services . this is also a common working solution. your customers need a dynaemic DNS provider or a similar service. This is also a common solution for scurity cameras. Another possibility is that the RPi sends the information to a cloud or another storage outside of the network and the app has access to this cloud. however this could be problematic because of privacy...
http://www.noip.com/support/knowledgebase/using-security-camera-systems-with-no-ip/
http://www.networkcameracritic.com/?p=124
the problem is that you want the external or WAN IP to be static like that of google or other big companies. This is very expensive and not every Internet Service Provider has this service. Another problem is that the IP of a smartphone on that the app runs also changes constantly.
Maybe the accepted answer in this link is useful http://www.superuser.com/questions/778640/do-you-need-a-static-ip-address-to-setup-a-webserver
Why do you need a static IP? I assume you want to open ports on the device and then have users to connect to it.
If that is the case: Simply do not do it! Its a major security problem.
Why?
Having all ports closed provides zero attack surface. If you open ports to the Internet, IoT device search engines will find this and try to attack it. And even if you protocol is secure today and even if users use secure passwords, how can you guarantee this in 5 years?
Instead open a connection from the device to a server, and let the users connect to the server. This allows central protection, monitoring (IDS) and security updates.
Here is an update in case anyone is having the same issue. I ended up using node package ip to update each robot's ip in my database. Each client then pulls the ip from the DB to connect.
Here is a snippet of my code. The server is fired on boot.
var ip = require('ip');
var mongo = require('mongodb')
var MongoClient = mongo.MongoClient
var url = 'your_url'
var name = "example"
function updateIP() { // update ip if need be
var my_ip = ip.address()
console.log(my_ip)
MongoClient.connect(url, function(err, db){
console.log(err)
var robots = db.collection('robots')
robots.findAndModify(
{name: name},
[['name', 1]],
{$set: {ip: my_ip}},
{update: true})
})
}
I am at a large University, with servers set up on the Univeristy network. The network has internal (10...) IP addresses, and external (129...) IP addresses. I have a ColdFusion-based business process which FTP's data from an external server.
The server on which the ColdFusion instance is based has several (about 10) IP addresses associated with it, both internal and external. It has one primary address, which has been, until recently, external.
Using Wireshark, we have been able see which IP is used, and it is never the primary, but other than that, does not seem to follow any logic.
We recently changed the primary IP for the server to an internal address, to comply with new University-wide security policies, and the FTP connection from Coldfusion stopped working. Using Wireshark, we've confirmed it is going out on one of the internal (10...*) IP addresses (not the primary).
Is there a way to control which IP ColdFusion uses for an FTP connection, either through system configuration, or programmatically?
Code for the FTP call:
var ftpService= new ftp(
username = partnerConfig.sftpLogin,
connection = "MyConnection",
password = partnerConfig.sftpPw,
fingerprint = partnerConfig.sftpFingerprint,
server = partnerConfig.sftpServer,
secure = "yes"
);
var result=ftpService.open();
var result2=ftpService.listdir(directory = partnerConfig.inFolder, name="dirlist");
var result3=result2.getResult();
EDIT: My server guy tells me that this University is fairly unique in how it configures the subnets. NO firewall exceptions are allowed from the 10.* subnet. The "Public" IP's are not public by default, simply the ones which are capable of having exceptions.
FURTHER EXPLANATION: It comes down to the Rules and IP addresses the main IT org at the university set up. the 10.x.x.x IPs are never allowed access outside the university ("internal"). 129.x.x.x IP, may have firewall exceptions ("external"). If I type ipconfig (it's Windows), I see about 10 static IP addresses, half of which are 10.x.x.x, and half of which are 129.x.x.x. When the "primary" IP for the machine was a 129.x.x.x address, Coldfusion chose one of the OTHER 129.x.x.x addresses for the outgoing IP for the connection. With the "primary" IP switched to a 10.x.x.x IP, ColdFusion is choosing one of the OTHER 10.x.x.x addresses for the outgoing connection. My choices, as far as I can tell are 1) Switch the primary back to a 129.x.x.x for the server; 2) Move the site to a different server with a primary of 129.x.x.x, and keep other sites on the server in compliance with the new policy; 3)See if I can figure out how to control which IP Coldfusion chooses from the 10 static IPs on the server.
Our admin figured it out. We needed to add a static route to the server, so that whenever ColdFusion (or any application) tries to connect to the specific destination we were FTPing to, it goes through a specific outgoing IP address.
This was not something I was familiar with, but a quick search gives the basics: http://technet.microsoft.com/en-us/library/dd469825.aspx
You have an internal IP address and you are not sure what the external is? This sound like a network bridge issue. What you are looking for is FTP proxy or some tool that associates an externally assigned IP to an internally assigned IP for port 22 (or whatever you set your port to). Look at: http://wiki.squid-cache.org/Features/FtpGateway
FTP reverse proxy
It sounds like your IPs (even internally may not be static)...or maybe it just feels that way. Make sure your internal IP is static.
