Hello
Im used a packet caputre app on my samsung s7 rooted on stock rom
And find out that unknown app that comunicate to random urls with udp on port 123.
One of those urls was called no-such-agency.net look what i find out
washingtonpost com/world/national-security/no-such-agency-spies-on-the-communications-of-the-world/2013/06/06/5bcd46a6-ceb9-11e2-8845-d970ccb04497_story.html?utm_term=.ede925ce7568
Im did also find out someone with same problem
us community samsung com/t5/Other-Mobile-Devices/SAmsung-J320F-J3-6/td-p/100788
Replace space with .
Well im want to know how to get rid of this unknown suspicious app.
tnx you. And soory for my english.
Gnjort said:
Hello
Im used a packet caputre app on my samsung s7 rooted on stock rom
And find out that unknown app that comunicate to random urls with udp on port 123.
One of those urls was called no-such-agency.net look what i find out
washingtonpost com/world/national-security/no-such-agency-spies-on-the-communications-of-the-world/2013/06/06/5bcd46a6-ceb9-11e2-8845-d970ccb04497_story.html?utm_term=.ede925ce7568
Im did also find out someone with same problem
us community samsung com/t5/Other-Mobile-Devices/SAmsung-J320F-J3-6/td-p/100788
Replace space with .
Well im want to know how to get rid of this unknown suspicious app.
tnx you. And soory for my english.
Click to expand...
Click to collapse
I'm not convinced you have a malicious app, that website is clean according to the scan I just ran on virustotal.com . And just because the app is showing unknown in your packet sniffer app doesn't mean it really is. Look at your system logs for one of the IP address it connects to should tell you. The domain is registered to a Canadian company called Contact Privacy Inc. Through I can't find much info on them, it seems to be NTP time server related
https://community.ntppool.org/t/observation-on-5-a-month-ntp-servers/244
Related
So I did a search and couldn't really find any info on what this is. today I was scanning everything attached to my network with Fing and her phone came up with a TCP 12346 netbus backdoor trojan. Not sure where to go from here to find and remove it. my guess is she got it from using mp3 music downloader. any help is much appreciated.
Anyone????
What did you use to scan it with?
Sent from my ADR6400L using Tapatalk
Turd Furguson said:
What did you use to scan it with?
Sent from my ADR6400L using Tapatalk
Click to expand...
Click to collapse
look out security
Android NetBus backdoor trojan
Bump. I have seen this "12346 NetBus backdoor trojan" during a fing (overlooksoft) service scan. What does xda have to say about this?
Wikipedia gives a interesting article about theNetBus trojan horse.
The person that owns the phone claims that they clicked on a link in an email and the phone froze.
The only solution I have dug up is a factory reset. I did, ran another scan and it didnt change.
Ill be looking for feedback!
same 12346 netbus back Door trojan
Fing app tells me that my Phone has 12346 port open. Any advice? Thanks
For anyone still wondering
I also used Fing and found the same open port and it seems If you use the Rhapsody service then that is your answer if you dont then go fish, best of luck, hope this helps . . . . at least to anyone that uses Rhapsody
I also have Rhapsody/Napster and I also did a scan with the Fing app, and got the same Netbus backdoor trojan in the running services when scanning with Fing. This is totally a guess but if its Napster then it would make sense that the app keeps a port open so it can block the service if your subscription is canceled or suspended. My experience is that if you force Napster into offline mode before its cancelled or suspended it wont block the service because its not actively searching for the network. I have done this with Napster a few times.
Install TWRP and reformat the drive... then re-flash the stock firmware.
Hi guys,
I downloaded WhatsApp Sniffer in my HTC Desire, it seems to be working but can't capture any conversation. In short, when I start the app, I can only see the following message:
"There isnn't any conversations yet, wait until one has been captured. Make sure WhatsAppSniffer is listening and if you are on a WPA/WPA2 network, check that the ARP_Spoof is activated."
I've tried the app in both WEP and WPA/WPA2 networks but no luck. My phone is rooted with:
Android version: 2.3.7
Mod Version: CyanogenMod-7-11162011-NIGHTLY-Desire
WhatsApp Messenger: 2.7.8509
Any clues what might be the reason?
Thx,
Sotiris.
I thought Whats App was now fixed so that it did not send plain text.
Hmm, I am not aware of it. But it makes sense... Thx for your reply.
if your network is secured with Wpa or wpa2
the chat will not be captured
to capture chat the network must be protected with wep
or it need to be unsecured
Pl provide link to download
alinawaz said:
Pl provide link to download
Click to expand...
Click to collapse
can someone send me (PM me) a working link to whatsapp sniffer, please?!
https://docs.google.com/open?id=0B_PzeJyBdcp3UW5GOVZlOTZKYVU - google drive link cause i dont use any other servers
pransh said:
https://docs.google.com/open?id=0B_PzeJyBdcp3UW5GOVZlOTZKYVU - google drive link cause i dont use any other servers
Click to expand...
