How to Find Someone's IP Address

When You Legitimately Need to Find an IP

There are many valid reasons to find an IP address: investigating suspicious login attempts, tracing spam emails, analyzing server traffic, debugging network issues, or identifying the source of attacks on your infrastructure.

This guide covers the legitimate methods system administrators, security professionals, and regular users can use. Every method described here uses publicly available information or data you have authorized access to.

Before reading this guide, make sure you understand what an IP address is and what someone can actually do with one.

Method 1: Finding Your Own IP Address

The simplest case first. Finding your own public IP takes seconds.

Online tools

Visit our What's My IP page. Your public IP, ISP, and approximate location are displayed instantly.

Command line

# Using TraceThatIP
curl https://tracethatip.com/raw

# Alternative services
curl ifconfig.me
curl icanhazip.com
curl api.ipify.org

For developers

Use our IP Format tool to get your IP in structured formats:

# JSON format
curl "https://tracethatip.com/ip-format?format=json"

# Plain text
curl "https://tracethatip.com/ip-format?format=text"

Method 2: Email Headers

Email headers are the most reliable way to find an IP associated with an email. Every email contains metadata showing the servers that handled it.

Extracting headers by email client

Gmail:

1. Open the email
2. Click the three-dot menu (top right of the email)
3. Select "Show original"
4. The full headers appear in a new tab

Outlook (Web):

1. Open the email
2. Click the three dots > "View message source"

Apple Mail:

1. Open the email
2. View > Message > All Headers

Reading Received headers

Email headers contain multiple Received: fields. Read them bottom to top - the bottom entry is closest to the sender:

Received: from mail-relay.example.com (203.0.113.50)
    by mx.google.com with ESMTPS id abc123
    for <you@gmail.com>;
    Wed, 21 May 2026 10:30:00 -0700

Received: from internal-server.local (10.0.0.5)
    by mail-relay.example.com (203.0.113.50)
    with ESMTP;
    Wed, 21 May 2026 10:29:58 -0700

In this example:

• 10.0.0.5 is the internal server (private IP, not useful for tracing)
• 203.0.113.50 is the sending organization's mail server (traceable)

Tracing the email server IP

Once you have the IP from the headers, look it up:

1. Go to TraceThatIP IP Lookup
2. Enter the IP address (e.g., 203.0.113.50)
3. View the location, ISP, and organization

This tells you which organization sent the email and from which region.

Limitations of email header tracing

Modern email providers strip identifying information:

If the email comes from Gmail, you will see Google's servers, not the sender's home IP. This is a deliberate privacy protection.

Method 3: Server Logs

If you operate a website or web application, every incoming request is logged with the visitor's IP address.

Web server logs

Nginx:

# Recent unique visitor IPs
cat /var/log/nginx/access.log | awk '{print $1}' | sort -u | tail -20

# IPs sorted by request count
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head -20

Apache:

# Same pattern with Apache logs
awk '{print $1}' /var/log/apache2/access.log | sort | uniq -c | sort -rn | head -20

Application-level logging

Node.js/Express:

const express = require('express');
const app = express();

// Trust proxy headers (if behind reverse proxy/CDN)
app.set('trust proxy', true);

app.use((req, res, next) => {
  const clientIp = req.ip; // Real client IP (with trust proxy)
  console.log(`[${new Date().toISOString()}] ${clientIp} - ${req.method} ${req.url}`);
  next();
});

Python/Flask:

from flask import Flask, request

app = Flask(__name__)

@app.before_request
def log_request():
    client_ip = request.headers.get('X-Forwarded-For', request.remote_addr)
    print(f"{client_ip} - {request.method} {request.path}")

Important: CDN and proxy considerations

If your server is behind a CDN (Cloudflare, AWS CloudFront) or reverse proxy (Nginx, HAProxy), the IP in your logs might be the CDN's IP, not the visitor's.

Use the correct header to get the real client IP:

Method 4: Network Monitoring

Active connections on your computer

See what IPs your computer is currently connected to:

# macOS/Linux - all established connections
netstat -an | grep ESTABLISHED

# More readable format (macOS)
lsof -i -P | grep ESTABLISHED

# Windows
netstat -an | findstr ESTABLISHED

Router admin panel

Most home routers show connected devices and their IP addresses:

1. Access your router at 192.168.1.1 or 192.168.0.1 (check router label)
2. Log in with admin credentials
3. Find "Connected Devices" or "DHCP Client List"
4. View all devices with their private IPs and MAC addresses

ARP table

View devices on your local network:

# Show ARP table (all known devices on local network)
arp -a

Network scanning

# Discover all devices on your subnet (requires nmap)
nmap -sn 192.168.1.0/24

# More detailed scan with OS detection
sudo nmap -O 192.168.1.0/24

Method 5: Direct Connections (P2P)

In peer-to-peer connections, participants can see each other's IP addresses directly. This includes:

• Voice/video calls (some VoIP services, older Skype)
• Online gaming (peer-to-peer multiplayer)
• File sharing (BitTorrent)
• Direct messaging (some protocols)

Modern communication apps (Zoom, Teams, Discord, WhatsApp) use relay servers, so participants typically do not see each other's IPs directly.

To check connections during a P2P session:

# See active connections during a call or game session
netstat -an | grep ESTABLISHED

What About "IP Grabbers"?

"IP grabbers" are links that log the IP address of anyone who clicks them. They work by hosting a tracking pixel or redirect on a server that records visitor IPs.

Key facts about IP grabbers:

• They only capture public IP addresses (which every website already sees)
• They do not hack anything or gain access to devices
• The information they capture is the same as any website's server log
• They are frequently used in scams ("I grabbed your IP and know where you live")
• The information from an IP grab is the same as what TraceThatIP shows for any IP

Bottom line: Someone "grabbing" your IP gives them no more information than any website you visit already has.

Legal and Ethical Boundaries

What is legal

• Looking up publicly available IP information (WHOIS, geolocation databases)
• Reading email headers in messages sent to you
• Analyzing server logs for your own website/service
• Monitoring your own network
• Reporting IPs to ISP abuse departments

What is illegal

• Unauthorized access to someone's network or device
• Using IP information for harassment or stalking
• Launching DDoS attacks against someone's IP
• Accessing server logs you do not have permission to view
• Impersonating law enforcement to get ISP subscriber data

For serious incidents

If you are dealing with genuine threats, harassment, or cybercrime:

1. Document everything (screenshots, timestamps, IP addresses)
2. Report to law enforcement
3. Law enforcement can subpoena ISPs for subscriber information
4. Do not attempt to confront or retaliate against the IP holder

Summary

Finding an IP address is straightforward when you have legitimate access to the right data sources. Email headers, server logs, and network monitoring tools provide IP information as part of their normal operation.

The key thing to remember: an IP address tells you where traffic comes from at the network level, not who a person is.

Tools for IP investigation:

• Look up any IP address - location, ISP, organization
• Check your own public IP
• Get IP data in JSON/XML/YAML
• What can someone do with your IP?