Scroll Top

Unveiling your Telegram conversation partner’s IP address

photo_2023-09-27_15-58-27

A guide to using Wireshark, STUN, and a Bash script
In today’s interconnected digital world, privacy and security have become paramount concerns. While Telegram offers a secure messaging platform, there are times when you might want to know more about your conversation partner, particularly their IP address. In this article, we will explore a fascinating method to obtain your Telegram conversation partner’s IP address using Wireshark, the STUN protocol, and an automated Bash script.

Understanding STUN Protocol
STUN, or Session Traversal Utilities for NAT, is a standardized protocol designed to assist devices behind Network Address Translation (NAT) in identifying their external IP address and the type of NAT being used on their gateway. NAT is a common technique used to map multiple private IP addresses to a single public IP address. STUN’s primary purpose is to enable devices to discover their public IP address and determine which ports are available for outbound connections.

One of the key attributes transmitted in STUN messages is the XOR-MAPPED-ADDRESS. This attribute contains the sender’s public IP address. The direction of the packet determines whose IP address is contained in this attribute: if the packet is directed towards you, XOR-MAPPED-ADDRESS will reveal your IP address; if it’s sent from you, it will expose your conversation partner’s IP address.

Using wireshark for automation
To simplify the process of uncovering your Telegram conversation partner’s IP address, we can automate the task using Wireshark’s console version, known as tshark. The principle is straightforward: tshark captures network traffic on a network interface for a brief period (usually five seconds), converts it to a text format, and extracts the two IP addresses from the XOR-MAPPED-ADDRESS attribute. One of these IPs belongs to your client.

Demonstrating the script’s functionality
To use this script effectively, follow these steps:

  1. Install Telegram Desktop for Linux or Mac.
  2. Install tshark (e.g., sudo apt install tshark on Linux or download Wireshark for macOS, which includes tshark).
  3. Run the provided script.
  4. Make a call to the person whose IP address you wish to discover.
  5. Voila! You’ve obtained the IP address of your Telegram conversation partner.

As a bonus, the script also queries the IP address for additional information, allowing you to identify whether the IP belongs to a cellular network or a corporate network.

Installation and execution (Ubuntu 20 Example)
Here’s a step-by-step guide for Ubuntu 20:

bashCopy code

$ sudo apt update
$ sudo apt install -y python3-pip python3-venv tshark
$ git clone https://github.com/n0a/telegram-get-remote-ip
$ cd telegram-get-remote-ip
$ python3 -m venv venv
$ source ./venv/bin/activate
$ sudo pip3 install -r requirements.txt
$ sudo python3 tg_get_ip.py

Update 2023: More stability with Python
The script has been rewritten in Python for improved stability.

Note for Android users
For Android smartphone users with Termux and root access, it is possible to capture traffic using tshark. Install tshark on Termux with the following commands:

bashCopy code

$ pkg install root-repo && pkg install tshark

Conclusion
While the privacy and security of Telegram users are of utmost importance, it’s essential to understand the potential risks associated with IP address exposure. This script provides a glimpse into the technical side of network analysis and can be used responsibly and ethically. Remember always to respect privacy and adhere to legal and ethical guidelines when using such tools. For more information and access to the script, visit the GitHub project.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.