Is there a method to determine more than the IP address of a Limewire connected computer. If I am downloading content from the subject computer, can I get a MAC ID, or LOCAL IP information from the router or other more specific identifying information for the precise computer that I am downloading from?
What have you tried so far? Maybe that's a good place to start…
I have seen the ip address on the limewire screen…….that is all. I do not know where to start from there…….
I have seen the ip address on the limewire screen…….that is all. I do not know where to start from there…….
Well, let's reason through this…
Is there a method to determine more than the IP address of a Limewire connected computer. If I am downloading content from the subject computer, can I get a MAC ID, or LOCAL IP information from the router or other more specific identifying information for the precise computer that I am downloading from?
Okay, based on what you said, it appears that you can see the IP address for the remote system from which you're downloading content.
What do you know about networking and TCP/IP communications? What are some of the options available to you? How about traceroute? How about scanning the remote system and identifying open ports and perhaps services?
The thing is that there may be a number of possibilities available to you. I'm sure that some folks are going to say, "you won't be able to do that because…", but the fact of the matter is that you won't know until you try, right?
I have seen the ip address on the limewire screen…….that is all. I do not know where to start from there…….
How about
- running a portscan on the other system, and see what services they run (like keydet said)
- check out who registered the IP address (try samspade.org)
(will sometimes give you the name of the organisation who's systems are being abused to run Limewire on)
- Google the ip address
(you'll be amazed at what you'll find sometimes, forum messages, website logs, etc. The website logs will also give info about the system, software & OS through the User Agent string)
MAC addresses normally don't leave the local network, so that would be a no.
Local IP's you can sometimes get them (with smart javascripting) IF you can get the subject to visit a webpage that you control.
There are also other options, but they would be illegal 😉
Eg. gaining access to the router, reading mac/local IP's from there, gaining access to the system itself (difficult through NAT), etc. One area I worked in had only one state-run ISP all the routers had the same passwords and were accessable from the outside lol
Roland
the term you need is called osfingerprinting.
the IP in limewire may not be the clients actual ip, you can obtain client id using wireshark.
also run a dns look up using robtex.com will give you more info than a standard tracert.
there are plenty of tools for osfingerprinting, backtrack being one but be warned as if you dont understand the tool dont use it
My advice would be to not perform anything active unless you know what you are doing. Doing an inappropriate port scan could alert the party that you're on to them.
My advice is to always do some passive research before and *only* if you have the appropriate skills (and know the law) do you wish to think about doing anything active.
Personally, what I tend to do is passive investigations first. So I would look at DNS info, google their IP address (I agree with digintel you can often get a lot of info this way especially if a website is being hosted from the same address), look at website cache if applicible etc.
Failing no info regarding direct ownership you may have the ISP or hosting site for the IP address. I don't know the specifics of US law and disclosure but if it is a criminal case (and of a suitable serious level) then this may allow you to obtain the ownership/asssignment infromation from the ISP or appropriate hosting site (assuming a proxy hasn't been used).
Kind regards
Use ProcMon with "process name is limewire.exe" as a filter, and watch the network activity in the ProcMon window whilst connected to the client who is downloading from you, or who you are downloading from.
Download and install Phex…connect to the same IP and port number. While connected and downloading —Phex keeps a log in phexdownload.xml in that file you can then look at the IP address feed for that IP address and you will see a GUID (serial Number) for the Software installation your suspect is using. Forensically you can find the same GUID on his computer later.
Is there a method to determine more than the IP address of a Limewire connected computer. If I am downloading content from the subject computer, can I get a MAC ID, or LOCAL IP information from the router or other more specific identifying information for the precise computer that I am downloading from?
We can give you a thousand suggestions, but other than vague details provided by you, you haven't stated what you are trying to accomplish.
If we know that, there will be more specific ways to point you in the right direction.