Is it possible to spoof an IP address to an exact number?

You can change your IP to whatever you want; that's trivial. But that will not work the way you want to.

Let's say the store's ISP is Apple Networks, and their IP range is to You note that and get home. Your home network is from Avocado Networks, and their IP range is You change your IP to and wait. Nothing happens. You cannot access any site. You are offline.

But why?


Avocado Network tells the entire world they own the network, so when people want to reach anyone on that range, they send the packet to Avocado routers. They don't send any packets to them, they send to Apple Networks routers as they are the ones advertising to the entire world their IP range. So your computer sits there, waiting for anything to come, and nothing happens.

If Avocado Networks employs Egress Filtering, your packets don't even leave their network. Their routers will say this is a packet coming from my network, but it says it's from Apple Networks' address space; it must be an error, so I will drop the package.

If they and nobody along the path uses Egress Filtering, your request for connection will reach, the site will respond as usual, but the response will be sent to Apple Networks routers, not Avocado networks. And either there will be nobody with IP address to answer and the packet gets forgotten, or there will be an there, and they will say sorry, I never heard from this connection before. Forget it. and that's that.

To achieve what you want, you must connect a system to the store network, make it work as a proxy, and forward packets from your home to that system, and then that system will access site on your behalf and send you the response.

You can spoof your IP to whatever you want it to be. Pick a number, any number! However, you can't use it to trick a HTTP server into believing your are someone you are not. The TCP handshake protects against IP spoofing. So no luck there.

Anyways, my guess is that the webpage that is shown on the devices isn't discriminating based on IP. Sounds more practical to do it based on the network the devices are connected too, or with the help of some other little secret flag not visible in the URL.

Practically yes, you can spoof it but it won't help in too many situations.

The IP protocol specifies that each IP packet must have a header which contains the IP address of the source of the packet. The source IP address is normally the address that the packet was sent from, but the sender's address in the header can be altered so that to the recipient it appears that the packet came from another source.

Although this is possible it would have very limited use since if you used another number in that header, all replies towards the sent packets would go towards that fake-IP specified.

If your objective is to DoS (flood the target with an overwhelming volume of traffic) then such a manipulation is useful, but if you intent to have some legitimate traffic between target and altered IP it won't work.

A good legit use of such a thing would be to test how a website handles multiple users before a go-live situation. Tools like HP LoadRunner and WebLOAD use such a technique.