I just discovered that my lineageOS (starlte) is doing a connection to amazonaws every time I'm using GPS (doesn't matter which app). The used port indicates that its a SUPL connect for assisted GPS (which I deactivated) . But I didn't found a configuration file like gps.conf to change that. Probem is: Those SUPL requests are known to reveal IMEI and location.
Code:
starlte:/ # tcpdump -i any -s0 port 7275
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12:01:27.77129 IP 192.168.179.29.33724 > ec2-52-34-211-161.us-west-2.compute.amazonaws.com.7275: Flags [S], seq 2728158607, win 65535, options [mss 1460,sackOK,TS val 4294942063 ecr 0,nop,wscale 6], length 0
15:06:27.777399 IP ec2-52-34-211-161.us-west-2.compute.amazonaws.com.7275 > 192.168.179.29.33724: Flags [R.], seq 0, ack 2728158608, win 0, length 0
Hi,
You should sniff the packet that are sent/received through these connections, both to know what information is leaking and to know of who are these servers.
you could setup a bridge connection on a PC , Fiddler should be the software for you. Or wireshark if you are more advanced.
I've also seen this on multiple of my past devices
Related
Hi!
First: I do not know wether General discussion - Networking would be a better place, so if an admin thinks so, please move this thread.
my problem: after some hours, offen after night, my wlan does not work properly:
my config:
2 WLAN-routers Syslink WRT54G with DD-WRT v24-sp2 with identical config (SSID and so on - but of course different channels):
two virtual WLANs on each
1) WPA(2) Enterprise with username/pass or user certificate
radius server
for individual users
2) WPA(2) PSK for wlan radios and so on
my Desire uses 1) (tried both: username and certificate, same result)
my Desire:
various radios, now 5.10.05.23
LeeDroid V2.0a Froyo
my problem:
after some hours in the Wi-Fi config I got:
Wi-Fi: Authenticating with MY_SSID...
and this messages does not change.
This has interesting effects to my Desire:
there is still the wlan symbol in status bar, no G3 (mobile network setting is on) so my Desire seems to know, that wlan is working
htc weather app - refresh - "Unable to connect You need a network connection to use this application. Please turn on mobile network or Wi-Fi"
standard internet browser - internet works fine
http://mobil.tagesschau.de Streaming of Tagesschau in 100 Sekunden
popup "Movies or Streaming Media Player" - Movies = all works, Streaming = "Connection failes This application requieres network access ..."
Astrid snyc - works
maps - works
K-9 - new mails are received after manual "check mail" but not pushed via IMAP idle
via *#*#4636#*#*
Wifi Config
* ID 5 SSID: "MY_SSID" BSSID: null
PRIO: 67
KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN
AuthAlgorithms:
PairwaiseCiphers: TKIP CCMP
GroupCiphers: WEP40 WEP104 TKIP CCMP
PSK:
eapEAP
phase2: auth=MSCHAPV2
identity: My User Name
anonymous_identity:
password: xxxxxx
client_cert:
private_key:
ca_cert:
Wifi Status
Wifi State: enabled
Network State: Authenticating with MY_SSID
Supplicant State: COMPLETED
RSSI: -61
BSSID: 00:14:xxxx
SSID: MY_SSID
Hidden SSID: false
IPaddr: 192.168.1.15
MAC addr: 38:xxxx
Network ID: 5
Link Speed: 54 Mbps
Scan results:
run ping test:
ping IpAddr: pass
ping Hostname (www.google.com): pass
HTTP Client test: pass
even if there is an "authentication ..." message
my radius server log shows me no authentication process, no working and no failing one.
so, now I have to options:
wifi off/on or
going to the second wlan ap, so my Desire switches to it because this is then the stronger wifi
signal
in wifi setting now: Connecting MY_SSID, scan, Connecting, Connected with MY_SSID
after this K-9 get immediately new mails pushed via imap idle, weather updating works, streaming is fine ... and my radius server log shows me an authentication process
(I swaped both routers but no effect for my problem.)
changes in *#*#4636#*#*
Wifi State: enabled
Network State: Connected to MY_SSID
RSSI: -64
Any idea for this strange phenomenon? It is very annoying!
nobody here who uses WPA enterprise / wpa with radius?