Read about FTP port forwarding: Here are some port forwarding guides.
Other keywords FTP bridge, FTP one-to-one mapping, among others.
Good luck.
I had a similar question regarding the cfmail tag:
Force cfmail tag to send from a specfic server IP address
Unfortunately, I didn't get an answer that worked. ColdFusion seems to pick (seemingly at random) which source IP address is used.
I'm thinking of a way to find the public IP of router at home, remotely.
For example if I'm in university and I need to connect to a machine in my home network. How can I get the public IP to connect to it?
To get the IP from that machine I can use something like this website - http://api.exip.org/?call=ip
But how can I send it to myself remotely?
One of the ideas is to write some sort of script that will check my email address for incoming messages. So when I need to know the IP, I just send some email to myself with specific text (or subject). When script will find that specific text, it will send the IP to the same email.
Another idea it to write a script that will upload a new file to the server (for example DropBox) every time the public IP is changed.
Or I can combine those two and email new IP every time it changes (not that often, but still it’s a spam).
What other solutions there can be, and how can I implement them (or the one that I have)?
I have Linux/Unix and Windows machines which I can use. I have no problem in writing code in different languages or looking in to any possible approach.
most of home router have dynamic DNS facility , you will find it in your router configuration as DDNS and configuration page you will find list of supported DDNS service ,most popular DDNS service is dyndns.org you have to subscribe there and they will give you tow free subdomain like example.dyndns.org , and after configuring that on your router you can easily from any where ping example.dyndns.org to know your router IP
We meet a testing scenario which needs to tamper with source IP address of a Http request to simulate clients coming from different countries. Do you know any tool help on this?
Last but not least, our web site is built with ASP.NET.
Thanks.
In a test environment it usually isn't difficult. First read this SO question about virtual network interfaces.
If the server and client are on the same machine, all you have to do is figure out how to get your client software to bind to your virtual interface.
wget for instance has the --bind-address option to specify which local address to bind to. Web browsers are a bit more difficult to do this with; you may need to just run it in a VM.
If your server and client are on the same LAN, you just need to configure your router with some static routes to your client machine. In this case you probably don't need a virtual network interface, just set a static IP for your client machine; as long as the gateway is set up correctly it should be able to send packets to the server, and as long as the route is set up correctly the replies should find their way back to the client.
If the client and server are separated by an internet, it's rather more difficult. One option is to set up a network tunnel endpoint on the server and tunnel it to the client machine, which "knows" that it has the virtual network interface.
As noted in answers to the ServerFault question "Are IP addresses trivial to forge", you cannot easily forge source addresses in a protocol that required two way communication (e.g. TCP). Note that this "two way communication" is required at the packet level. You cannot just say "no problem, I want to send requests and ignore HTTP responses." To establish a TCP session, you need to receive data. Your best bet is to use a proxy server.
I am unsure if the IP standard allows for this, but if you are working in a Lab environment, where you don't need internet connectivity during the test, I can see it working under following circumstances:
Basically, I would set the server's network interface to use netmask 0.0.0.0 and flush the rest of the routing table.
Then you could configure a client machine to take on any IP address as long as you use netmask 0.0.0.0. And two-way communication should be possible.
Server[1.2.3.4/0] <---> Client[x.x.x.x/0]
But please bear with me. I haven't tested this, so I could be wrong :-)
If you have access to your infrastructure, you can add an interface off the router and then place a static route on the router to that network.
Server-----Router----Internet
/
Test_PC----/
Alternatively you can look into PBR (Policy Based Routing) and on the routers you can flag source packets and change the source on the fly, so your server will think they are coming from where you'd like them to come from.
Server-------------Router_with_PBR-------------Internet----- PC
SCR:4.2.2.2 Change SCR:6.6.6.6 to 4.2.2.2 6.6.6.6
But you have to ask yourself why do you want to see when packets come from different countries. Some countries have massive proxy servers that filter access ( "Great Firewall of China"), so the above tests will not prove much.
Your best bet then is using proxy servers or if your looking for a long term solution then setup a server (virtual is great for this) and use RDP for testing. I'm sure you can rent a virtual server somewhere for a month or two.
That's not possible. Because when you forge the ip address, the response is never going to come back, which is required for http.
The best way is to use proxies. See also this question on serverfault.
If you change your source IP address, that means no traffic from your web server will be able to reach back to the client.
You might be able to use some kind of proxy and/or address translation filter to do the remapping while still allowing two-way communication.