Computer Security Rants & Reverse Engineering

Wednesday, December 7, 2011

Republic Captures

Some data from my Wireshark captures...





TCP Endpoints*:
Address,Port,Packets,Bytes,Tx Packets,Tx Bytes,Rx Packets,Rx Bytes
65.39.128.135,http,114,8604,0,0,114,8604
74.125.225.81,http,60,6608,0,0,60,6608
74.125.225.81,https,46,8310,0,0,46,8310
87.106.50.181,http,30,3408,0,0,30,3408
184.73.34.202,https,44,5540,0,0,44,5540
184.73.154.58,https,96,11444,0,0,96,11444
209.85.145.188,hpvroom,132,13172,0,0,132,13172
216.74.41.14,https,24,2670,0,0,24,2670


UDP Enpoints*:
Address,Port,Packets,Bytes,Tx Packets,Tx Bytes,Rx Packets,Rx Bytes
65.39.128.135,ntp,4,360,0,0,4,360
107.20.70.166,5090,150,76578,8,4720,142,71858
184.73.104.92,12882,354,76092,12,2904,342,73188
184.73.104.92,9988,338,72612,10,2420,328,70192
184.73.104.92,18172,344,74400,28,6776,316,67624

*Omitted all LAN IP addresses.

DNS queries of interest:
xtra1.gpsonextra.net
xtra3.gpsonextra.net
p19proxy-pro-aws01.phonebooth.net
update.republicwireless.com

6 comments:

  1. Interesting stuff :)

    If someone doesn't mind additional latency and had decent home broadband, couldn't they just use a VPN whenever they are on public WiFi to route everything via their home network. DDWRT perhaps? Eventually RW HAS to deal with the privacy issues...or they're going to get sued.

    I'm quite curious..did you capture the SIP credentials? Could someone use an alternate client to connect to their RW account?

    I realize right now they're focused on low cost and getting the WiFi/Cellular handoffs working. But I think being able to purchase a phone that'd act as an extension on an IPPBX, or even their own Phonebooth.com service, would be much much more interesting. I KNOW I can sell that to my business customers.

    ReplyDelete
  2. Posted a reply here: http://eirev.blogspot.com/2011/12/sip-credentials.html

    ReplyDelete
  3. Zanthexter,

    The Phonebooth service is exactly what you describe (IP Centrex in the Cloud for SMB customers).
    http://www.phonebooth.com/phones
    You can supply one of their supported SIP phones.

    Dave

    ReplyDelete
  4. PanicOpticon,

    Did you post all of the remote UDP info? The UDP 5090 path is SIP, but I was expecting different UDP ports for the actual RTP streams if the 184.73.104.92 host is the VoIP/PSTN gateway. And it looks like those 3 streams are all pretty much unidirectional (inbound).

    I haven't received my phone yet (I'm in the incomplete order limbo), so I appreciate you taking the time to post this data.

    Regards,
    Dave

    ReplyDelete
  5. I posted everything from the captures I did, minus the non-routable (local) addresses and my public IP.

    Its possible that's some of the disconnect you see. More likely, its they way I captured the data. I suspect I was only seeing half of the link. I meant to verify this last night, however I didn't have time. Maybe this weekend.

    ReplyDelete