People often say “my IP address” when they’re actually talking about two different things: a public IP (what websites see) and a private IP (your device’s address inside your home or office network). Understanding the difference helps with troubleshooting, privacy, and VPN setup.
In one sentence
Public IP identifies your network on the internet. Private IP identifies a device inside your network.
What is a public IP address?
A public IP is assigned to your internet connection by your ISP (or by your VPN when you use one). It’s the address other systems on the internet use to send responses back to you.
Check it instantly:
What is a private (local) IP address?
A private IP is assigned by your router (or your network admin) to each device inside the network. Private IPs are not reachable directly from the public internet.
Common private IP ranges
- 192.168.0.0/16 (e.g., 192.168.1.23)
- 10.0.0.0/8 (e.g., 10.0.0.15)
- 172.16.0.0/12 (e.g., 172.16.5.90)
Why are private IPs used? (NAT explained)
Most homes have dozens of devices but only one public IP from the ISP. Your router uses NAT (Network Address Translation) to let many private-IP devices share one public IP.
What websites can see (and can’t)
- Websites can see: your public IP (or VPN IP), approximate location, ISP/ASN.
- Websites can’t see: your private IP like 192.168.x.x (unless you reveal it some other way).
How to find your public IP
- Visit What’s My IP Live.
- If you use a VPN, your public IP will be the VPN server’s IP.
- Use VPN Detection to confirm you’re seeing the VPN IP.
How to find your private IP (quick steps)
Windows
- Open Command Prompt → run
ipconfig→ look for “IPv4 Address”.
Mac
- System Settings → Network → select Wi‑Fi/Ethernet → look for “IP Address”.
iPhone / iPad
- Settings → Wi‑Fi → tap (i) next to your network → “IP Address”.
Android
- Settings → Network/Internet → Wi‑Fi → your network → Advanced → “IP address”.
Privacy tip: public IP is the one you protect
If your goal is privacy, you protect your public IP. The most common options are:
- VPN: replaces your public IP and encrypts traffic.
- Proxy: may replace IP for certain apps, usually without full encryption.
- Tor: strong anonymity but slower for many use cases.
NAT Types and Why They Matter for Gaming and P2P
Not all NAT is equal. Network engineers define four NAT types that describe how strictly a router controls inbound connections. This classification directly affects gaming, video calls, and torrenting performance.
Full Cone NAT (Open NAT / Type 1)
Once your device initiates an outbound connection through a port, that port mapping is open to anyone on the internet—any external host can send packets to that port without restriction. This is the most permissive NAT type and provides the best P2P connectivity. Uncommon on modern consumer routers due to security concerns.
Address Restricted Cone NAT (Moderate NAT / Type 2)
A port mapping is created when your device sends a packet. Only hosts that your device has already sent a packet to can use that mapping to send packets back. The most common NAT type on home routers—good balance of security and connectivity. Games and video calls typically work well with this type.
Port Restricted Cone NAT (Moderate NAT)
Similar to address restricted, but the restriction includes both the source IP and source port. Only the exact IP:port combination that received an outbound packet can reply through that mapping. More restrictive than address-restricted; some P2P protocols struggle but most gaming works.
Symmetric NAT (Strict NAT / Type 3)
Each outbound connection gets a completely different external port mapping, and only the specific destination that received the original packet can send back. This breaks many P2P protocols and can cause issues with online gaming (lobbies may fail, peer connections drop). If you're behind symmetric NAT and experience gaming or call connection issues, STUN-based hole-punching won't work—you'll need either a TURN relay or port forwarding. Many mobile networks use symmetric NAT.
UPnP and Port Forwarding
UPnP (Universal Plug and Play) allows devices on your local network to automatically request port forwarding rules from your router without any manual configuration. Gaming consoles, NAS devices, and torrent clients use UPnP to open inbound ports dynamically.
When UPnP is useful
- Gaming consoles (PlayStation, Xbox) use UPnP to achieve Open NAT automatically
- NAS devices use it to set up remote access without manual router configuration
- Smart home devices use it for local network discovery
Security risks of UPnP
UPnP has no authentication—any device on your local network can request any port to be opened. Malware, compromised smart home devices, or rogue apps can use UPnP to punch holes in your router's firewall and create inbound access paths for attackers. Multiple CVEs over the years have exploited UPnP implementations. If you don't need it (or can set up manual port forwarding rules instead), disabling UPnP in your router's admin interface is a security improvement. Use our Port Scanner to check what ports are currently open on your public IP.
How Websites Track You via Public IP
Your public IP is logged by virtually every web server you contact. Here's what sites can infer and how the tracking works:
Server-side logging
Web server access logs record your IP address, timestamp, URL requested, and user agent for every request. These logs are stored for days to years depending on the site's policy. Even if you use incognito mode and block cookies, the server still logs your IP. This is why IP-based rate limiting, geo-blocking, and abuse detection are possible without cookies.
