Ways To Find The IP Address And The DNS Details

A website when hosted on a server has a unique IP address, details of the Domain Name System, and other sensitive information. There are many tools and online software that enables a user to find information about the target site. For example, WHOIS tools and ping commands help to locate the owner of the website. They provide up-to-date information that can be used to contact the owner of the website or the server. Hackers around the world use these methods during the footprinting stage to gather information about their target. 

Ways To Gather Information On, Who Hosts The Website

Given below are the two basic ways to find the IP address and DNS details of the target site. 

1. Ping Command

Ping operates by Internet Control Message Protocol (ICMP) packets. Pinging includes sending an ICMP echo request to the desired host and anticipating an ICMP echo reply. This system will report packet loss,  errors, and a summary of the statistical results. By using the ping command, the IP address of the website can be obtained. The Ping command is used to get the computer name and the IP address of a computer. They are commonly used to troubleshoot connectivity. The Ping command also lets the user know the time it takes for transmitting the data and getting a response.

The Ping command is simply used to check whether the server is responding to the sent requests or not. By providing either a domain name or an IP address, the user will be able to know whether the host replies to the ping request.

How to ping the target?

  • Open the command prompt by typing “cmd” on the search bar.
  • On the command prompt type “ping” followed by a space and the IP address.
  • The website name can also be typed in the place of the IP address.
  • Press Enter. The results of the ping command will be displayed.

Working on the ping command

A ping command works in three steps, they are;

  • Step 1: First of all an SYN packet is sent to the target from the user.
  • Step 2: The target will then reply with an ACK packet to the SYN packet.
  • Step 3: After this, the connection is established and the status of the target is known. 

Through this, the time taken to get a reply from the target is also known. This is how a ping command works. 

2. WHOIS Lookup

WHOIS searches permit most people to search for data primarily based on the grounds of, who internet locations are registered to, expiry statistics, when a domain has been created, name servers, and phone records. WHOIS is said to be a database that stores information about all the users that are registered with a domain name, IP address, and several other information. WHOIS is a legal way to gather information. 

Reverse WHOIS

Reverse WHOIS is a tool that permits you to look for domain names by means of the name, deal with, smartphone quantity, electronic mail address, or bodily deal with of the Registrant listed in the present day or historical WHOIS data.

How to use the WHOIS command?

  • Open the command prompt by typing “cmd” on the search bar.
  • On the command prompt type “WHOIS -v (website)”, then press enter.
  • The results of the WHOIS command will be displayed.

Alternative Approach

The simpler way of carrying out a WHOIS search is through online software. This can be done by following the below-mentioned steps.

  • Open google or any other search engine.
  • Search for WHOIS lookup online platform.
  • Type the name of the target website and press enter.
  • The desired results are displayed on the screen.

The ping command along with WHOIS lookup is used by hackers in the footprinting stage. The ping command combined with WHOIS lookup is an effective tool that when used in the right manner will provide all the necessary information that you are looking for. The ping command and WHOIS lookup are applicable to all the users regardless of their background knowledge in the Information Technology sector. 

These two tools can be made use of to the fullest when it comes to gathering information like the name of the server, other Domain Name System (DNS) information, expiry dates, Internet Protocol (IP) addresses, etc.

Privacy Measures

Instead of registering a domain using personal details, a piece of alternative contact information should be used. The alternative contact details can be the official mail address or the official contact number of the company. The location of the company or the organization can also be used. Non-public registration masks who registered the domain, however, it does not disguise the DNS and Registrar. Even though a site name is registered privately, you ought to be able to use the strategies above to decide on the web hosting company.

It is not always possible to know who owns the domain. Several registrars provide Protection against WHOIS lookup. This protection is put forth to protect the customers from spam, identity theft, and fraud. In cases where there is WHOIS protection, the WHOIS data of the registrar will be displayed. However, the registrar will contain all the details of its customers. 


The DNS lookup software retrieves domain name records for the specific domain name that you provide. You may use this to help diagnose issues and notice if the problem originates from the domain name server. The DNS Lookup tool returns only with (A) records. 

With the help of these two tools, we can gather information about the target like IP address and DNS details. There are various tools online that can be used to gather information about the target website. Several commands can be carried out from the command prompt itself. Making use of the right online tools and combining them with the command line tools, you will be able to find the exact information you are looking for.