What Is My IP Address? - IP Address Lookup, Bandwidth Speed Test, IP Info, plus more

Go Back   What Is My IP Forum > IP and Network Questions > IP Questions
Reload this Page Help tracking Yahoo mail
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Notices

IP Questions Post all of your general IP related questions here.

Closed Thread
 
Thread Tools Display Modes
Old 02-10-2010, 01:52 PM   #1
guess
Member
 
Join Date: Feb 2010
Posts: 5
guess is on a distinguished road
Default Help tracking Yahoo mail
Hi - am trying to trace an yahoo mail. Thanks for all the info provided in the forum , much appriciated. but when i look at the header, this is what i end up with

Code:
Received: from [192.168.77.103] by web95402.mail.in2.yahoo.com
and when i do a ip address look up , i get a message - "IP is a local address".

WHAT does this mean If the traffic is thru a router, should the actual router IP not be displayed ? Can anyone help me explain what is happening ?!?

thanks
guess is offline  
Old 02-10-2010, 03:01 PM   #2
wimiadmin
Administrator
 
wimiadmin's Avatar
 
Join Date: May 2008
Location: Pigeon Forge, TN
Posts: 858
wimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to behold
Default
Can you paste more of the header for us to review. Please 'x' out any sensitive data.

But you're right, the router IP should be displayed and not the 192.168.x.x IP.

I've not heard of header spoofing in Yahoo! mail, but it might be possible.
__________________
Brian
Please Search Before Posting
wimiadmin is offline  
Old 02-10-2010, 05:08 PM   #3
AboveTheLogic
Super Moderator
 
AboveTheLogic's Avatar
 
Join Date: Jul 2008
Location: Los Angeles
Posts: 475
AboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of light
Default
I noticed when sending with Thunderbird it also puts the local (private) IP in the header. I'm guessing the person who sent this email is using that or some other client.
AboveTheLogic is offline  
Old 02-11-2010, 05:45 AM   #4
guess
Member
 
Join Date: Feb 2010
Posts: 5
guess is on a distinguished road
Default here is the full header
here is the full header (names masked)

Quote:
Delivered-To: xxxxx@gmail.com
Received: by 10.229.96.69 with SMTP id g5cs2816qcn;
Tue, 9 Feb 2010 22:52:46 -0800 (PST)
Received: by 10.141.91.3 with SMTP id t3mr6287878rvl.190.1265784765284;
Tue, 09 Feb 2010 22:52:45 -0800 (PST)
Return-Path: <xxxxx@yahoo.in>
Received: from web95404.mail.in2.yahoo.com (web95404.mail.in2.yahoo.com [203.104.18.228])
by mx.google.com with SMTP id 33si2217156pxi.83.2010.02.09.22.52.43;
Tue, 09 Feb 2010 22:52:44 -0800 (PST)
Received-SPF: neutral (google.com: 203.104.18.228 is neither permitted nor denied by domain of xxxxx@yahoo.in) client-ip=203.104.18.228;
DomainKey-Status: good (test mode)
Authentication-Results: mx.google.com; spf=neutral (google.com: 203.104.18.228 is neither permitted nor denied by domain of xxxxx@yahoo.in) smtp.mail=xxxxx@yahoo.in; domainkeys=pass (test mode) header.From=xxxxx@yahoo.in
Received: (qmail 74907 invoked by uid 60001); 10 Feb 2010 06:52:41 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.in;
h=Message-ID:X-YMail-OSG:Received:X-Mailerate:From:Subject:To:MIME-Version:Content-Type;
b=AAmv7uqkiCEFc9bC1E5LoxHFlk1TRD2Adoeo8Ei3YloVbL1W bMBgH4cEZGDCt8PNhQwDUfpV3tLSHvKFbP8rqp9FyC1EohVO53 8eWPVUPpMHcDAplHmdyNyXP3vu2fn/XbKqBSeNzLgGHIxtK81cEn482WqmdtZw6r1/KGB5A/E= ;
Message-ID: <656878.74396.qm@web95404.mail.in2.yahoo.com>
X-YMail-OSG: dFeyQCMVM1n.4Bxc4UMteSC.ZCPB.1tWmj7kDkBVtw2olVq7dw w5ZnW.rfXeXWhQ7qbBIXgHfT5LlQ2k7lON2843YTpZF9thw5Tj N9pzCreqHLTaYyRutGk___cVbxAnFq6CxVR335mrY0NbAP4HaN x7WYztBoMvczRKU_nwraGrwW.i7zRNGNkuOlZU516OCXZZFJ58 Wbqa8UJym8Cia6iC763nc6zYvfiCI_aTZazMyQXGrCdR2Hoyh8 yR
Received: from [192.168.77.103] by web95404.mail.in2.yahoo.com via HTTP; Wed, 10 Feb 2010 12:22:41 IST
X-Mailer: YahooMailClassic/9.1.10 YahooMailWebService/0.8.100.260964
Date: Wed, 10 Feb 2010 12:22:41 +0530 (IST)
From: XXXXXXX <xxxxxx@yahoo.in>
Subject: Re:
To: xxxxx@gmail.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-759651590-1265784761=:74396"