Hi
were you able to ever fix this problem. I am currently having the same issue
thanks
there is an issue in google's android bugtracker, with many concerned users, but no help by google.
http://code.google.com/p/android/issues/detail?id=12125
Hi Folks
Does anyone know if there is a ROM that fixes this issue, or if there is a fix anywhere. We have a number of Desires in the office which all suffer this issue when connected to our Cisco based WiFi network (WPA Enterprise). We have managed to get IT to extend the re-auth period to 1hr, but they will go no further. Current work around is to take a walk to the other side of the office and force a re-associate to a new AP (or dis/enable wifi on the phone). Not ideal.
Thanks
there is still no fix to this, but I found a working solution:
Fix My Wifi
https://market.android.com/details?...wsMSwxLDEsImNvLnVrLnN5c2x5bnguZml4bXl3aWZpIl0.
https://market.android.com/details?...xLDEsImNvLnVrLnN5c2x5bnguZml4bXl3aWZpZGVtbyJd
HTH
I'm trying to confirm whether or not ICS ignores DHCP obtained DNS settings. Could someone with a Galaxy Nexus and the ability to sniff wireless traffic (or at the router level) check to see if it's making queries to Googles server (8.8.8.8) or the DHCP obtained server?
I'm running a preview build of ICS on my HTC Incredible and it's querying 8.8.8.8 instead of 192.168.1.1. I'm running a dual stack network so if I change from DHCP to static DNS settings, I see strange behaviour. After a short while on static IPv4 settings, only DNS AAAA record lookups are attempted.
Using Gingerbread 2.3.7 (dhcpcd 4.0.15 instead of ICSs 5.2.10) on another Incredible, the proper DNS server is utilized.
Thanks
An easier way to check is to connect with adb and run the following:
Code:
> adb shell
$ getprop | grep dns
Using tcpdump I've confirmed that the Incredible running ICS is not requesting DHCP option 119.
The DHCP ACK packet is missing both option 6 and 15 and therefore the DNS property is showing 8.8.8.8
Terminal emulator anyone?
Code:
$ getprop | grep dns
Nevermind. I found the problem. It was with the preview build on the Incredible.
dhcpcd.conf, interface != eth0
Hello,
I am currently running codefireX SR14. My provider is Petro-Canada Mobility. I am having issues when tethering through their "unlimited browsing service" Basically this service only allows http/SSL TCP traffic on ports 80/443.
Anyhow, I've been using autoproxy and this has allowed me greater functionality of most apps. Here lies the problem. When I attempt to tether (wifi hotspot or USB) Traffic is not being forwarded at all from the hotspot gateway. As a result, connected hosts cannot access the internet. After doing some initial troubleshooting, I have concluded the issue appears to be the OS itself.
Regardless of the situation, the hotspot gateway will not forward traffic with autoproxy connected, disconnected, or if I use my Junos VPN.
As a result I have 2 questions:
1)How does the Android tether operate?
2)Are there any "Backend" options I can access someone to force the gateway to forward traffic through autoproxy or my Junos VPN?
I have included the trouble shooting results below:
When tethered:
My PC IP = 192.168.43.83
gateway = 192.168.43.1
Ping to gateway is ok:
>ping 192.168.43.1
Pinging 192.168.43.1 with 32 bytes of data:
Reply from 192.168.43.1: bytes=32 time=23ms TTL=64
Reply from 192.168.43.1: bytes=32 time=2ms TTL=64
Reply from 192.168.43.1: bytes=32 time=1ms TTL=64
Reply from 192.168.43.1: bytes=32 time=1ms TTL=64
Ping statistics for 192.168.43.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
This means my PC can reach the gateway fine (with autoproxy on and off) With that in mind, I try to ping the Petro-Canada proxy server:
Proxy server IP = 10.128.1.69
Ping to Proxy server fails
>ping 10.128.1.69
Pinging 10.128.1.69 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.128.1.69:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
This happens regardless if autoproxy is connected or disconnected. What this means is that the gateway traffic on my phone is not being properly forwarded.