Click to collapse
thank you!
Hello all am new @ this site, awesome site... am using whatsapp sniffer or @ least am trying too...
my issue is that @ times it says that ( my devise seem not to be rooted ), I have rooted phone i do have the superuser icon... samsung GS3
and i restart the app, and it runs ok, but it don't capture anything... am i doing something wrong??? i do see that it will not
capture anything in wap or wap2...
any help will be appreciated
bumping because it seems that this app doesnt work (anymore)
anyone confirming?
Hi.
I'm also wondering the same thing. Just went through the fairly painful process of downgrading my HTC Desire Z Gingerbread to Froyo in order to then gain root, specifically so that I could use WhatsAppSniffer.
The app seems to have installed correctly, it's running fine, the other apps like SuperUser and BusyBox have no problems. I've run the sniffer for several hours on my shared WPA network at home, and for a couple of hours on a shared Open network last night with no results. It could very easily be the case that there were no conversations to capture, but the other possibility is that WhatsApp have fixed the vulnerability. I'm going to keep trying for a couple more days, and on one more network connection. Will confirm if whether or not I get anything here.
Just reading a couple of open-source articles it seems that WhatsApp pushed release 2.8.3 to iPhones on 27th August 2012, and a similar release to Androids around the same time. This release included (relatively poor) encryption. Anyone who has downloaded the update will now be protected from WhatsAppSniffer. Seems that sniffing is still possible if you can fathom this: ezioamodio.it/?p=29. It's beyond me though. #noob
I tried yesterday found on web the versione 1.03 donate root,
also for myself it seems doens't work,
the spoof says that if I'm scanning a WPA/WPA2 network I have to activated the ARP Spoof, otherwise for WEP it doens't need.
But I supposed it worked in one of the two cases, instead the app continue to search but see nothing.
I tried to send a whatsapp message connecting to the same network that sniffer is connecting too, and it see even not my message.
Is it an older version that doesn't work or maybe it needs a rooted phone and mine one is not?
THANKS
pransh said:
https://docs.google.com/open?id=0B_PzeJyBdcp3UW5GOVZlOTZKYVU - google drive link cause i dont use any other servers
Click to expand...
Click to collapse
Google removed it, can you give another link?
FardeenTGO said:
Google removed it, can you give another link?[/QU
same here too
Click to expand...
Click to collapse
Hope this is in the right section, if not I apologize.
So I just downloaded element 53 and proxy droid from google play, and found the post on xda on how to set it up to get around captive portal's. My question is, how do I make it so I have internet access to my other apps? Such as heywire texting, or facebook messenger? I couldn't find anything about this on xda or google or the developers website, but it DOES have an option for this on proxy droid. Can anyone point me in the direction of where I can find this info, or walk me through it a little bit? Thank you.
sinndissension said:
Hope this is in the right section, if not I apologize.
So I just downloaded element 53 and proxy droid from google play, and found the post on xda on how to set it up to get around captive portal's. My question is, how do I make it so I have internet access to my other apps? Such as heywire texting, or facebook messenger? I couldn't find anything about this on xda or google or the developers website, but it DOES have an option for this on proxy droid. Can anyone point me in the direction of where I can find this info, or walk me through it a little bit? Thank you.
Click to expand...
Click to collapse
Hi Sinndiessension,
When you are running Proxydroid all the traffic goes through Proxydroid. Have you already read this post: XDA Thread of Element53. If you need any other help, don't mind to ask me. Quitting and restarting Facebook or Internet could solve the problem to.
Sander
Yes I've seen that link already. I followed the direction's in that link to set up element53 and proxy droid. The only website I can go to is "Bing.com" I can't go to google.com, when I try to send a message through facebook, or any texting app, they never send.
The logs on element53 say, "client connection from 127.0.0.1:35341, channel=44"
Then the next log is similar, "client connection from 127.0.0.1:35342, channel=45"
I know the proxy droid, and element53 has worked for a lot of people. And I followed your direction's thoroughly on that link to set them up, but for some reason no matter what I do, it will keep giving me those logs until there's a small pop up that says, "element53 reset" and it stops doing anything, or until my messages say sending failed. Anything I can do to fix this? Thanks.
Can you give me some screenshots of your logs? And what kind of network are you using and what are the results when you are using this app in your own wifi network?
Sander
Element 53 proxydroid failed to connect
I tried and followed instruction. but still no success on Element53 and proxydroid. Any help would be appreciated thank you very much.
I have no Internet, too. Is it possible to set up the server on a raspberry pi?
Please how do I access menu on element 53 lite
Hi All,
Would you like to know what app is using network in your phone? Would you like to know what address is the application connecting?
