Blog · How-to

Find your public IP in Terminal

If you have curl:

curl -s https://api.ipify.org

For IPv6 (if supported):

curl -s https://api64.ipify.org

Easier for most people: open What Is My IP Address IP in the browser. See also other methods.

Why CLI and browser can disagree slightly

Your OS may prefer IPv4 or IPv6 for curl depending on Happy Eyeballs timing and resolver settings. If you force one family, match that when comparing to a browser test. Corporate proxies can also intercept shell traffic differently than Safari or Chrome.

Windows: PowerShell and curl

Recent Windows includes curl as an alias; behavior matches your build. If commands fail, use PowerShell’s Invoke-RestMethod against a text API or rely on a browser checker. Remember ipconfig shows local adapters—not your global public IP.

Scripting and logs

For automation, pick one HTTPS endpoint and log HTTP status codes. Rotate APIs if you hit rate limits. Record whether VPN was active—see what IP a VPN shows—or your script will capture the wrong semantic “my IP.”

IPv6-only paths

If api64.ipify.org returns a v6 address but sites still show IPv4, you may be dual-stack with different egress selection. Our IPv4 vs IPv6 article explains notation and when each appears.

People also ask

Why does wget/curl hang? Corporate SSL inspection or missing CA certs can block HTTPS calls—try curl -v to see TLS errors.

Does ping show my IP? No—ping tests reachability to a host; it does not print your public source unless you use specific tools designed for that.

Can I use dig for my IP? dig queries DNS nameservers; use a dedicated “what is my IP” API or browser page for your own address.

Is terminal output more private? Not really—the API endpoint still sees your IP; you are just choosing a different client.

Extended guide: scripting safely

When automating, log timestamps and exit codes. APIs occasionally rate-limit; backoff and rotate endpoints responsibly per their terms.

Never embed API tokens in public gists if a service requires authentication—most IP APIs for clients are unauthenticated by design.

On servers, remember outbound IP may differ from inbound—curl from the box shows what that server presents, useful for allowlisting jobs.

Combine with health checks: if IP suddenly changes, correlate with deploys, failover events, or provider maintenance.

When CLI output disagrees with your browser

First, confirm both tests ran within seconds of each other. CGNAT and ISP load balancing can rotate egress quickly on some networks, though that is uncommon on stable home lines. If the numbers differ by one octet or look like two different subnets, you may be comparing IPv4 from curl with IPv6 from the browser tab—or vice versa—so label each reading explicitly.

Corporate environments often push HTTPS proxies. Browsers pick up system proxy settings automatically; curl might not unless you export https_proxy or pass --proxy. A mismatch here means the browser and shell are exiting through different paths, not that either tool is “wrong.”

VPN clients on macOS and Windows can split tunnel by default. Your terminal session might bypass the VPN while Chrome does not, or the opposite, depending on vendor defaults. Disconnect VPN, run curl and the browser check, then reconnect and repeat—document all four numbers if you file a ticket.

Docker containers and WSL2 on Windows add another layer: curl from inside a container shows the container egress, which may be NATed differently from the host browser. For “what does the internet see from my PC,” run from the host shell, not inside a dev container, unless you are debugging server deploys on purpose.

Firewall or TLS interception can make curl fail while browsers succeed. If curl returns TLS errors, try curl -v once to read the failure, then fall back to the browser checker for a human-readable result. Automation should use the same endpoint you validated manually first.

Finally, remember that outbound IP from a cloud VM is not “your home IP.” Many tutorials assume a laptop; if you are on SSH to a droplet, you are measuring the provider’s address—which is exactly what you want when configuring allowlists for that server.

Package managers and minimal containers

Alpine and other slim images ship busybox wget instead of curl—syntax differs. Install curl in the image if scripts expect it, or document wget alternatives for teammates.

macOS Gatekeeper and Linux permissions rarely block outbound HTTPS curl, but corporate root stores might—trust the same CA bundle your browser uses when debugging TLS failures.

Windows Subsystem for Linux shares networking with Windows differently across WSL1 vs WSL2; treat WSL2 as a lightweight VM for egress purposes.

Summary checklist

Pick one API → curl it → compare to browser → document differences → automate only after manual validation succeeds.

Related guides

• How to check your IP in a browser — simplest cross-check.
• IPv4 vs IPv6 explained — match protocols when testing.
• Best free IP lookup methods — compare approaches.