Solved

ip address(es) of current connection?

Posted on 2016-08-25
27
71 Views
Last Modified: 2016-08-27
Using Chrome on W10.  How can I see the ip address of the currently displayed page in Chrome?  Note: I'm not looking for a DNS translation -- I believe that can give me one of multiple ip addresses depending upon which DNS server is used (e.g. if a change is still replicating across DNS servers; or if I have a Hosts file).  So Chrome extensions like the one I just tried from TCPIPUTILS.com seem to just do a DNS lookup.

Am also interested in seeing the ip addresses associated with the elements on a page

TCPView from Sysinternals shows all TCP & UDP endpoints, but trying to figure out which are associated with the page I'm browsing --- I'm not seeing how to do that.
0
Comment
Question by:SAbboushi
  • 12
  • 9
  • 6
27 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Am also interested in seeing the IP addresses associated with the elements on a page

You need Wire Shark or Comm View to do this. I use Comm View and it can show me the IP addresses of all my connections.
0
 

Author Comment

by:SAbboushi
Comment Utility
Thanks John - will Comm View do what I'm asking, or will it just show me a list of ip addresses associated with chrome.exe?
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Comm View will show you all traffic: Web, Email, Updates and so on. It monitors the network connection.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Here is a Comm View screenshot.

CommView-Source-Destination
0
 

Author Comment

by:SAbboushi
Comment Utility
Thanks for going to the trouble.  Wish it was more granular -- I suspect I need something that's designed for Chrome
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Wire Shark and Comm View are general purpose packet sniffers so they are not particular to one browser.

You can click on a packet above and go as deep as you wish. The screen above is the simple opening screen.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Here is a very detailed session analysis.

CommView-Session-Analysis
0
 

Author Comment

by:SAbboushi
Comment Utility
Thanks - I'm looking for a tool that will show me the tcp sessions specific to the web page I am browsing.  I think packet sniffers don't do that?
0
 
LVL 7

Expert Comment

by:Scobber
Comment Utility
nslookup hostname.com

will give all ip addresses associated with that hostname
0
 
LVL 7

Expert Comment

by:Scobber
Comment Utility
Well I'm pretty sure John has provided a very succinct reply.

If you cant make it work, I'm not sure you have anywhere else to go.

one other thing you might want to try is fiddler

Fiddler is a Proxy server that sits between your browser and the rest of the world.

it performs the same functions as developer tools but is on steroids.

https://www.telerik.com/download/fiddler
0
 

Author Comment

by:SAbboushi
Comment Utility
Thanks - but I think that does a DNS lookup instead of telling me what ip address(es) the current page is actually connected
0
 

Author Comment

by:SAbboushi
Comment Utility
>> Well I'm pretty sure John has provided a very succinct reply.
Maybe I'm missing something then.  Here's from my original post:

How can I see the ip address of the currently displayed page in Chrome?

Maybe you can tell me the steps to get my answer?

btw I'm using Fiddler2 - it's the closest tool I've found so far, but no link between page and ip address(es)
0
 
LVL 7

Expert Comment

by:Scobber
Comment Utility
The addresses will never be different to the response at that moment though. Why do you need to know the connection ip?
if you say nslookup www.google.com

you can be assured that google.com is not going to get served (to your computer) by an IP address outside the reply.

Different parts of the world canhave different replies at the same instant, this can vary from region to region, country to country.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Accepted Solution

by:
Scobber earned 500 total points
Comment Utility
1. open developer tools
2. click network
3. right click the domain heading
4. click Remote address
5. Enjoy
devtool-ip.PNG
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Comm View matches the packets with the application name (say Chrome) that generates the packets. Then you can display the packets. So it does very much what you are looking for.

Try a trial license (good for about 3 weeks).

Also try Wire Shark.

You need to go and look and try because there is more you can imagine at your fingertips.
0
 

Author Comment

by:SAbboushi
Comment Utility
Thanks John - but it sounds like Comm View doesn't give me any more than TCPView does - if I've got 15 Chrome tabs and 5 Chrome windows open...