My friend wrote a tool named Network Monitor. The link is https://play.google.com/store/apps/details?id=com.jmm.networkmonitor Would you like to try?
The tool could help you below:
1. Monitor current data activity and uplink/downlink throughput.
2. Monitor external IP address.
3. List all package which using internet currently.
4. List all socket link including destination IP address and source IP address of per package.
5. Query where is the destination address of the link connection and show it in map.
It is a fun tool if you want to know what application using your internet connection background.
My friend welcome any comments and he could add function if it would helpful.
Thanks.
Would this be helpful in analyzing what kind of intranet traffic is causing high wlan_rx_wakelocks?
Useful tool.
Works good on my N7100.
Thank you.
much needed as many are taking up lots of data without knowingly.
thanks
Nice app. Keep up the good work :good:
I almost installed this as it looks to be very helpful, but.....then I reread the thread and the fact that you say "My friend" made this app and not you makes me very nervous....why isn't your friend posting this up?
The way I see it if this app was found to be stealing data or compromising networks who would we have to turn to? You? All you are going to say is "my friend did it not me".
No insult intended but have him\her post this themselves would be my request.
I mean dude....you have less than 20 posts. Not like you have been on here for years....or even a year.
As an IT professional with 46 companies relying on my judgement....I simply can't risk their security
The tool will let you know which application is using your network, even for intranet.
tylerdurden83 said:
Would this be helpful in analyzing what kind of intranet traffic is causing high wlan_rx_wakelocks?
Click to expand...
Click to collapse
I think your concern was reasonable.
I am the author and using my friend's account. Let me explain what was going on. I wrote the tool part time and shown to my friend. My friend said you should publish in google play. But as you know, it is hard to let more person know there is software named "network monitor". My friend said he has a xda account and could help me to post. I will apply a account or just use this account.
One thing I could guarantee, there isn't back door in the application. Thanks for everybody's reply, it encourages me to add more functions.
One function I am considering to add is WIFI control/diag function.
Thanks
nerdslogic said:
I almost installed this as it looks to be very helpful, but.....then I reread the thread and the fact that you say "My friend" made this app and not you makes me very nervous....why isn't your friend posting this up?
The way I see it if this app was found to be stealing data or compromising networks who would we have to turn to? You? All you are going to say is "my friend did it not me".
No insult intended but have him\her post this themselves would be my request.
I mean dude....you have less than 20 posts. Not like you have been on here for years....or even a year.
As an IT professional with 46 companies relying on my judgement....I simply can't risk their security
Click to expand...
Click to collapse
he_arslan said:
The tool will let you know which application is using your network, even for intranet.
Click to expand...
Click to collapse
So it won't I guess, I need to know analyze the broadcast packets originating from somewhere else on the intranet and waking up my device from deep sleep (wlan_rx_wakelocks).
You are correct. Currently the tool doesn't support packet analyze. It needs root right to capture the packet from network.
tylerdurden83 said:
So it won't I guess, I need to know analyze the broadcast packets originating from somewhere else on the intranet and waking up my device from deep sleep (wlan_rx_wakelocks).
Click to expand...
Click to collapse
One way to alleviate fears is to open source your code.
Sent from my Nexus 4 using Tapatalk
:good::good::good:
ph37rd said:
One way to alleviate fears is to open source your code.
Sent from my Nexus 4 using Tapatalk
Click to expand...
Click to collapse
nice app... would be nice if it also shows wi-fi TX/RX along with the total and mobile... I take it total is the combo of wi-fi and mobile?
Yes. Total TX/RX combines Wifi information.
The reason I didn't list wifi TX/RX is most person only care about mobile data and there is limited space to show information.
Maybe need to provide a way to configure the display items.
BTW, I have upgraded the software and added floating window and process view. Please enjoy it.
hello,
i was operamax user
i very love the feature that can choose which one app should using their network whichone is not....
since operamax stop their services im trying to looking an replacement that have good connection from Indonesia.
i found "dataeyes". but i contact the developer a month ago. still no respond. perhaps xda member have experience about dataeyes, so i ask here...
is data eyes vpn+data compress ?
because i try to open gambling site,porn site, whatismyip checker. it still block me to gambling and porn. and showing my real ip.
if dataeyes not do anything except block and unblock internet access. i want to turn it off....
thankyou
kotakpos said:
hello,
i was operamax user
i very love the feature that can choose which one app should using their network whichone is not....
since operamax stop their services im trying to looking an replacement that have good connection from Indonesia.
i found "dataeyes". but i contact the developer a month ago. still no respond. perhaps xda member have experience about dataeyes, so i ask here...
is data eyes vpn+data compress ?
because i try to open gambling site,porn site, whatismyip checker. it still block me to gambling and porn. and showing my real ip.
if dataeyes not do anything except block and unblock internet access. i want to turn it off....
thankyou
Click to expand...
Click to collapse
up
perhaps someone can answer