Is it possible to see my external IP address without making an outbound web request?
Solution 1
If your computer is behind NAT, it is possible for you to see the external IP address of your router, but you need administrative access to the router.
The router knows your external IP address, so by accessing its configuration page you can find that IP address. This way does not require any specialized tool except a Web browser.
Other protocols which require a tool for getting the information:
- UPnP
- NAT Port Mapping Protocol (NAT-PMP)
- Port Control Protocol (PCP), on IPv6 network will return the IPv6 prefix. It can actually do much more but much of it is not usually implemented on consumer routers.
As tested by user @dirkt, all methods only work with IPv4 (except possibly for PCP).
Solution 2
There are a few ways that work with some NATs but nothing that's guaranteed to work everywhere.
I believe uPnP, NAT-PMP, and PCP (Universal Plug And Play, NAT Port Mapping Protocol, and the Port Control Protocol) all have ways to ask a compliant NAT gateway what the public address is, but not all NATs support these protocols. Support is more common in home gateway routers than in corporate or carrier-grade NAT solutions.
When you find yourself behind a NAT, the only sure way to see what public IP address it is translating your traffic into is to send some outgoing traffic to some public host that will report back, in a way the NAT won't translate, what address your traffic appeared to come from. Using a web based service is one way, but you could also do it by, say, SSHing into a cloud server instance and seeing where sshd
says your SSH session is coming from.
Solution 3
You can use a DNS request, which I believe would not fall under the category of "web request":
nslookup myip.opendns.com resolver1.opendns.com
Solution 4
I would like to add one point to already existing answers.
It also depends on the network complexity. It is possible that your computer is located within a network that has multiple external IP addresses and the router somewhere up the line sends the traffic out to the Internet based on some criteria: for example, destination IP-address, or time of day (may be one uplink channel is cheaper at night or for other reasons).
So, to be complete, a notion of "external IP address" may require defining a destination point to which your address is being external.
In the example below Router #2
could perform NAT and send traffic to either uplinks and the receiving host could see different external IP-address for the Host
.
Or it could be that a certain destination (for example host1.example.com
) always routes thru the Uplink A
, and the host host2.example.com
always routes via Uplink B
. So, your external IP addresses as seen by those hosts will be different, providing that Uplink A
and Uplink B
are different ISPs.
Uplink A Uplink B
------------- -------------
| |
| |
| 192.168.1.1 192.168.50.50 |
| ----------- |
|---------------|Router #2|---------------|
-----------
| 192.168.100.1
|
| 192.168.100.2
-----------
|Router #1|
-----------
| 192.168.200.1
|
| 192.168.200.2
-----------
| Host |
-----------
So, sending traffic out will allow to get more reliable results.
Solution 5
You can use DNS rather than HTTP. For example you can use:
dig +short TXT o-o.myaddr.l.google.com
This will show the unicast address of the DNS server you are using, and if it supports EDNS it will also show your IP address, though possibly truncated.
To get your full IP address you can bypass your local DNS server and send above request directly to ns{1,2,3,4}.google.com
dig +short TXT o-o.myaddr.l.google.com @ns3.google.com
If you want to see your IP address in a specific protocol version you can use -6
and -4
:
dig -6 +short TXT o-o.myaddr.l.google.com @ns3.google.com
dig -4 +short TXT o-o.myaddr.l.google.com @ns3.google.com
You can also use OpenDNS if you so prefer. OpenDNS doesn't use TXT records for this but rather A and AAAA records, so you have to specify which protocol version you are looking for:
dig -6 +short AAAA myip.opendns.com @resolver2.opendns.com
dig -4 +short A myip.opendns.com @resolver2.opendns.com
Notice that if your traffic goes through protocol translation you may get different results or none at all. Testing from a machine behind NAT64 I was able to see my IPv6 address with the above commands but not the IPv4 address of the NAT64.
This answer is based on these sources 1 2 3 and a bit research of my own.
Related videos on Youtube
![Axel Persinger](https://i.stack.imgur.com/osIap.png?s=256&g=1)
Axel Persinger
Updated on September 18, 2022Comments
-
Axel Persinger almost 2 years
If your connection is NAT'ed, is it possible to see your external IP address without making an outbound web request?
Any OS (Windows, Linux, etc.) is fine.
-
Spiff over 5 yearsAre you only trying to avoid HTTP, or are you trying to avoid sending any outgoing traffic at all? The only universal solutions involve sending some kind of outgoing traffic, but it doesn't have to be HTTP.
-
Axel Persinger over 5 yearsThis was more of just a hypothetical, I didn't want to make any outbound traffic at all.
-
acejavelin over 5 yearsAre you saying that your network/router is behind a Enterprise grade NAT setup (ie. it is getting a private IP address from your ISP)? If so, there is no way I have think of that you can find the public IP address without something reaching out to the public network and essentially "looking back" like whatsmyip.com or similar services.
-
Thalys over 5 yearsthe hack I used to do was to check with my router - I actually had a really dirty script to scrape that since for some reason most web based services would not detect my IP correctly. My ISP's really fun that way.
-
Mitch over 5 yearsWho says you have precisely one external address? NAT might have you appear from several depending on the destination or protocol of your request.