Am I missing something?  Per my question above: it sounds like you're confirming that it shows a list of ip addresses for chrome.exe instead of doing what I'm asking:
Thanks John - will Comm View do what I'm asking, or will it just show me a list of ip addresses associated with chrome.exe?

I'm feeling like we've got a disconnect here - please let me know if you don't understand what I'm looking for.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
What you are missing (I think) is the filtering you can do to show just IE, Mail or Chrome or whatever you desire.

Using Chrome on W10.  How can I see the IP address of the currently displayed page in Chrome?

I assume you mean "what IP addresses are going back and forth from the web page to the Internet" then both Wire Share and Comm View will do that.

If I have misinterpreted the above then please clarify.
0
 

Author Comment

by:SAbboushi
Comment Utility
I may be wrong, but my suspicion is that you're saying Wire Shark and Comm View correlate tcp sessions to Chrome browser tabs; my belief is that it only correlates tcp sessions with executables (and pids/ports), but I don't see a way to correlate any of that with a specific browser tab.  And then there's other Chrome tcp sessions not associated with tabs, e.g. Chrome checking for updates, or doing whatever else Chrome is communicating...

Let's say you have 2 Chrome windows open; each window has 2 tabs open (i.e. total 4 urls).  2 tabs have msn.com open, the other 2 let's say yahoo.com.

Can you post a Comm View screen shot showing me the ip connections for one of the tabs that has msn.com open?
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Packet sniffers will relate the traffic to the application. So no, they will not relate traffic to a specific tab. I did not interpret Tab from your first post. Nothing I know does that.
0
 

Author Comment

by:SAbboushi
Comment Utility
k thanks.  Sorry if I wasn't clear.

Does each browser Tab uses a different port?  If so, any idea how to identify the port being used for a specific browser tab?
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
No. Each browser tab does not use a different port. It is all one browser going out through the same connection .
0
 

Author Comment

by:SAbboushi
Comment Utility
Arghhh!  Thanks for your help everyone.
0
 
LVL 7

Expert Comment

by:Scobber
Comment Utility
So I show you how to see the remote ip in developer tools and stiff me on points?

That was what you wanted after all, I'm happy to share with John however I will contest it if you do not redistribute
0
 

Author Comment

by:SAbboushi
Comment Utility
Scobber:
>> The addresses will never be different to the response at that moment though.
Sorry - don't know what you mean?

>>if you say nslookup www.google.com, you can be assured that google.com is not going to get served (to your computer) by an IP address outside the reply.

As I pointed out in my original post, I want a solution that is aware of Hosts file.  I believe that nslookup does not use the standard windows libraries and therefore ignores the Hosts file, so I have to disagree with you: a Hosts file can definitely result in an ip address being served outside the reply of nslookup


>>Different parts of the world can have different replies at the same instant, this can vary from region to region, country to country.

Different replies, meaning different ip addresses (e.g. load balancing)?


>> So I show you how to see the remote ip in developer tools and stiff me on points?

Sorry - my oversite.  I somehow missed your responses - glad you pointed them out.  Might have been more pleasant though if you'd asked "Did you see my post"... ; )


>> That was what you wanted after all

Holy Crap Batman!  That looks like exactly what I asked for!  Shows the actual ip served even when Hosts file is used!


>>  I'm happy to share with John however I will contest it if you do not redistribute

Would appreciate if you would clarify your posts (my Qs above)  and then I'll look into redistributing points.
0
 
LVL 7

Expert Comment

by:Scobber
Comment Utility
So if it exactly what you asked for as per your question then allocate all the points to that, post ill be happy to answer your questions in EE chat, not on this thread because it is getting off topic

As for your reply avoid 'did you see my post' it's not as if it was hidden from your view was it now. It was more ignored
0
 

Author Comment

by:SAbboushi
Comment Utility
>> it's not as if it was hidden from your view was it now. It was more ignored
I've apologized for my oversite; I'll leave you to your assumptions
0
 

Author Comment

by:SAbboushi
Comment Utility
I've sent an email:

Can you please reopen the question so I can more fairly reassign the points.  Thanks

https://www.experts-exchange.com/questions/28965752/ip-address-es-of-current-connection.html
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now