Is it possible to see my external IP address without making an outbound web request?

networking nat ip-address

8,283

Solution 1

If your computer is behind NAT, it is possible for you to see the external IP address of your router, but you need administrative access to the router.

The router knows your external IP address, so by accessing its configuration page you can find that IP address. This way does not require any specialized tool except a Web browser.

Other protocols which require a tool for getting the information:

UPnP
NAT Port Mapping Protocol (NAT-PMP)
Port Control Protocol (PCP), on IPv6 network will return the IPv6 prefix. It can actually do much more but much of it is not usually implemented on consumer routers.

As tested by user @dirkt, all methods only work with IPv4 (except possibly for PCP).

Solution 2

There are a few ways that work with some NATs but nothing that's guaranteed to work everywhere.

I believe uPnP, NAT-PMP, and PCP (Universal Plug And Play, NAT Port Mapping Protocol, and the Port Control Protocol) all have ways to ask a compliant NAT gateway what the public address is, but not all NATs support these protocols. Support is more common in home gateway routers than in corporate or carrier-grade NAT solutions.

When you find yourself behind a NAT, the only sure way to see what public IP address it is translating your traffic into is to send some outgoing traffic to some public host that will report back, in a way the NAT won't translate, what address your traffic appeared to come from. Using a web based service is one way, but you could also do it by, say, SSHing into a cloud server instance and seeing where sshd says your SSH session is coming from.

Solution 3

You can use a DNS request, which I believe would not fall under the category of "web request":

nslookup myip.opendns.com resolver1.opendns.com

Solution 4

I would like to add one point to already existing answers.

It also depends on the network complexity. It is possible that your computer is located within a network that has multiple external IP addresses and the router somewhere up the line sends the traffic out to the Internet based on some criteria: for example, destination IP-address, or time of day (may be one uplink channel is cheaper at night or for other reasons).

So, to be complete, a notion of "external IP address" may require defining a destination point to which your address is being external.

In the example below Router #2 could perform NAT and send traffic to either uplinks and the receiving host could see different external IP-address for the Host.

Or it could be that a certain destination (for example host1.example.com) always routes thru the Uplink A, and the host host2.example.com always routes via Uplink B. So, your external IP addresses as seen by those hosts will be different, providing that Uplink A and Uplink B are different ISPs.

   Uplink A                                  Uplink B
-------------                             -------------
      |                                         |
      |                                         |
      |     192.168.1.1         192.168.50.50   |
      |               -----------               |
      |---------------|Router #2|---------------|
                      -----------
                           |  192.168.100.1
                           |
                           |  192.168.100.2
                      -----------
                      |Router #1|
                      -----------
                           |  192.168.200.1
                           |
                           |  192.168.200.2
                      -----------
                      |   Host  |
                      -----------

So, sending traffic out will allow to get more reliable results.

Solution 5

You can use DNS rather than HTTP. For example you can use:

dig +short TXT o-o.myaddr.l.google.com

This will show the unicast address of the DNS server you are using, and if it supports EDNS it will also show your IP address, though possibly truncated.

To get your full IP address you can bypass your local DNS server and send above request directly to ns{1,2,3,4}.google.com

dig +short TXT o-o.myaddr.l.google.com @ns3.google.com

If you want to see your IP address in a specific protocol version you can use -6 and -4:

dig -6 +short TXT o-o.myaddr.l.google.com @ns3.google.com
dig -4 +short TXT o-o.myaddr.l.google.com @ns3.google.com

You can also use OpenDNS if you so prefer. OpenDNS doesn't use TXT records for this but rather A and AAAA records, so you have to specify which protocol version you are looking for:

dig -6 +short AAAA myip.opendns.com @resolver2.opendns.com
dig -4 +short A myip.opendns.com @resolver2.opendns.com

Notice that if your traffic goes through protocol translation you may get different results or none at all. Testing from a machine behind NAT64 I was able to see my IPv6 address with the above commands but not the IPv4 address of the NAT64.

This answer is based on these sources 1 2 3 and a bit research of my own.

View more solutions

8,283

Axel Persinger

Updated on September 18, 2022

Comments

Axel Persinger almost 2 years

If your connection is NAT'ed, is it possible to see your external IP address without making an outbound web request?

Any OS (Windows, Linux, etc.) is fine.
- Spiff over 5 years
  
  Are you only trying to avoid HTTP, or are you trying to avoid sending any outgoing traffic at all? The only universal solutions involve sending some kind of outgoing traffic, but it doesn't have to be HTTP.
- Axel Persinger over 5 years
  
  This was more of just a hypothetical, I didn't want to make any outbound traffic at all.
- acejavelin over 5 years
  
  Are you saying that your network/router is behind a Enterprise grade NAT setup (ie. it is getting a private IP address from your ISP)? If so, there is no way I have think of that you can find the public IP address without something reaching out to the public network and essentially "looking back" like whatsmyip.com or similar services.
- Thalys over 5 years
  
  the hack I used to do was to check with my router - I actually had a really dirty script to scrape that since for some reason most web based services would not detect my IP correctly. My ISP's really fun that way.
- Mitch over 5 years
  
  Who says you have precisely one external address? NAT might have you appear from several depending on the destination or protocol of your request.
- Thomas over 5 years
  
  You can trying phoning your ISP with your customer details. Requires no internet connection and no computer.
user71659 over 5 years

Also UPnP etc. could give a false result if the system was behind double (or more) NAT.
kasperd over 5 years

@user71659 I have been wondering if there exist an anycast address which will automatically be routed to the outermost NAT such that it can be used for that kind of request.
user253751 over 5 years

@kasperd Every NAT thinks it's the outermost NAT. There are certainly IPs that are automatically routed outside of all NATs. Those are called public IPs.
kasperd over 5 years

@user20574 No, NATs don't think that way, most just don't care. If such an anycast address was to be defined the standard would need to also define when a NAT assigns that IP to itself and when not. The answer to that is if the external IP is in RFC 1918 or RFC 6598 the NAT will not assign the anycast address to itself.
kasperd over 5 years

You can also use dig +short @8.8.8.8 o-o.myaddr.l.google.com txt | grep edns. I found the command here: groups.google.com/d/msg/public-dns-discuss/uyzmMcHQBE0/…
kasperd over 5 years

Your nsslookup command fails for me. I get Server: resolver1.opendns.com Address: 2620:119:35::35#53 ** server can't find myip.opendns.com: NXDOMAIN
user541686 over 5 years

@kasperd: It only works for IPv4, sorry. I avoided dig since it's not on Windows. Good point regarding myaddr for Google though, I wasn't aware of that! I guess the Windows nslookup equivalent would be nslookup -type=txt o-o.myaddr.l.google.com ns3.google.com
kasperd over 5 years

I ran that command on a machine which has both IPv4 and IPv6, so if really did support IPv4 it should have worked. The problem is apparently you cannot instruct nslookup on which IP version to use for transport, but the way OpenDNS does this means you have to. Without that you'd have to predict which IP version nslookup will use for transport and ask for A or AAAA accordingly. If you are stuck with nslookup you can use another provider such as Google. However you still get only one protocol version in the response and you cannot choose which.
kasperd over 5 years

I tested nslookup -type=txt o-o.myaddr.l.google.com ns3.google.com and that does indeed work. But if I have both IPv4 and IPv6 that won't let me choose which of them I get to see. Most likely it will show me the IPv6 address, and most likely I am using it because I want to know the IPv4 address of a NAT. To get around that one would need to use a service which has an IPv4-only name and an IPv6-only name, that would also address the issue of NAT64.
eques over 5 years

"Any other way will require making an external Web request" Web (i.e. HTTP) is not required, but easiest perhaps to grasp
dirkt over 5 years

As mentioned in the other answer, uPnP, NAT-PMP and PCP are different ways to get the information from the router besides accessing its configuration page. The way you phrased it, it looks like "besides accessing the configuration page, any other way will require making a web request". Correct is "besides getting the information from the router, any other way will require and outbound connection attempt" (it needn't be a web request).
harrymc over 5 years

@dirkt: For UPnP I'm not convinced; NAT-PMP I think only works with IPv4; PCP on IPv6 network will return the IPv6 prefix and can do much more but this is not usually implemented on commercial routers.
harrymc over 5 years

@eques: The Web is after two decades so much more than just HTTP ...
dirkt over 5 years

@harrymc: The UPnP service endpoint for my Fritzbox is WANIPConn1/GetExternalIPAddress, and it just successfully returned the correct address.
harrymc over 5 years

@dirkt: I'm convinced.
dirkt over 5 years

And for completeness I just installed and tried natpmpc, which also works fine and returns the correct address for my Fritzbox. And of course all methods only work with IPv4; for IPv6, you should get a globally routable prefix from your ISP, so the externally visible IPv6 address is the IPv6 of the machine(s) in the LAN - the externall visible address of the router doesn't matter. ISPs who insist on doing IPv6 NAT or similar things clearly have a hidden agenda, and I'd avoid them whenever possible,
Samin yeasir over 5 years

@kasperd: First lookup AAAA for ns3.google.com, then feed the resulting IPv6 to nslookup rather than passing ns3.google.com.
kasperd over 5 years

@R.. That would indeed achieve the same as using -6. On dual stack systems that will usually be the default. If one wanted the IPv4 address you'd have to use the A record instead. Neither approach would give you the external IP of a NAT64 though.
eques over 5 years

@harrymc the precise definition may vary, but at the application layer, the world wide web is HTTP(S). There are some ancillary protocols like websockets, but it is certainly not true that all internet is web
harrymc over 5 years

@eques: The Web has evolved into the Internet, so today the two terms are used interchangeably by many (including me). My current answer has a more precise wording.
eques over 5 years

The Internet preceded the Web. Yes, people do use them interchangeably but within more tech-savvy groups, the distinction remains even if less precisely. Web != Internet.
user541686 over 5 years

To extract the IP address string on Linux, you can do: nslookup -type=txt o-o.myaddr.l.google.com ns3.google.com | sed -n 's/.*"\([^"]*\)".*/\1/p'