Free Network Diagnostics: Check IP, Run Speed Test, Measure HTTP Round-Trip Time, and Detect VPN Leaks
NetStats is a developer tool for testing network health: discover your public IPv4 and IPv6 addresses, look up ISP and ASN, measure download and upload bandwidth with multi-stream probes, benchmark HTTP round-trip time and jitter against Google, Cloudflare, AWS, Discord, and GitHub edges (browsers can't send ICMP), detect WebRTC VPN leaks through STUN, verify HTTP/3 and QUIC negotiation, time DNS-over-HTTPS resolution, and break down TCP and TLS handshake phases.
IPv4
IPv6
Section_01
Core Connection Metrics
Exit node discovery, ISP profile, and WebRTC leak surface analysis.
Connection Profile
Resolved via public lookup services.
Public IPv4
Public IPv6
ISP
Organization
ASN
Location
Timezone
WebRTC VPN / DNS Leak Test
ICE candidate discovery via public STUN servers.
Public (srflx / prflx)
Local / mDNS
Total Candidates
If a VPN is active, WebRTC should only expose your VPN IP or mDNS hostnames. Public addresses outside your VPN indicate a leak. IPv6 candidates can bypass IPv4-only VPNs entirely.
WARP Exposure
Checking whether Cloudflare can see past your VPN…
Section_02
Speed & HTTP Round-Trip Time
Parallel throughput to Cloudflare edge, plus an HTTP round-trip time board against global targets (browsers can't send ICMP).
Speed Test
Download
Upload
Average HTTP RTT
—
Jitter
—
HTTP RTT Min / Max
—
Download Bytes
—
Upload Bytes
—
4 parallel TCP streams · 500ms warmup · 6s measurement window · gauge auto-scales between 10 Mbps and 10 Gbps based on observed throughput.
HTTP Round-Trip Time · Server Status Boardmedian of 4 HTTP request/response times (browsers can't send ICMP) · expect values higher than
ping <host> at the terminalGOOGLE
CLOUDFLARE
AWS
DISCORD
GITHUB
[GOOGLE] [CLOUDFLARE] [AWS] [DISCORD] [GITHUB]
< 50ms 50–150ms> 150ms
Section_03
HTTP/3 (QUIC) vs HTTP/1–2 (TCP) Race
Fire thousands of tiny requests and watch each one get classified by its transport — HTTP/3 over QUIC, HTTP/1.1 or HTTP/2 over TCP, or a genuine fetch failure.
Samples
SentHTTP/3 · QUICHTTP/1–2 · TCPFailedempty = queued
Requests0 / 1000 (0%)
Total1000
HTTP/3 · QUIC0
HTTP/1–2 · TCP0
Failed0
Section_04
Protocol & Browser Diagnostics
HTTP/3 negotiation, effective connection type, and handshake timing breakdown.
Connection Handshake Timing
DNS
Domain resolution
TCP
Connection handshake
TLS
Secure negotiation
TTFB
Time to first byte
Zero-duration phases indicate a reused connection (HTTP/2 multiplexing or keep-alive).
Terminal Documentation
Frequently Asked Questions
How do I check my public IP address?
NetStats races several independent public IP services in parallel — ipify, icanhazip, and ident.me — for both IPv4 and IPv6, so a single vendor outage never stalls the lookup. Whichever provider answers first wins. Geo enrichment runs the same way: get.geojs.io and ipinfo.io are queried concurrently and their results merged field-by-field. If every public provider fails (captive networks, regional blocks), the dashboard falls back to a same-origin IP endpoint that derives your address and geo from the request itself.
What is IPv6, and do I have it?
IPv6 is the modern 128-bit IP address format that replaces IPv4. Every device can get a globally routable IPv6 without NAT. If the IPv6 field shows 'Not Supported' here, your ISP or router is IPv4-only. On mobile you'll typically see an address starting with 2a00–2a0f or 2001; residential fibre often advertises IPv6 via SLAAC under a /56 or /64 prefix.
How does a WebRTC VPN leak test work?
WebRTC uses STUN servers to discover the public IP of each endpoint for peer-to-peer connections. Even through a VPN, a browser can reveal your real address via ICE candidate gathering. NetStats opens an RTCPeerConnection against Google and Cloudflare STUN, classifies every candidate by scope (host, srflx, relay, mDNS), and flags a leak when a public candidate differs from your measured egress IP.
What is HTTP/3 and how is it different from HTTP/2?
HTTP/3 runs on QUIC (UDP) instead of TCP. That means faster connection setup (0-RTT resumption), head-of-line-blocking-free multiplexing, and better performance on lossy networks. NetStats inspects PerformanceResourceTiming.nextHopProtocol after a probe fetch to speed.cloudflare.com; if it returns 'h3' your browser negotiated HTTP/3, otherwise it's on h2 or http/1.1.
What is the difference between TCP and QUIC?
TCP is stream-based and needs three-way handshake + TLS (2-3 round trips) before any data moves; a single lost packet blocks all streams (head-of-line blocking). QUIC runs over UDP, integrates TLS 1.3, and lets independent streams progress independently when packets are lost. That's why HTTP/3 over QUIC usually beats HTTP/2 over TCP on mobile and Wi-Fi.
How accurate is this speed test?
A single TCP stream saturates to the bandwidth-delay product and spends its first seconds in slow-start, so single-stream tests under-report on anything above ~100 Mbps. NetStats opens four parallel streams to speed.cloudflare.com, discards the first 500 ms warm-up window, and measures 6 seconds of steady-state throughput — matching how Ookla and Cloudflare's own speed test operate.
What does the HTTP Round-Trip Time board actually measure? Is it ping?
It's not ICMP ping — browsers can't send ICMP packets (no raw sockets). NetStats times HTTP request/response to each target using performance.now(). A warm-up fetch establishes the TCP/TLS connection first; the next 4 requests reuse that keep-alive connection, so their timing approximates network RTT plus a few ms of HTTP request/parse overhead. The displayed value is the median. Expect numbers higher than `ping <host>` at the terminal: warm HTTP keep-alive adds ~5–10ms above ICMP RTT, cold HTTP can add 100ms+ (TCP + TLS handshakes).
Why does my IPv4 address change between refreshes?
Mobile carriers (Cosmote, Vodafone, T-Mobile, AT&T, etc.) use Carrier-Grade NAT. Thousands of subscribers share a pool of public IPv4s, and each outbound TCP/UDP connection is hashed onto one pool member by 5-tuple. So even the same source (whether it's our /api/ip function or api.ipify.org) can return a different IPv4 on consecutive requests without anything changing on your device. Your IPv6, if present, is stable and personally-identifying.
What is an ASN and why should I care?
An Autonomous System Number identifies the network that advertises a block of IP addresses via BGP. AS13335 is Cloudflare, AS15169 is Google, AS8075 is Microsoft. Knowing your ASN tells you who's actually carrying your traffic — useful for debugging routing, confirming a VPN / proxy is active, or verifying you're hitting the carrier you're paying for.
What is DNS-over-HTTPS (DoH) and why is it on the HTTP RTT board?
DoH (RFC 8484) sends DNS queries over HTTPS to resolvers like dns.google and 1.1.1.1, encrypting the lookup and preventing ISP-level tampering. NetStats times a resolve of example.com against Google DoH as a proxy for DNS responsiveness. High DoH latency usually signals a congested or geographically distant recursive resolver, not a problem with the domain itself.