Remove All Ads from XDA

How does WiFi-Tethering work and how do carriers detect it?

326 posts
Thanks Meter: 112
By McDV, Senior Member on 24th July 2010, 11:53 AM
Post Reply Email Thread

In german boards there are several speculations about how the N1's WiFi tethering works and how carriers might detect it. But there are no real facts, it seems like there is no one, who really knows about it.

Maybe here are some kind of "cracks", who really know what they are talking about and can provide some real information about it.

How does N1-tethering work? I guess it uses NAT-routing. Is this right? And the probably most important part: How do carriers detect tethering? They officially claim, they could detect it. But the question is, which way do they do this? Can they only detect if you use tethering at all, or do they also have the ability to separate between tethered data and phone's data? Only in that case they would be capable to bill the tethered data (here in Germany some carriers do not prohibit tethering, they can only charge about 50 cent per MB).

Is it possible, that the carrier only detect several devices, that connect to the internet using tethering? I'm a vodafone-customer and I've tried tethering my iPad and my Linux-Netbook several times. Nothing has been charged. Other customers, having the same data-plan, reported, that they habe been charged for tethering within minutes.

Maybe someone can answer my questions.
24th July 2010, 11:57 AM |#2  
Senior Member
Thanks Meter: 19
I dont know how it works but "I would imagine the request headers are what the provider is reading in order to determine the device/browser that is making the request."
24th July 2010, 12:33 PM |#3  
OP Senior Member
Thanks Meter: 112
If it really is like that, then I would just have to use Cisco-VPN on my iPad and they would not be able to read any requests anymore.

But someone in the official German vodafone-board said, the user-agent doesn't matter. And he seemed to be very sure about that. But unfortunately he didn't tell anything else. If you think of Dolphin for Android, which allows you to change the browser-identification, it really looks like this is nothing the carrier could make use of.
24th July 2010, 02:10 PM |#4  
GldRush98's Avatar
Senior Member
Flag Taylorville, IL.
Thanks Meter: 324
Originally Posted by cymru

I dont know how it works but "I would imagine the request headers are what the provider is reading in order to determine the device/browser that is making the request."

I don't believe this to be accurate as phones are capable of changing their user agent to mimic a desktop browser, so it wouldn't be a reliable way of identifying a tethered connection.
IMO, there is no 100% fool proof way as it sits. The carrier can look at the traffic patterns though and might be able to figure it out though. Remember when you're connected to your carrier everything you do is going through their gateway, so they can see everything you're doing.
I agree that if you're wanting to make 100% sure they don't know, a VPN tunneling traffic would work. Once the traffic is encrypted, they have no way to tell what is happening, aside from the actual amount of data being transferred, which is why a lot of carriers in the USA or switching away from unlimited data plans and offering only limited ones (i.e. a 2gb or 5gb limit on plans).
24th July 2010, 03:36 PM |#5  
Senior Member
Thanks Meter: 972
It was discussed here a couple of months ago, I remember..
The discussion ended in - if the phone specifically didn't send the carrier any sign that it's tethering, detection of tethering would require heuristic scan patterns on the data that's being transferred - and would violate some "internet openness" rules in the process, and possibly allow a legal case against the carrier.

So, do you by any chance have custom ROM and your friends have official carrier ROMs? That might explain the difference.
24th July 2010, 05:23 PM |#6  
Junior Member
Thanks Meter: 0
People in spain have reported being charged more by vodafone (they charge you more if you tether and your plan doesnt cover it) by simply using an app on the phone that changed the browser's user agent to mimic a desktop one.

I dont know whether it is or it isnt legal to read the 'headers' of HTTP messages. It's more to do with the protocol than with the content, and both ends need to be able to read these things to actually work, some routers may even scoop just to adjust to different QoS patterns or whatever. So it might be legal after all.
25th July 2010, 07:12 AM |#7  
Senior Member
Flag Brooklyn, NY
Thanks Meter: 592
Port activity can tell you're tethering or not; moreover, tethering does likely bypass proxy server which is used for phone only.
25th July 2010, 10:18 AM |#8  
OP Senior Member
Thanks Meter: 112
Ok, to find out more I've made a little research about how to generally detect Network Address Translation and I've made some tests.

As it seems, the Browser-Identification won't work. Maybe in spain there are some data-plans which only allow browsing with the special phone's browser and only using HTTP-Connections. But that's not suitable for a real data plan, which allows you, to send every data you like from your phone. On the other hand, at least in Germany, I think they wouldn't be allowed to read the data content of TCP-packets.

Then I've used a packet sniffer to find out, how different devices (N1, iPad and Kubuntu10.04) handle things like outgoing ports and packet IDs.
Both won't be very likely to use by the carrier, because Android doesn't increment them, but uses it by shuffle. The iPad also shuffles the packet IDs, but increments the ports. I think this will not matter, because the NAT will redirect the ports anyway. Only Kubuntu increments packet IDs and as they normally aren't changed by NAT, carriers could detect that. In general, all of the devices used outgoing ports between 35,000 and 55,000.

Possibly they could look at the time to live of the packets. The interesting question is, how the N1's NAT handels the TTL. Normally, a router decrements the TTL by 1. But it doesn't have to.
All of my tested devices use a TTL of 64 for outgoing packets (no one will wonder about that, because all those system are based on UNIX or Linux). So, if the NAT decrements the TTL, the carrier could detect tethered packets quite easily. Normal packets would reach the carrier's gateway with TTL 64, tethered packets with TTL 63. Maybe, the NAT doesn't decrement the TTL. Then the carrier wouldn't be able to detect it this way, except of this: As I read, Windows-Systems use a TTL of 128, so the carrier ould detect this immediately, no matter if it's decremented or not. This would explain why some people tell they could tether other phones without being billed, but getting charged when tethering their PC. This could only be covered, if the NAT would rewrite the TTL with 64. It don't think it does.

Maybe someone, who has a rooted phone (mine is not rooted, it's a normal FRF91), could install packet sniffer from the market and then catch some packets while tethering. Then we could have a look at the packet's headers and maybe find out, what the NAT does with the TTL.
25th July 2010, 12:32 PM |#9  
MaximReapage's Avatar
Senior Member
Anchorage, AK
Thanks Meter: 2
FYI this isn't technically a problem in the US - it's illegal for carriers to monitor the actual data streams without a warrant.
2nd August 2010, 05:36 PM |#10  
dan1431's Avatar
Senior Member
Thanks Meter: 28
My understanding is that tethering (WiFi/USB) can be accomplished in two different fashions.

1) The phone (in this case the Nexus One) acts as the modem and router and re-requests whatever the tethered device requested. Thus, the mobile operator sees the Nexus One as using the DATA rather than the actual device requesting the DATA.

2) The phone simply passes the requests to mobile operator along with some identifying info about the requesting device. (the preferred method by the mobile operators)

I have no idea which method the Nexus One (FroYo) employs, but I have a suspicion that it is method 1.

3rd August 2010, 06:55 AM |#11  
Senior Member
Flag Paradise,CA
Thanks Meter: 6
i Will say it does work as a wifi hotspot, so i connected using my ipad up to the ssid the nexus made, and connected fine, but un sure if charges will appear, i will keep a eye out on my next bill.. but they dont detect then that saves me $25/mon for the 3g data, if i can just use my phone $30 unlimited..
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes