Computer Security Rants & Reverse Engineering

Wednesday, December 7, 2011

Republic Captures

Some data from my Wireshark captures...

TCP Endpoints*:
Address,Port,Packets,Bytes,Tx Packets,Tx Bytes,Rx Packets,Rx Bytes,http,114,8604,0,0,114,8604,http,60,6608,0,0,60,6608,https,46,8310,0,0,46,8310,http,30,3408,0,0,30,3408,https,44,5540,0,0,44,5540,https,96,11444,0,0,96,11444,hpvroom,132,13172,0,0,132,13172,https,24,2670,0,0,24,2670

UDP Enpoints*:
Address,Port,Packets,Bytes,Tx Packets,Tx Bytes,Rx Packets,Rx Bytes,ntp,4,360,0,0,4,360,5090,150,76578,8,4720,142,71858,12882,354,76092,12,2904,342,73188,9988,338,72612,10,2420,328,70192,18172,344,74400,28,6776,316,67624

*Omitted all LAN IP addresses.

DNS queries of interest:


  1. Interesting stuff :)

    If someone doesn't mind additional latency and had decent home broadband, couldn't they just use a VPN whenever they are on public WiFi to route everything via their home network. DDWRT perhaps? Eventually RW HAS to deal with the privacy issues...or they're going to get sued.

    I'm quite curious..did you capture the SIP credentials? Could someone use an alternate client to connect to their RW account?

    I realize right now they're focused on low cost and getting the WiFi/Cellular handoffs working. But I think being able to purchase a phone that'd act as an extension on an IPPBX, or even their own service, would be much much more interesting. I KNOW I can sell that to my business customers.

  2. Posted a reply here:

  3. Zanthexter,

    The Phonebooth service is exactly what you describe (IP Centrex in the Cloud for SMB customers).
    You can supply one of their supported SIP phones.


  4. PanicOpticon,

    Did you post all of the remote UDP info? The UDP 5090 path is SIP, but I was expecting different UDP ports for the actual RTP streams if the host is the VoIP/PSTN gateway. And it looks like those 3 streams are all pretty much unidirectional (inbound).

    I haven't received my phone yet (I'm in the incomplete order limbo), so I appreciate you taking the time to post this data.


  5. I posted everything from the captures I did, minus the non-routable (local) addresses and my public IP.

    Its possible that's some of the disconnect you see. More likely, its they way I captured the data. I suspect I was only seeing half of the link. I meant to verify this last night, however I didn't have time. Maybe this weekend.