![]() If the expected response is not received, then it's likely that the wifi connection you're on is a "captive portal" and may need you to log in, or pay, to connect to it. You can learn a lot by what a device regularly communicates with.įor instance, many OSs these days do Captive Portal Detection when they first connect to a wifi network (such as your wifi tether connection), they do this by trying to connect to a known web server across the internet, and checking to see if they get the response that they're expecting. A side-effect of this may mean that if you're using an uncommon OS, or an OS that's similar to your phone's on your other device, your tethering may not be spotted. The combination of these values can give a "fingerprint" that can be used to identify what operating system is running on the originating device. TCP/IP Stack Fingerprintingĭifferent computer Operating Systems (eg Android, iOS, Windows, Mac OSX, Linux, etc) set up their TCP/IP stacks with different default values and settings (eg the Initial Packet Size, Initial TTL, Window Size.). The MAC address of your laptop's wifi card will have a very different manufacturer and serial code than the MAC address of your phone's 3G interface. Every network packet that is sent out will have been "stamped" with the MAC address of the originating device's network port. This is made up of two halves, one half identifying the manufacturer of the interface, and the other half being a unique identifier assigned by the manufacturer (like a serial number). MAC address inspectionĭevices on a TCP/IP network, like the internet, all have a unique MAC ID set on their network interfaces. The phone networks know what the expected TTLs from common devices are (for instance packets from an iPhone always start at a TTL of 64), and so they can spot when they're one less (or totally different) than they're expecting. ![]() When your phone is tethering it acts like a router so, as the packet passes from your tethered laptop through your phone and onto the phone network, your phone will subtract "1" from the TTL to show that the packet has passed through its first router. ![]() The way this works is that the packet starts with a TTL number (say 128) set on it when it leaves the sending device (your phone, or laptop), and then every time that packet travels through a router of any kind (like your home broadband router, or a router at your ISP or phone company) that router subtracts one from the TTL (which would decrement the TTL to 127 in this example), the next router it travels through will in turn decrement the TTL again, and so on, if the TTL ever reaches zero then the router it's at discards the packet and doesn't transmit it again. Inspecting the network packets for their TTL (time to live)Įvery network packet travelling across a TCP/IP network, like the internet, has a built-in time-to-live ( TTL) set on it, so that in case there is a problem with that packet reaching its destination this will stop it travelling around the network forever clogging everything up. However I haven't found any concrete evidence of this, other than people finding odd APNs and wondering what they're for (bear in mind that an unlocked phone bought off-contract may have hundreds or thousands of APNs stored on it, ready for use on whichever network in whichever country the eventual owner decides to use it). It's also rumoured that some phones have a second set of APN details saved in them by the phone network, when you enable tethering they switch over to using this second APN for all tethered traffic, while using the normal APN for traffic originating on the phone. Your phone tells your network that you are tethering This generally only happens if you are running an OS version that has been customized by your Provider, example 1 example 2. The first and easiest method is that some phones will query the network to check whether the current contract allows tethering, and then totally disable the tethering options on the device in software if not. However there are certain known techniques that will give away the fact that you're currently tethering, if your Service Provider happens to be running the right tool to check for these indicators: Your Phone asks your network if tethering is allowed How they detect that someone is tethering a device isn't something that network providers often want to talk about, for the obvious reason that the more consumers know about how this is being detected, the easier it is for them to find ways to hide the fact that they're doing it, and avoid the associated extra charges (1). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |