Free Browser Network Diagnostics: Check IP, Run Speed Test, Measure Ping, and Detect VPN Leaks

NetStats is a client-side developer tool for testing network health: discover your public IPv4 and IPv6 addresses, look up ISP and ASN, measure download and upload bandwidth with multi-stream probes, benchmark latency and jitter against Google, Cloudflare, AWS, Discord, and GitHub edges, detect WebRTC VPN leaks through STUN, verify HTTP/3 and QUIC negotiation, time DNS-over-HTTPS resolution, and break down TCP and TLS handshake phases — all without sending a single byte through an intermediate server.

IPv4
IPv6
Section_01

Core Connection Metrics

Exit node discovery, ISP profile, and WebRTC leak surface analysis.

Connection Profile

Resolved client-side via ipify.org + geojs.io.

Public IPv4
Public IPv6
ISP
Organization
ASN
Location
Timezone

WebRTC VPN / DNS Leak Test

ICE candidate discovery via Google & Cloudflare STUN servers.

Idle
Public (srflx / prflx)
Local / mDNS
Total Candidates

If a VPN is active, WebRTC should only expose your VPN IP or mDNS hostnames. Public addresses outside your VPN indicate a leak. IPv6 candidates can bypass IPv4-only VPNs entirely.

Section_02

Speed & Latency

Parallel throughput to Cloudflare edge, plus a live server-status board for end-to-end RTT.

Speed Test

Multi-stream probe against Cloudflare edge.

Phase: Idle
0255075100MBPS
Download

edge · speed.cloudflare.com

0255075100MBPS
Upload
Average Ping
Jitter
Ping Min / Max
Download Bytes
Upload Bytes

4 parallel TCP streams · 500ms warmup · 6s measurement window · gauge auto-scales between 10 Mbps and 10 Gbps based on observed throughput.

Server Status Board· median RTT across 4 samples
GOOGLE
CLOUDFLARE
AWS
DISCORD
GITHUB
[GOOGLE] [CLOUDFLARE] [AWS] [DISCORD] [GITHUB]
< 50ms 50–150ms> 150ms
Section_03

HTTP/3 (QUIC) vs HTTP/1–2 (TCP) Race

Fire thousands of tiny requests and watch each one get classified by its transport — HTTP/3 over QUIC, HTTP/1.1 or HTTP/2 over TCP, or a genuine fetch failure.

HTTP/3 (QUIC) vs HTTP/1–2 (TCP) Race

Thousands of tiny probes classified by PerformanceResourceTiming.nextHopProtocol.

Probing HTTP/3 support…
Samples
SentHTTP/3 · QUICHTTP/1–2 · TCPFailedempty = queued
Requests0 / 1000 (0%)
Total1000
HTTP/3 · QUIC0
HTTP/1–2 · TCP0
Failed0
Section_04

Protocol & Browser Diagnostics

HTTP/3 negotiation, effective connection type, and handshake timing breakdown.

Protocol & Timing

HTTP/3 negotiation and handshake breakdown.

Protocol not yet probed
Connection Handshake Timingawaiting measurement
DNS
Domain resolution
TCP
Connection handshake
TLS
Secure negotiation
TTFB
Time to first byte
Zero-duration phases indicate a reused connection (HTTP/2 multiplexing or keep-alive).
Terminal Documentation

Frequently Asked Questions

How do I check my public IP address?
NetStats runs entirely in the browser: it fetches your public IPv4 from api.ipify.org and your IPv6 (if reachable) from api64.ipify.org, then resolves the ISP, ASN, city, and country via geojs.io. No data is proxied through a server — every request goes straight from your browser to the public API.
What is IPv6, and do I have it?
IPv6 is the modern 128-bit IP address format that replaces IPv4. Every device can get a globally routable IPv6 without NAT. If the IPv6 field shows 'Not Supported' here, your ISP or router is IPv4-only. On mobile you'll typically see an address starting with 2a00–2a0f or 2001; residential fibre often advertises IPv6 via SLAAC under a /56 or /64 prefix.
How does a WebRTC VPN leak test work?
WebRTC uses STUN servers to discover the public IP of each endpoint for peer-to-peer connections. Even through a VPN, a browser can reveal your real address via ICE candidate gathering. NetStats opens an RTCPeerConnection against Google and Cloudflare STUN, classifies every candidate by scope (host, srflx, relay, mDNS), and flags a leak when a public candidate differs from your measured egress IP.
What is HTTP/3 and how is it different from HTTP/2?
HTTP/3 runs on QUIC (UDP) instead of TCP. That means faster connection setup (0-RTT resumption), head-of-line-blocking-free multiplexing, and better performance on lossy networks. NetStats inspects PerformanceResourceTiming.nextHopProtocol after a probe fetch to speed.cloudflare.com; if it returns 'h3' your browser negotiated HTTP/3, otherwise it's on h2 or http/1.1.
What is the difference between TCP and QUIC?
TCP is stream-based and needs three-way handshake + TLS (2-3 round trips) before any data moves; a single lost packet blocks all streams (head-of-line blocking). QUIC runs over UDP, integrates TLS 1.3, and lets independent streams progress independently when packets are lost. That's why HTTP/3 over QUIC usually beats HTTP/2 over TCP on mobile and Wi-Fi.
How accurate is a browser-based speed test?
A single TCP stream saturates to the bandwidth-delay product and spends its first seconds in slow-start, so single-stream tests under-report on anything above ~100 Mbps. NetStats opens four parallel streams to speed.cloudflare.com, discards the first 500 ms warm-up window, and measures 6 seconds of steady-state throughput — matching how Ookla and Cloudflare's own speed test operate.
How is ping latency measured from a browser without ICMP?
Browsers cannot send ICMP, so NetStats times HTTP round-trips to each target using performance.now(). A warm-up fetch establishes the TCP/TLS connection first; the next 4 requests reuse that connection, so their timing approximates network RTT plus a few ms of HTTP overhead. The displayed value is the median — robust against one-off spikes.
Why does my IPv4 address change between refreshes?
Mobile carriers (Cosmote, Vodafone, T-Mobile, AT&T, etc.) use Carrier-Grade NAT. Thousands of subscribers share a pool of public IPv4s, and each outbound TCP/UDP connection is hashed onto one pool member by 5-tuple. So api.ipify.org can return a different IPv4 on consecutive requests without anything changing on your device. Your IPv6, if present, is stable and personally-identifying.
What is an ASN and why should I care?
An Autonomous System Number identifies the network that advertises a block of IP addresses via BGP. AS13335 is Cloudflare, AS15169 is Google, AS8075 is Microsoft. Knowing your ASN tells you who's actually carrying your traffic — useful for debugging routing, confirming a VPN / proxy is active, or verifying you're hitting the carrier you're paying for.
What is DNS-over-HTTPS (DoH) and why is the DoH ping here?
DoH (RFC 8484) sends DNS queries over HTTPS to resolvers like dns.google and 1.1.1.1, encrypting the lookup and preventing ISP-level tampering. NetStats times a resolve of example.com against Google DoH as a proxy for DNS responsiveness. High DoH latency usually signals a congested or geographically distant recursive resolver, not a problem with the domain itself.