When I usb tether it's the same issue:
PC IP:192.168.42.142
Gateway:192.168.42.129
Ping to gateway is ok:
>ping 192.168.42.129
Pinging 192.168.42.129 with 32 bytes of data:
Reply from 192.168.42.129: bytes=32 time<1ms TTL=64
Reply from 192.168.42.129: bytes=32 time<1ms TTL=64
Reply from 192.168.42.129: bytes=32 time<1ms TTL=64
Reply from 192.168.42.129: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.42.129:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Ping to Proxy server fails
>ping 10.128.1.69
Pinging 10.128.1.69 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.128.1.69:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
This happens regardless if autoproxy is connected or disconnected. What this means is that the gateway traffic on my phone is not being properly forwarded.
At this point I believe the issue to be Android OS. I am running Jellybean 4.2.2, I also have Junos VPN installed, and I have full internet from my phone when connected (all ports tcp/udp) through Petro-Canada unlimited browsing. I still run into the same issue where trying to ping any outside IP results in a timeout. (i.e Google DNS 8.8.8.8)
I fixed the issue. I'm not sure if it's the ROM or my provider.
Hey friends can anybody plz upload this file
System/etc/firmware/wlan/prima/
WCNSS_qcom_cfg.ini
Wifi reception on xperia sp is very weak.
I found dat on xperia m it is very gud
So will try this file on xsp
Thanks
Sent from my C5303 using Tapatalk
Here is the file content from xperia m dual c2005 fw 15.2.A.1.12 - android 4.2.2.
Code:
# This file allows user to override the factory
# defaults for the WLAN Driver
# Enable IMPS or not
gEnableImps=1
# Enable/Disable Idle Scan
gEnableIdleScan=0
# Increase sleep duration (seconds) during IMPS
# 0 implies no periodic wake up from IMPS. Periodic wakeup is
# unnecessary if Idle Scan is disabled.
gImpsModSleepTime=0
# Enable BMPS or not
gEnableBmps=1
# Enable suspend or not
# 1: Enable standby, 2: Enable Deep sleep, 3: Enable Mcast/Bcast Filter
gEnableSuspend=3
# Phy Mode (auto, b, g, n, etc)
# Valid values are 0-9, with 0 = Auto, 4 = 11n, 9 = 11ac
gDot11Mode=0
# Handoff Enable(1) Disable(0)
gEnableHandoff=0
# CSR Roaming Enable(1) Disable(0)
gRoamingTime=0
# Assigned MAC Addresses - This will be used until NV items are in place
# Each byte of MAC address is represented in Hex format as XX
Intf0MacAddress=000AF58989FF
Intf1MacAddress=000AF58989FE
Intf2MacAddress=000AF58989FD
Intf3MacAddress=000AF58989FC
#### UAPSD test Setting- Beginning#####
###Enable UAPSD AC Mask 0x8(BE) 0x4(BK) 0x2(VI) 0x1(VO)
### UapsdMask=0x03 for VI/VO, UapsdMask=0x0f for all AC
# UapsdMask=0x0f for TC 5.1 to 5.7
# UapsdMask=0x03 for TC 5.8 to 5.10
#UapsdMask=0x0f
#UapsdMask=0x03
### UAPSD service interval for VO,VI, BE, BK traffic
#InfraUapsdVoSrvIntv=200
#InfraUapsdVoSuspIntv=2000
#InfraUapsdViSrvIntv=300
#InfraUapsdViSuspIntv=2000
#InfraUapsdBeSrvIntv=400
#InfraUapsdBeSuspIntv=2000
#InfraUapsdBkSrvIntv=500
#InfraUapsdBkSuspIntv=2000
#DelayedTriggerFrmInt=18000
###Enable PsPoll
#gMaxPsPoll=5
####UAPSD test Setting- End#####
# UAPSD service interval for VO,VI, BE, BK traffic
InfraUapsdVoSrvIntv=0
InfraUapsdViSrvIntv=0
InfraUapsdBeSrvIntv=0
InfraUapsdBkSrvIntv=0
# Make 1x1 the default antenna configuration
gNumRxAnt=1
# Beacon filtering frequency (unit in beacon intervals)
gNthBeaconFilter=50
# Enable WAPI or not
# WAPIIsEnabled=0
# Flags to filter Mcast abd Bcast RX packets.
# Value 0: No filtering, 1: Filter all Multicast.
# 2: Filter all Broadcast. 3: Filter all Mcast abd Bcast
McastBcastFilter=3
#Flag to enable HostARPOffload feature or not
hostArpOffload=1
#SoftAP Related Parameters
# AP MAc addr
gAPMacAddr=000AF589dcab
# 802.11n Protection flag
gEnableApProt=1
#Enable OBSS protection
gEnableApOBSSProt=1
#Enable/Disable UAPSD for SoftAP
gEnableApUapsd=1
# Fixed Rate
gFixedRate=0
# Maximum Tx power
# gTxPowerCap=30
# Fragmentation Threshold
# gFragmentationThreshold=2346
# RTS threshold
RTSThreshold=2347
# Intra-BSS forward
gDisableIntraBssFwd=0
# WMM Enable/Disable
WmmIsEnabled=0
# 802.11d support
g11dSupportEnabled=1
# 802.11h support
g11hSupportEnabled=1
# CCX Support and fast transition
CcxEnabled=0
FastTransitionEnabled=1
ImplicitQosIsEnabled=1
gNeighborScanTimerPeriod=200
gNeighborLookupThreshold=76
gNeighborReassocThreshold=81
gNeighborScanChannelMinTime=20
gNeighborScanChannelMaxTime=30
gMaxNeighborReqTries=3
# Legacy (non-CCX, non-802.11r) Fast Roaming Support
# To enable, set FastRoamEnabled=1
# To disable, set FastRoamEnabled=0
FastRoamEnabled=1
#Check if the AP to which we are roaming is better than current AP in terms of RSSI.
#Checking is disabled if set to Zero.Otherwise it will use this value as to how better
#the RSSI of the new/roamable AP should be for roaming
RoamRssiDiff=3
# If the RSSI of any available candidate is better than currently associated
# AP by at least gImmediateRoamRssiDiff, then being to roam immediately (without
# registering for reassoc threshold).
# NOTE: Value of 0 means that we would register for reassoc threshold.
gImmediateRoamRssiDiff=10
# SAP Country code
# Default Country Code is 2 bytes, 3rd byte is optional indoor or out door.
# Example
# US Indoor, USI
# Korea Outdoor, KRO
# Japan without optional byte, JP
# France without optional byte, FR
#gAPCntryCode=USI
#Short Guard Interval Enable/disable
gShortGI20Mhz=1
gShortGI40Mhz=1
#Auto Shutdown Value in seconds. A value of 0 means Auto shutoff is disabled
gAPAutoShutOff=0
# SAP auto channel selection configuration
# 0 = disable auto channel selection
# 1 = enable auto channel selection, channel provided by supplicant will be ignored
gApAutoChannelSelection=0
# Listen Energy Detect Mode Configuration
# Valid values 0-128
# 128 means disable Energy Detect feature
# 0-9 are threshold code and 7 is recommended value from system if feature is to be enabled.
# 10-128 are reserved.
# The EDET threshold mapping is as follows in 3dB step:
# 0 = -60 dBm
# 1 = -63 dBm
# 2 = -66 dBm
# ...
# 7 = -81 dBm
# 8 = -84 dBm
# 9 = -87 dBm
# Note: Any of these settings are valid. Setting 0 would yield the highest power saving (in a noisy environment) at the cost of more range. The range impact is approximately #calculated as:
#
# Range Loss (dB) = EDET threshold level (dBm) + 97 dBm.
#
gEnablePhyAgcListenMode=128
#Preferred channel to start BT AMP AP mode (0 means, any channel)
BtAmpPreferredChannel=0
#Preferred band (both or 2.4 only or 5 only)
BandCapability=0
#Beacon Early Termination (1 = enable the BET feature, 0 = disable)
enableBeaconEarlyTermination=1
beaconEarlyTerminationWakeInterval=10
gEnableModulatedDTIM=3
#Bluetooth Alternate Mac Phy (1 = enable the BT AMP feature, 0 = disable)
gEnableBtAmp=0
#SOFTAP Channel Range selection
gAPChannelSelectStartChannel=1
gAPChannelSelectEndChannel=11
#SOFTAP Channel Range selection Operating band
# 0:2.4GHZ 1: LOW-5GHZ 2:MID-5GHZ 3:HIGH-5GHZ 4: 4.9HZ BAND
gAPChannelSelectOperatingBand=0
#Channel Bonding
gChannelBondingMode5GHz=1
#Enable Keep alive with non-zero period value
gStaKeepAlivePeriod = 30
#AP LINK MONITOR TIMEOUT is used for both SAP and GO mode.
#It is used to change the frequency of keep alive packets in the AP Link Monitor period which is by
#default 20s. Currently the keep alive packets are sent as an interval of 3s but after this change
#the keep alive packet frequency can be changed.
#gApLinkMonitorPeriod = 3
#If set will start with active scan after driver load, otherwise will start with
#passive scan to find out the domain
gEnableBypass11d=1
#If set to 0, will not scan DFS channels
gEnableDFSChnlScan=1
gVhtChannelWidth=2
gEnableLogp=1
# Enable Automatic Tx Power control
gEnableAutomaticTxPowerControl=1
# 0 for OLPC 1 for CLPC and SCPC
gEnableCloseLoop=1
#Data Inactivity Timeout when in powersave (in ms)
gDataInactivityTimeout=200
# VHT Tx/Rx MCS values
# Valid values are 0,1,2. If commented out, the default value is 0.
# 0=MCS0-7, 1=MCS0-8, 2=MCS0-9
gVhtRxMCS=2
gVhtTxMCS=2
# Enable CRDA regulatory support by settings default country code
#gCrdaDefaultCountryCode=TW
# Scan Timing Parameters
# gPassiveMaxChannelTime=110
# gPassiveMinChannelTime=60
# gActiveMaxChannelTime=40
# gActiveMinChannelTime=20
#If set to 0, MCC is not allowed.
gEnableMCCMode=1
# 1=enable STBC; 0=disable STBC
gEnableRXSTBC=1
# Enable Active mode offload
gEnableActiveModeOffload=1
#Enable Scan Results Aging based on timer
#Timer value is in seconds
#If Set to 0 it will not enable the feature
gScanAgingTime=0
#Enable Power saving mechanism Based on Android Framework
#If set to 0 Driver internally control the Power saving mechanism
#If set to 1 Android Framwrok control the Power saving mechanism
isAndroidPsEn=0
#disable LDPC in STA mode if the AP is TXBF capable
gDisableLDPCWithTxbfAP=1
isP2pDeviceAddrAdministrated=1
gReportMaxLinkSpeed=1
#Enable thermal mitigation
gThermalMitigationEnable=1
END
# Note: Configuration parser would not read anything past the END marker
Thanks.
But can u upload the file itself?
Sent from my C5303 using xda app-developers app
Ok
http://www16.zippyshare.com/v/72467115/file.html
Thanks a lot.
Will let u know if it works
Hello!
I'm trying to create an OpenVPN tap tunnel on my Galaxy Nexus, CyanogenMod 13.0-20160820.
The problem is, that no traffic is routed through the tap interface.
When the tunnel is up and I run "tcpdump -i tap0" on the phone, I can see broadcast traffic from my local network.
So I think the OpenVPN configuration is ok.
On the phone I can also ping machines in the local network using "ping -I tap0 192.168.1.xxx".
But it doesn't work if I omit the "-I tap0" option.
There is also a route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 tap0
I also tried using a bridge between interfaces tap0 and dummy0, with no success.
Maybe iptables or sysctl needs modification ?!
edit: dhcp works too, using "dhcptool tap0"
edit: it works now, policy-based routing did the trick