Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,810,679 Members 40,353 Now Online
XDA Developers Android and Mobile Development Forum

How does WiFi-Tethering work and how do carriers detect it?

Tip us?
 
McDV
Old
(Last edited by McDV; 24th July 2010 at 11:06 AM.)
#1  
Senior Member - OP
Thanks Meter 112
Posts: 326
Join Date: May 2008
Question How does WiFi-Tethering work and how do carriers detect it?

Hi!

In german boards there are several speculations about how the N1's WiFi tethering works and how carriers might detect it. But there are no real facts, it seems like there is no one, who really knows about it.

Maybe here are some kind of "cracks", who really know what they are talking about and can provide some real information about it.

How does N1-tethering work? I guess it uses NAT-routing. Is this right? And the probably most important part: How do carriers detect tethering? They officially claim, they could detect it. But the question is, which way do they do this? Can they only detect if you use tethering at all, or do they also have the ability to separate between tethered data and phone's data? Only in that case they would be capable to bill the tethered data (here in Germany some carriers do not prohibit tethering, they can only charge about 50 cent per MB).

Is it possible, that the carrier only detect several devices, that connect to the internet using tethering? I'm a vodafone-customer and I've tried tethering my iPad and my Linux-Netbook several times. Nothing has been charged. Other customers, having the same data-plan, reported, that they habe been charged for tethering within minutes.

Maybe someone can answer my questions.
 
cymru
Old
#2  
Senior Member
Thanks Meter 19
Posts: 501
Join Date: May 2007
I dont know how it works but "I would imagine the request headers are what the provider is reading in order to determine the device/browser that is making the request."

http://talk.maemo.org/archive/index.php/t-3757.html
 
McDV
Old
#3  
Senior Member - OP
Thanks Meter 112
Posts: 326
Join Date: May 2008
If it really is like that, then I would just have to use Cisco-VPN on my iPad and they would not be able to read any requests anymore.

But someone in the official German vodafone-board said, the user-agent doesn't matter. And he seemed to be very sure about that. But unfortunately he didn't tell anything else. If you think of Dolphin for Android, which allows you to change the browser-identification, it really looks like this is nothing the carrier could make use of.
 
GldRush98
Old
#4  
GldRush98's Avatar
Senior Member
Thanks Meter 269
Posts: 2,165
Join Date: Jun 2006
Location: Taylorville, IL.
Quote:
Originally Posted by cymru View Post
I dont know how it works but "I would imagine the request headers are what the provider is reading in order to determine the device/browser that is making the request."

http://talk.maemo.org/archive/index.php/t-3757.html
I don't believe this to be accurate as phones are capable of changing their user agent to mimic a desktop browser, so it wouldn't be a reliable way of identifying a tethered connection.
IMO, there is no 100% fool proof way as it sits. The carrier can look at the traffic patterns though and might be able to figure it out though. Remember when you're connected to your carrier everything you do is going through their gateway, so they can see everything you're doing.
I agree that if you're wanting to make 100% sure they don't know, a VPN tunneling traffic would work. Once the traffic is encrypted, they have no way to tell what is happening, aside from the actual amount of data being transferred, which is why a lot of carriers in the USA or switching away from unlimited data plans and offering only limited ones (i.e. a 2gb or 5gb limit on plans).
---Phone---
Nexus 5 32gb
Android 4.4.4 KTU84P, Baseband 2.0.50.1.16, Unlocked, rooted, TWRP Recovery 2.7.1.1
---Tablets---
Samsung Note 10.1 2014 Edition 32gb
Android 4.4.2 KOT49H, rooted, TWRP 2.6.3.3
Nexus 7 16gb
Android 4.4.2 KOT49H, Unlocked, rooted, TWRP Recovery 2.6.3.1
---Past---
Galaxy Nexus (AT&T)
Android 4.3 JWR66Y, Baseband I9250XXLJ1, Unlocked, rooted, Clockwork Touch 6.0.4.3
Google Nexus One | AT&T Fuze (Touch Pro) | AT&T 8525 (Hermes) | AT&T 8125 (Wizard)
 
Jack_R1
Old
#5  
Senior Member
Thanks Meter 948
Posts: 4,306
Join Date: Aug 2009
It was discussed here a couple of months ago, I remember..
The discussion ended in - if the phone specifically didn't send the carrier any sign that it's tethering, detection of tethering would require heuristic scan patterns on the data that's being transferred - and would violate some "internet openness" rules in the process, and possibly allow a legal case against the carrier.