Tracking pixels and analytics beacons
A tracking pixel is a 1×1 transparent image embedded in a page or email. When your browser or email client loads it, the image request is logged with your IP, user agent, and timestamp. Email marketers use this to track when emails are opened and from which IP. Content delivery networks serving ad pixels aggregate this data across thousands of sites to build behavioral profiles tied to your IP address.
IP-based fingerprinting and geolocation
Combined with browser fingerprinting (screen resolution, fonts, timezone, language settings), your public IP narrows down your identity significantly even without cookies. Use our Browser Info tool to see what fingerprint data your browser exposes.
IP blacklisting and reputation
IPs that have been used for spam, fraud, or abuse get added to blacklists. If you share a public IP with a bad actor (common on mobile networks and with some ISPs), your IP's reputation suffers. This can cause CAPTCHAs, login failures, or service blocks that appear random but are actually IP-reputation-based. Check your current IP's reputation with our IP Blacklist Checker.
IPv6 and Public IPs: Every Device Gets a Routable Address
One of IPv6's fundamental design principles is that NAT is unnecessary—every device gets a globally unique, publicly routable address. This means:
- Your laptop, phone, smart TV, and IoT devices each get their own public IPv6 address (within your ISP-assigned prefix)
- Any of those devices can be directly addressed from the internet (if not blocked by a firewall)
- There is no IPv6-equivalent of "NAT hides you"—your firewall must do the work that NAT used to do implicitly
This is a significant security consideration. On a typical IPv4 home network, the router's NAT effectively blocks unsolicited inbound connections. On an IPv6 network, your router's stateful firewall must perform this blocking explicitly. Most modern routers do this correctly by default, but it's worth verifying that your IPv6 firewall rules are active—especially on business networks or if you've configured a custom gateway.
Localhost and the Loopback Address (127.0.0.1)
The address 127.0.0.1 (or ::1 in IPv6) is called the loopback address—it refers to your own device. Traffic sent to 127.0.0.1 never leaves your computer and is handled entirely by the operating system's network stack. The entire 127.0.0.0/8 range is reserved for loopback.
You'll encounter it in development (running local web servers on localhost:3000), DNS troubleshooting (nslookup google.com 127.0.0.1 queries a local resolver), and some privacy tools that proxy traffic through a local listener. Websites cannot see your loopback address—it never appears in network traffic outside your machine.
APIPA Addresses (169.254.x.x): What They Mean
If your device can't reach a DHCP server to get a proper IP address, Windows and other operating systems automatically assign themselves an APIPA (Automatic Private IP Addressing) address in the 169.254.0.0/16 range. You'll see these when:
- Your router is off or unreachable
- The DHCP lease failed (network cable unplugged during boot, Wi-Fi not connected)
- The router's DHCP pool is exhausted (too many devices)
An APIPA address means your device has no valid network connection. You can communicate with other APIPA-addressed devices on the same physical segment, but you cannot reach the internet. If you run ipconfig and see a 169.254.x.x address, the fix is to resolve the DHCP issue—restart the router, reconnect the cable, or check for network configuration problems. It's never a sign of security trouble; it's just a fallback state.
Security Implications of Public IP Exposure
Exposing your public IP carries real but often overstated risks. Here's an honest breakdown:
- Port scanning: Anyone can scan your public IP's open ports. Common open ports (80, 443) on routers are normal; unexpected services should be investigated. Use our Port Scanner to see your exposure.
- Targeted DDoS: Knowing your IP allows someone to flood it with traffic. This is rare for individuals but common in gaming contexts where angry players try to disconnect opponents. A VPN prevents this by hiding your real IP.
- Approximate geolocation: Your IP reveals your ISP and approximately your city. It does not reveal your home address—that myth is false unless law enforcement obtains subscriber records from the ISP with a legal order.
- Abuse reports: If your IP is associated with malicious activity (either by you or by a previous holder), services may block or challenge you.
Check your IP's email and abuse reputation with our Email Header Analyzer—useful for understanding whether your IP appears in spam or abuse databases.
Frequently Asked Questions
Can someone find my home address from my IP?
No—not directly. IP geolocation databases show your approximate city and ISP, not your home address. To get your actual address from an IP, someone would need to serve a legal subpoena to your ISP, who links your IP address (and the timestamp) to your account records. This requires law enforcement authority or a court order. Individual actors cannot look up your home address from your IP in any legitimate database.
Does restarting my router change my IP?
Sometimes, but not reliably. With a dynamic IP, your ISP uses a DHCP lease. If the lease hasn't expired, your router will often receive the same IP again on reconnect—ISPs frequently use sticky assignments tied to your modem's MAC address. To maximize the chance of getting a new IP: power off the modem for 30+ minutes (or longer—some ISPs use 24-hour leases), or spoof your modem's MAC address if the router supports it. If you're behind CGNAT (100.64.0.0/10 range), restarting makes no difference—you don't have a directly routable public IP. See Dynamic vs Static IP + CGNAT for more detail.
Want to hide your public IP?
- Read: How to Hide Your IP Address
- Verify: VPN Detection Test
- If your IP “location” looks odd: Why is my IP location wrong?