How to Detect IP Spoofing

Written by jesse horn
  • Share
  • Tweet
  • Share
  • Pin
  • Email
How to Detect IP Spoofing
Malicious Internet users hide their identity through IP spoofing. (Internet image by Attila Toro from

One way that malicious Internet users have of hiding their location and identity is to use a method of deception called IP spoofing. An Internet user's IP (Internet Protocol) address works essentially like a digital fingerprint; it gives information about the user's Internet connection and the identity of the Internet service provider. The IP address of any given user can be seen during Web surfing and is attached to all of your correspondence. In order for someone with ill intent to not be found they have to spoof the IP address by sending fake IP addresses with information. It is possible to detect IP spoofing.

Skill level:

Things you need

  • Internet connection

Show MoreHide


  1. 1

    Check the IP address that was found within the data, and reply to it. It is very common for the spoofed address to either not belong to a real host, or one that is not active, and as a result there will be no response sent back.

  2. 2

    Verify the Time to Live (TTL) value of the original sent packet before sending a request to the questionable host. If there is a response sent back this does not necessarily mean that it is from a legitimate source, and another method to check for spoofing can be attempted. Check the TTL of both packets to see if they match. If they do not match, then it is likely from a spoofed source.

  3. 3

    Check the IP identification numbers of the packet. This is a less reliable method, but in general a true packet from the IP will have an ID that is close in value. If this is not true then there is likely something suspicious taking place with the sender.

Tips and warnings

  • Acquire routers and firewalls that utilise Packet Filtering and encrypt the session. Prevention is the key to dealing with spoofing, and this will give the Internet user a higher level of security by avoiding a greater number of malicious attacks.
  • Use caution when attempting to verify IP identification numbers to determine if you are being spoofed. If the numbers are in fact close in value the attacker could have learnt the IP ID by pinging the source, and then crafted a packet with an IP ID that appears to be valid. Do not assume that the packet is legitimate if these numbers are close in value.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the site, you consent to the use of cookies. For more information, please see our Cookie policy.