-
Thomas over 5 yearsYou can trying phoning your ISP with your customer details. Requires no internet connection and no computer.
-
-
user71659 over 5 yearsAlso UPnP etc. could give a false result if the system was behind double (or more) NAT.
-
kasperd over 5 years@user71659 I have been wondering if there exist an anycast address which will automatically be routed to the outermost NAT such that it can be used for that kind of request.
-
user253751 over 5 years@kasperd Every NAT thinks it's the outermost NAT. There are certainly IPs that are automatically routed outside of all NATs. Those are called public IPs.
-
kasperd over 5 years@user20574 No, NATs don't think that way, most just don't care. If such an anycast address was to be defined the standard would need to also define when a NAT assigns that IP to itself and when not. The answer to that is if the external IP is in RFC 1918 or RFC 6598 the NAT will not assign the anycast address to itself.
-
kasperd over 5 yearsYou can also use
dig +short @8.8.8.8 o-o.myaddr.l.google.com txt | grep edns
. I found the command here: groups.google.com/d/msg/public-dns-discuss/uyzmMcHQBE0/… -
kasperd over 5 yearsYour
nsslookup
command fails for me. I getServer: resolver1.opendns.com
Address: 2620:119:35::35#53
** server can't find myip.opendns.com: NXDOMAIN
-
user541686 over 5 years@kasperd: It only works for IPv4, sorry. I avoided
dig
since it's not on Windows. Good point regardingmyaddr
for Google though, I wasn't aware of that! I guess the Windowsnslookup
equivalent would benslookup -type=txt o-o.myaddr.l.google.com ns3.google.com
-
kasperd over 5 yearsI ran that command on a machine which has both IPv4 and IPv6, so if really did support IPv4 it should have worked. The problem is apparently you cannot instruct
nslookup
on which IP version to use for transport, but the way OpenDNS does this means you have to. Without that you'd have to predict which IP versionnslookup
will use for transport and ask for A or AAAA accordingly. If you are stuck withnslookup
you can use another provider such as Google. However you still get only one protocol version in the response and you cannot choose which. -
kasperd over 5 yearsI tested
nslookup -type=txt o-o.myaddr.l.google.com ns3.google.com
and that does indeed work. But if I have both IPv4 and IPv6 that won't let me choose which of them I get to see. Most likely it will show me the IPv6 address, and most likely I am using it because I want to know the IPv4 address of a NAT. To get around that one would need to use a service which has an IPv4-only name and an IPv6-only name, that would also address the issue of NAT64. -
eques over 5 years"Any other way will require making an external Web request" Web (i.e. HTTP) is not required, but easiest perhaps to grasp
-
dirkt over 5 yearsAs mentioned in the other answer, uPnP, NAT-PMP and PCP are different ways to get the information from the router besides accessing its configuration page. The way you phrased it, it looks like "besides accessing the configuration page, any other way will require making a web request". Correct is "besides getting the information from the router, any other way will require and outbound connection attempt" (it needn't be a web request).
-
harrymc over 5 years@dirkt: For UPnP I'm not convinced; NAT-PMP I think only works with IPv4; PCP on IPv6 network will return the IPv6 prefix and can do much more but this is not usually implemented on commercial routers.
-
harrymc over 5 years@eques: The Web is after two decades so much more than just HTTP ...
-
dirkt over 5 years@harrymc: The UPnP service endpoint for my Fritzbox is
WANIPConn1/GetExternalIPAddress
, and it just successfully returned the correct address. -
harrymc over 5 years@dirkt: I'm convinced.
-
dirkt over 5 yearsAnd for completeness I just installed and tried
natpmpc
, which also works fine and returns the correct address for my Fritzbox. And of course all methods only work with IPv4; for IPv6, you should get a globally routable prefix from your ISP, so the externally visible IPv6 address is the IPv6 of the machine(s) in the LAN - the externall visible address of the router doesn't matter. ISPs who insist on doing IPv6 NAT or similar things clearly have a hidden agenda, and I'd avoid them whenever possible, -
Samin yeasir over 5 years@kasperd: First lookup
AAAA
forns3.google.com
, then feed the resulting IPv6 tonslookup
rather than passingns3.google.com
. -
kasperd over 5 years@R.. That would indeed achieve the same as using
-6
. On dual stack systems that will usually be the default. If one wanted the IPv4 address you'd have to use theA
record instead. Neither approach would give you the external IP of a NAT64 though. -
eques over 5 years@harrymc the precise definition may vary, but at the application layer, the world wide web is HTTP(S). There are some ancillary protocols like websockets, but it is certainly not true that all internet is web
-
harrymc over 5 years@eques: The Web has evolved into the Internet, so today the two terms are used interchangeably by many (including me). My current answer has a more precise wording.
-
eques over 5 yearsThe Internet preceded the Web. Yes, people do use them interchangeably but within more tech-savvy groups, the distinction remains even if less precisely. Web != Internet.
-
user541686 over 5 yearsTo extract the IP address string on Linux, you can do:
nslookup -type=txt o-o.myaddr.l.google.com ns3.google.com | sed -n 's/.*"\([^"]*\)".*/\1/p'