Nikhil,
What I understand from the question of Saqib -he is
asking if someone has sent mail using gmail account
how can you see the IP address of workstation/pc from
where it was sent. Gmail do not provide any IP details
but it do provide messange ID which is unique and
google have record for that message id belongs to
which IP.
--- Nikhil Wagholikar <visitnikhil@gmail.com> wrote:
Hello Saqib,
Definitely you can know who within this world has
sent you email. For
this you need to perform email header analysis.
Since you asked
specifically for GMAIL, the way to see header
information in Gmail is
to click on "Show original" in the mail opened from
inbox. This is the
same place where you get the option of Reply, Reply
to All, Forward
etc.
This is mostly possible if the sender has preferred
to send email via
a MUA and not through typical web-base of Gmail.
In the header, you can check for the string named
"Received: from [WWW.XXX.YYY.ZZZ]
(helo=AAA.BBB.CCC.DDD)"
OR
"Received: from [WWW.XXX.YYY.ZZZ]
(helo=hostname.domain)"
where WWW.XXX.YYY.ZZZ is the public IP Address of
the user who has
sent the mail. You could go to DNS.com and find out
who has registered
this public IP Address.
Now the "helo" string varies since different Mail
User Agents (MUA)
implement it differently.
Some prefer to just send their internal/private IP
Address i.e.
pre-NAT Address (AAA.BBB.CCC.DDD) such as
192.168.0.75 and some prefer
to send their hostname.domain information, whereas
some others just
prefer to send 127.0.0.1 as their identity for
'helo' string. This
sometimes also depend on the mail server
configurations.
Like Mozilla Thunderbird in Microsoft Windows
platform prefers to send
the pre-NAT Address i.e. private IP Address and the
same in Linux
prefers to send the hostname.domain information.
Besides "Received: from" you can also derive some
juicy information
about the sender like "User-Agent" which will tell
you about the MUA
used by the sender. It could be typically Microsoft
Outlook 11 or 12
or it could be Mozilla Thunderbird, K-Mail etc.
---
NIKHIL WAGHOLIKAR
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com
Security Products:
http://www.niiconsulting.com/products.html
On Dec 28, 2007 5:34 AM, Ali, Saqib
<docbook.xml@gmail.com> wrote:
Hello,
I was wondering if there is a way to get the IP
address of the machine
that was used to compose an email that was sent
using gmail?
saqib
http://www.quantumcrypto.de/dante/
Thanks and best regards,
Ajay Agrawal
+91 9886083116
EnCE (EnCase Certified Computer Forensic Examiner)
CISSP (Certified Information Systems Security Professional)
IBM Certified System Administrator Lotus Notes/Domino 6/6.5
MCP (Microsoft Certified Professional)
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
