Tethering & portable hotspot on android...

[andyoxon]

Never done this, any handy tips?  So I just select 'Portable WiFi hotspot', but what's deal on the 'configure' settings  e.g. Network SSID/Security options?I'd probably only need to allow family member or two to use it...

[rusky]

Basically, yes. The portable hotspot will have a default SSID & security key that are shown when you enable it.

Be aware though, your data plan may not allow tethering. Not 100% sure how they know or if they do anything!

[Ham]

It burns battery fast, best use it plugged in.

[Kim]

Not 100% sure how they know or if they do anything!

It can be done by looking at the pattern of ports used for outgoing connections.  A device functioning as a NAT router looks different to a host running applications locally.

Whether they actually bother with that kind of analysis, or indeed acting on it, is going to depend on whether they have a more lucrative tariff that you ought to be using.

[andyoxon]

Basically, yes. The portable hotspot will have a default SSID & security key that are shown when you enable it.

Be aware though, your data plan may not allow tethering. Not 100% sure how they know or if they do anything!

Thanks.  So I'd need to give connecting person the password.   Apparently my rolling SIM allows tethering, in Europe at UK (free) rates.

[Dibdib]

Not 100% sure how they know or if they do anything!

It can be done by looking at the pattern of ports used for outgoing connections.  A device functioning as a NAT router looks different to a host running applications locally.

Whether they actually bother with that kind of analysis, or indeed acting on it, is going to depend on whether they have a more lucrative tariff that you ought to be using.

As a data point, Three do (they didn't used to). I got a ticking off.

[pcolbeck]

Not 100% sure how they know or if they do anything!

It can be done by looking at the pattern of ports used for outgoing connections.  A device functioning as a NAT router looks different to a host running applications locally.

Not really. The ports used for TCP connections are just a range and devices normally just uses something in this range, what is used doesnt tell you much. However there are other fields in the TCP header that do tell you a device is behind NAT. TTL for example can be used to fingerprint an OS as different OS uses different initial TTL values and these are decremented as they pass through a router. For example Windows uses 128. If the first device upstream from your router was using Netflow or Sflow to monitor the sessions it would see that traffic the claimed to originate from the public IP of your router had a TTL of 127 (as the router would have decremented it by 1) which would be a clue that it was actually from a Windows box behind a NATing router.
Analysing the user agent string in HTTP and HTTPS headers can also reveal the presence of mutiple computers behind a NAT router.

[contango]

Not 100% sure how they know or if they do anything!

It can be done by looking at the pattern of ports used for outgoing connections.  A device functioning as a NAT router looks different to a host running applications locally.

Not really. The ports used for TCP connections are just a range and devices normally just uses something in this range, what is used doesnt tell you much. However there are other fields in the TCP header that do tell you a device is behind NAT. TTL for example can be used to fingerprint an OS as different OS uses different initial TTL values and these are decremented as they pass through a router. For example Windows uses 128. If the first device upstream from your router was using Netflow or Sflow to monitor the sessions it would see that traffic the claimed to originate from the public IP of your router had a TTL of 127 (as the router would have decremented it by 1) which would be a clue that it was actually from a Windows box behind a NATing router.
Analysing the user agent string in HTTP and HTTPS headers can also reveal the presence of mutiple computers behind a NAT router.

How easy would it be to tell that an Android phone was being used to tether an Android tablet?

I can see that the TTL value might be different but aside from that would it be significantly less apparent that the phone was being used for tethering a tablet than tethering a Windoze machine?


For me the biggest concern about using a phone as a wifi hotspot is if the tablet decided it was time to download a swathe of app updates, on the basis it was connected via wifi.

[pcolbeck]

How easy would it be to tell that an Android phone was being used to tether an Android tablet?

I can see that the TTL value might be different but aside from that would it be significantly less apparent that the phone was being used for tethering a tablet than tethering a Windoze machine?

Android uses a TTL of 64 same as some versions of Linuix, FreeBSD and Solaris. This would be decremented to 63 as it went through the tethering device and NAT.
It could be detected as being behind NAT as the originating IP would be changed to the public IP of the NAT devices and so you have a packet claiming to be from the NAT address but with a TTL that clearly states its already been through a router. If the packet originated from the tethering phone the TTL would still be 64.

They couldn't tell from this that it was an Android tablet as a TTL of 64 is used by several OS. A sophisticated monitoring system though would then look at other things such as which sites were being checked (remember your tablet will check for updates and maybe send a packet to a specific site to check that it doesn't need to work with a captive portal like in hotels).

Basically if they really want to find out if your tethering they can. Do they really invest that much effort in checking for tethering ? I don't know you would have to find someone who works in the cellphone carrier industry to get a sensible answer as the Internet is full of paranoia about such things.

[Afasoas]

GiffGaff do.
Using a VPN tunnel would obscure the fact any tethering was taking place tho, right?

[pcolbeck]

GiffGaff do.
Using a VPN tunnel would obscure the fact any tethering was taking place tho, right?

Yes, so long as the VPN originated from the phone doing the tethering not from a PC or tablet making use of the phone as a hotspot. The TTL information is in the outer fields of the IP packets that aren't encrypted. TTL (time to live) is there to stop packets circulating endlessly on the Internet if there is some weird routing loop. Every time a packet crosses a router the TTL get decremented by 1 and when it reaches 0 the next router drops the packet rather than forwarding it.
If the VPN originated from the tethering phone then the TTL will be that put on by the phone (64 if its android).

[Pickled Onion]

I'd always assumed modern phone OSes tell the network when they're tethering or request permission from the network before enabling it? Is this not the case? Isn't all this stuff about TTL etc just to catch people using tethering apps or a rooted phone?

[contango]

How easy would it be to tell that an Android phone was being used to tether an Android tablet?

I can see that the TTL value might be different but aside from that would it be significantly less apparent that the phone was being used for tethering a tablet than tethering a Windoze machine?

Android uses a TTL of 64 same as some versions of Linuix, FreeBSD and Solaris. This would be decremented to 63 as it went through the tethering device and NAT.
It could be detected as being behind NAT as the originating IP would be changed to the public IP of the NAT devices and so you have a packet claiming to be from the NAT address but with a TTL that clearly states its already been through a router. If the packet originated from the tethering phone the TTL would still be 64.

They couldn't tell from this that it was an Android tablet as a TTL of 64 is used by several OS. A sophisticated monitoring system though would then look at other things such as which sites were being checked (remember your tablet will check for updates and maybe send a packet to a specific site to check that it doesn't need to work with a captive portal like in hotels).

Basically if they really want to find out if your tethering they can. Do they really invest that much effort in checking for tethering ? I don't know you would have to find someone who works in the cellphone carrier industry to get a sensible answer as the Internet is full of paranoia about such things.

Makes sense. So I guess what you'd need to do is produce your own network layer that used a TTL of 65 on any device you wanted to tether? Although it's probably easier to just pay a bit extra for a package that allows tethering.

IIRC Giffgaff allow tethering on all plans that don't offer unlimited data - they seem to take the view that if you've paid for a gig of data you get a gig of data and it's none of their business whether that gig goes to your phone, your tablet, or your 17 laptops. If you've signed up for unlimited data they don't want to effectively become your primary ISP.