Go to content Go to menu

Little Wireshark

Friday, February 8, 2013

In times of Carrier IQ and other unwanted pieces of software possibly active on your mobile phone it would be nice to have tools like on your desktop PC to see whats going on. One of these tools on a PC is WireShark, a network sniffer. Unfortunately it only runs on PC’s (either Windows or Linux) and not on your SmartPhone. So how would it be possible to trace your phones network traffic?

Manufacturers themselfs need such tools to provide service and so some of them build such tools into their phones, hiding it (sometimes better, sometimes worse) from the user. The following HOWTO describes a way for a Windows Mobile 6.5 phone (Samsung Omnia B-7350). This procedure allows you to capture the network traffic and to analyze it later on your desktop PC using WireShark. First install Total Commander on your phone. It’s a file manager which shows and allows you more then the built in file manager. The standard Windows file manager wont show you everything. (Img. 1) Now browse to your mobiles Windows folder where you will find a file named CellularNetLog.exe with WireSharks typical shark fin icon. (Img. 2)

wm-wireshark-1.jpg wm-wireshark-2.jpg
(Img. 1) (Img. 2)

Create a shortcut for convenience or start it directly from within Total Commander and you will be presented with a status screen. (Img. 3) Cellular Netlog does not offer a lot of function. It’s not necessary as its main purpose is to capture network traffic. (Img. 4)

wm-wireshark-3.jpg wm-wireshark-4.jpg
(Img. 3) (Img. 4)

The status screen just shows if network packets are captured in the moment, where are they written and the IP and DNS name of your current cellular or WIFI connection. (Img. 5) If you want capturing packets as soon your phone starts up select this option. (Img. 6)

wm-wireshark-5.jpg wm-wireshark-6.jpg
(Img. 5) (Img. 6)

Even the icon suggests that Cellular Netlog is a little WireShark the about screen states that is developed by Samsung. (Img. 7) After capturing some traffic you will find this files in the folder you have specified. Copy them to your PC, start WireShark and open one of this files. These are normal dump files. (Img. 8)

wm-wireshark-7.jpg wm-wireshark-8.jpg
(Img. 7) (Img. 8)

Now you can start analyzing what data your phone will send over the air - hopefully only to wanted and trusted endpoints.