IP Address Illustration

Inside My Rogue IP

Published: June 17, 2025

Ever wondered how sneaky cyber threats try to slip through the cracks? Well, I did too—and that curiosity led me to build my very own rogue IP detector. It's my digital watchdog, sniffing out suspicious activity and keeping things secure.

In this blog, I’ll share how it works, the little challenges along the way, and some cool insights from the journey. Whether you're a tech enthusiast or just curious about keeping your online space safe, you’re in for an interesting ride!

🚨 The Problem: Unknown Connections

Ever run netstat and see dozens of foreign IP addresses connected to your system — and wonder, "Who are you, and why are you talking to my laptop?"

Most users:

  1. Don’t know what those IPs are
  2. Can’t tell if they’re safe
  3. Don’t have time to Google each one

That’s where this project began.

🧰 The Solution: A Browser-Based IP Inspector

I created a pure HTML + JS web app that:

  1. Parses a .txt file from netstat -ano > netstat.txt
  2. Cross-references the IPs against Microsoft’s official IP ranges
  3. Highlights rogue IPs in red, and safe ones in green
  4. (Bonus): Fetches Geo-IP info using ipinfo.io for each suspicious IP

🛠️ How It Works

1. User Uploads netstat.txt

The browser reads the file using the FileReader API — no backend needed.

2. IP Extraction

It uses regex to parse each line and grab the foreign IP (not the local one), like:

IP Address Illustration

3. Safe IP Comparison

It fetches Microsoft’s list of legit IPs, either:

  1. Live from their endpoint API (using a proxy to avoid CORS)
  2. Or from a local legit_ips.json file

It flattens all CIDRs to raw IPs and compares:

IP Address Illustration

4. Highlight and Explain

Each IP is shown in a responsive table:

  1. ✅ Green for Microsoft IPs
  2. 🚨 Red for unknowns
  3. With optional ipinfo.io lookups showing ISP, country, and org

💡 Why This Project Matters

  1. Quick visibility into who’s connected
  2. A beginner-friendly take on network monitoring
  3. Fully local — no files uploaded, no data shared
  4. 100% browser-based, GitHub Pages–friendly

📎 What I Learned

  1. Efficient IP parsing with JavaScript
  2. Responsive UI design for real data display
  3. CORS, proxies, and the limits of client-side APIs
  4. Real-world use of netstat for cybersecurity

✅ Try It Yourself

Run this in CMD or PowerShell:

IP Address Illustration

Then upload the file to the tool — and find out who your system is quietly talking to 👀

🧠 Final Thoughts

This app started as a simple netstat parser, but it became something far more useful: a quick and easy tool to stay informed about your device's digital behavior.

Whether you're a developer, student, or just curious — knowing your connections is power.