--0-759651590-1265784761=:74396
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
guess is offline  
Old 02-11-2010, 06:24 AM   #5
guess
Member
 
Join Date: Feb 2010
Posts: 5
guess is on a distinguished road
Default
Quote:
Originally Posted by AboveTheLogic View Post
I noticed when sending with Thunderbird it also puts the local (private) IP in the header. I'm guessing the person who sent this email is using that or some other client.
never thought of that, will try simulating the same to validate, hope there is some other info on the header that comes in handy !
guess is offline  
Old 02-12-2010, 02:21 PM   #6
wimiadmin
Administrator
 
wimiadmin's Avatar
 
Join Date: May 2008
Location: Pigeon Forge, TN
Posts: 858
wimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to behold
Default
Quote:
Received: from [192.168.77.103] by web95404.mail.in2.yahoo.com via HTTP; Wed, 10 Feb 2010 12:22:41 IST
Unfortunately, doesn't look like this one is going to be traceable since the IP it's showing is a local IP and not the senders WAN IP.
__________________
Brian
Please Search Before Posting
wimiadmin is offline  
Old 02-15-2010, 01:56 AM   #7
guess
Member
 
Join Date: Feb 2010
Posts: 5
guess is on a distinguished road
Default
Quote:
Originally Posted by wimiadmin View Post
Unfortunately, doesn't look like this one is going to be traceable since the IP it's showing is a local IP and not the senders WAN IP.
thanks winiadmin, just hit the wall again
anyways thx for looking onto the same ...
guess is offline  
Old 02-16-2010, 04:36 PM   #8
guess
Member
 
Join Date: Feb 2010
Posts: 5
guess is on a distinguished road
Default
Quote:
Originally Posted by AboveTheLogic View Post
I noticed when sending with Thunderbird it also puts the local (private) IP in the header. I'm guessing the person who sent this email is using that or some other client.
hi Abovethelogic. I tried installing Thunderbird and set up my gmail from there. Was surprised to see that the ip was still there in the email that went out , is there any specif setting for spofing the same or is it something to do with tunderbird / yahoo combination ?

any thoughts .....
guess is offline  
Old 02-16-2010, 08:29 PM   #9
AboveTheLogic
Super Moderator
 
AboveTheLogic's Avatar
 
Join Date: Jul 2008
Location: Los Angeles
Posts: 475
AboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of lightAboveTheLogic is a glorious beacon of light
Default
that's just the way that thunderbird sends email

there might be a hack or some hidden config to change it, but nothing I've found (I didn't look very hard)
AboveTheLogic is offline  
Closed Thread

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 06:46 PM.

whatismyip.com - Privacy Statement - Top

What Is My IP - IP Command Lines - What is an IP Address - Speed Test - IP Address FAQ

Need IP address location detection service? Get it from IP2Location.com now.

Powered by vBulletin®
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Copyright - WhatIsMyIP.com