[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 466 30.9%
  • Saving battery

    Votes: 324 21.5%
  • Increasing privacy

    Votes: 836 55.4%
  • Blocking ads

    Votes: 973 64.4%

  • Total voters
    1,510
Search This thread

M66B

Recognized Developer
Aug 1, 2010
26,460
57,160
I want to use netguard to capture packets without blocking network requests. However, the network is slow or even fails when the app with a large number of network requests is captured. Check the pcap file and find many exceptions. I do not know what the cause is. Can you give me your opinion? I have attached the pcap log.
The PCAP log file needs to be written to very fast, as fast as the traffic and it looks like your device is not able to do this.
 

RichZ

Member
Jan 19, 2022
14
0
The problem is that all network traffic is routed through the VPN, including VoLTE.
Since VoLTE traffic is encrypted, there is no way to forward it.
The only thing you can do is find the system component responsible for VoLTE traffic and disable 'Apply rules and conditions' for it.
sorry to reply so late. On my Android 12 system VoLTE works fine with Netguard enabled so perhaps my system is somewhat special and doesn't route VoLTE through VPN.

However, as said I have a problem accepting VoLTE calls IF Netguard is enabled AND wifi disabled AND mobile data disabled AND phone locked. Note that it still works if wifi is enabled but not available. Also outgoing calls work fine, it is just accepting calls. Because it only happens when screen is locked I suspect it is a actually a problem with the screen unlocking which for some reason attempts an internet access and fails in some unusual way under this special circumstances.

Right now I simply leave on wifi at all times as a workaround which works. A Netguard option to disable itself if no data connection of any kind is available would also solve it.
 

Treu55

Member
Mar 13, 2014
32
0
my phone was hacked using third apps like WhatsApp to bypass Netguard using port number 123.
Not doubt of this bypassing because some of these ips belongs to far countries and local ISP phone companies, without any relation with Whatsapp

It seems the traffic by these ports is opened at free requests.

A new option to allow only specific ports per app will be useful to limit this bypassing. Is this possible?

Screenshot_2.png
 

M66B

Recognized Developer
Aug 1, 2010
26,460
57,160
my phone was hacked using third apps like WhatsApp to bypass Netguard using port number 123.
Not doubt of this bypassing because some of these ips belongs to far countries and local ISP phone companies, without any relation with Whatsapp

It seems the traffic by these ports is opened at free requests.

A new option to allow only specific ports per app will be useful to limit this bypassing. Is this possible?

View attachment 5672847
You can block WiFi and mobile data and allow the connections you want only.
 

Treu55

Member
Mar 13, 2014
32
0

I don't have Google Services and all the system apps are blocked. The previous image belongs to recent data, some days ago I have found MB's traffic through these ports.

Now I'm checking frequently the logs to block manually in case I detect that traffic, and for that reason that traffic in the image appears like denied.

One question: I have option "Apply rules with Screen On" disabled. Is this a probable cause?.

Thanks and hope you keep your work despite the monopoly attempts from big companies which should be located in some nazi regime or North Korea.
 

houmles

Senior Member
Jul 30, 2008
187
28
Prague
OnePlus 7T Pro
UDP port 123 is used for NTP service and it's common to have servers in different countries around the world.
You are probablby not hacked but Whatsapp (or other app) just trying to sync time and because you don't allow connection to that server it's just trying another one.
 

Treu55

Member
Mar 13, 2014
32
0
UDP port 123 is used for NTP service and it's common to have servers in different countries around the world.
You are probablby not hacked but Whatsapp (or other app) just trying to sync time and because you don't allow connection to that server it's just trying another one.
no, as I wrote before, some of those ip were from local isp's, some of them from russia and without any ntp server behind, I have checked ports from those ips and it was no ntp traffic.

I don't know how they take profit of installed apps with internet permission like Whatsapp, although obviously this is possible.

The use of standard assigned ports for hacking is not new:

having control of ports per app it could help to mitigate this problem. In example, Whatsapp can work with 80,443 and 5322, no more. Then the control would be really simplified with one option to limit ports. per app

However, it seems Netguard by default allows all new traffic to any new ip through any port while the app is authorized.

An improvement in this point would be very needed.
 

AW1

Member
Mar 13, 2009
8
2
Hi,
I'm trying to setup Netguard to block absolutely everything except Whatsapp, reason being I sometimes go to places with ridiculously expensive data charges. From what I understand Whatsapp needs google play services but when I allow this, google backup transport also gets allowed. From what I have read, google backup transport is not essential for Whatsapp and can use a lot of data. Is there a way to block google backup transport but allow google play services? Or another way to block everything expect Whatsapp?
Thanks.
 

FlowSlo

Member
Aug 12, 2022
5
2
@M66B

First of all thanks and props 4 all your apps. Have also 'paid' 4 it cause it worth.
I'm new to Netguard (donotaion will come :) ) and testing it.
The question i have is the following:

I have wireshark on my network to sniffer. I have blocked all apps (incl system apps) from wi-fi/mobile on my Samsung phone. Also have 'always on vpn' setting on. Android version is 12.

1. When i enable wi-fi on my phone i can still see network traffic from google. DNS request to www.google.com and connectivity.

2. I leave my phone on wi-fi untill i see no network traffic anymore. Then i will tapp on my phone screen to switch it on. Also in this case i see network traffic from google. DNS request and connectivity

Note : I have tried this with and without the 'lock' function off your app

Is this normal leakage or am i doing something wrong ?
 
  • Like
Reactions: Sivabhaskar

M66B

Recognized Developer
Aug 1, 2010
26,460
57,160
@M66B

First of all thanks and props 4 all your apps. Have also 'paid' 4 it cause it worth.
I'm new to Netguard (donotaion will come :) ) and testing it.
The question i have is the following:

I have wireshark on my network to sniffer. I have blocked all apps (incl system apps) from wi-fi/mobile on my Samsung phone. Also have 'always on vpn' setting on. Android version is 12.

1. When i enable wi-fi on my phone i can still see network traffic from google. DNS request to www.google.com and connectivity.

2. I leave my phone on wi-fi untill i see no network traffic anymore. Then i will tapp on my phone screen to switch it on. Also in this case i see network traffic from google. DNS request and connectivity

Note : I have tried this with and without the 'lock' function off your app

Is this normal leakage or am i doing something wrong ?
Please disable private DNS and check this FAQ:

https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq63

Note that DNS requests is not the same as actual app traffic.
 
  • Like
Reactions: Sivabhaskar

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    Marcel, might your Netguard be hit by this?
    From my point of view was to be expected as it contradicts Google's business model.
    NetGuard should not be affected because there is no remote VPN server and the Play store version doesn't support ad blocking.
    1
    Hello,
    In Parameters, Advanced options, swipe down, you can set the DNSs.
    Remember, you MUST set the two addresses.
  • 354
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and community supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.
    27
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    18
    NetGuard is currently in alpha testing phase.
    Please report any problems you encounter.

    It would be nice if someone could design an appropriate icon.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.