So, do you by any chance have custom ROM and your friends have official carrier ROMs? That might explain the difference.
 
jcar87
Old
#6  
Junior Member
Thanks Meter 0
Posts: 22
Join Date: Jun 2009
People in spain have reported being charged more by vodafone (they charge you more if you tether and your plan doesnt cover it) by simply using an app on the phone that changed the browser's user agent to mimic a desktop one.

I dont know whether it is or it isnt legal to read the 'headers' of HTTP messages. It's more to do with the protocol than with the content, and both ends need to be able to read these things to actually work, some routers may even scoop just to adjust to different QoS patterns or whatever. So it might be legal after all.
 
mingkee
Old
#7  
Senior Member
Thanks Meter 256
Posts: 1,793
Join Date: May 2006
Location: Brooklyn, NY
Port activity can tell you're tethering or not; moreover, tethering does likely bypass proxy server which is used for phone only.
 
McDV
Old
#8  
Senior Member - OP
Thanks Meter 112
Posts: 326
Join Date: May 2008
Ok, to find out more I've made a little research about how to generally detect Network Address Translation and I've made some tests.

As it seems, the Browser-Identification won't work. Maybe in spain there are some data-plans which only allow browsing with the special phone's browser and only using HTTP-Connections. But that's not suitable for a real data plan, which allows you, to send every data you like from your phone. On the other hand, at least in Germany, I think they wouldn't be allowed to read the data content of TCP-packets.

Then I've used a packet sniffer to find out, how different devices (N1, iPad and Kubuntu10.04) handle things like outgoing ports and packet IDs.
Both won't be very likely to use by the carrier, because Android doesn't increment them, but uses it by shuffle. The iPad also shuffles the packet IDs, but increments the ports. I think this will not matter, because the NAT will redirect the ports anyway. Only Kubuntu increments packet IDs and as they normally aren't changed by NAT, carriers could detect that. In general, all of the devices used outgoing ports between 35,000 and 55,000.

Possibly they could look at the time to live of the packets. The interesting question is, how the N1's NAT handels the TTL. Normally, a router decrements the TTL by 1. But it doesn't have to.
All of my tested devices use a TTL of 64 for outgoing packets (no one will wonder about that, because all those system are based on UNIX or Linux). So, if the NAT decrements the TTL, the carrier could detect tethered packets quite easily. Normal packets would reach the carrier's gateway with TTL 64, tethered packets with TTL 63. Maybe, the NAT doesn't decrement the TTL. Then the carrier wouldn't be able to detect it this way, except of this: As I read, Windows-Systems use a TTL of 128, so the carrier ould detect this immediately, no matter if it's decremented or not. This would explain why some people tell they could tether other phones without being billed, but getting charged when tethering their PC. This could only be covered, if the NAT would rewrite the TTL with 64. It don't think it does.

Maybe someone, who has a rooted phone (mine is not rooted, it's a normal FRF91), could install packet sniffer from the market and then catch some packets while tethering. Then we could have a look at the packet's headers and maybe find out, what the NAT does with the TTL.
 
MaximReapage
Old
#9  
MaximReapage's Avatar
Senior Member
Thanks Meter 1
Posts: 300
Join Date: May 2009
Location: Anchorage, AK
FYI this isn't technically a problem in the US - it's illegal for carriers to monitor the actual data streams without a warrant.
 
dan1431
Old
#10  
dan1431's Avatar
Senior Member
Thanks Meter 9
Posts: 189
Join Date: Nov 2006
My understanding is that tethering (WiFi/USB) can be accomplished in two different fashions.

1) The phone (in this case the Nexus One) acts as the modem and router and re-requests whatever the tethered device requested. Thus, the mobile operator sees the Nexus One as using the DATA rather than the actual device requesting the DATA.

2) The phone simply passes the requests to mobile operator along with some identifying info about the requesting device. (the preferred method by the mobile operators)

I have no idea which method the Nexus One (FroYo) employs, but I have a suspicion that it is method 1.

Dan

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes