Answer the question
In order to leave comments, you need to log in
How does a mobile operator understand that a SIM card provides Internet to a smartphone or a router / USB modem?
I use Tele2 services, the tariff is "infinitely black". I read on the Internet that you can not distribute traffic over Wi-Fi. I thought. How does the provider understand that I am downloading files from the Internet, or, having distributed it using a smartphone, I am connecting to the Internet from a laptop? The same, how is it determined that a SIM card is inserted into a wi-fi router, directly or through, say, an unlocked USB modem?
PS: With all these restrictions, I successfully distribute the Internet from my phone to my laptop. True, I didn’t try to download from torrents, because this happens during an accident with a regular provider, that is, purely in order to watch web pages.
Answer the question
In order to leave comments, you need to log in
It has already been discussed a little here:
Router work?
Once again I will repeat, a little creatively reworking the answer.
The detection of traffic distribution can be conditionally divided into several frontiers.
1. The first
milestone Each device in the cellular network at the time of registration informs the network of its IMEI - the device code, by which you can uniquely identify the model of your device.
Yes, you need an IMEI base with device capabilities - a description of what kind of device it is and what it can do. But the mobile operator already has it: When you first inserted a SIM card into a new phone, did you receive an SMS Internet settings? The settings for different manufacturers are slightly different, so you need to know the model of the subscriber unit.
It turns out that as soon as you insert a SIM card into a Wi-Fi router, the operator immediately understands that this is a router, which means that it will distribute the Internet via Wi-Fi.
The implementation of this technology is completely free for the operator.
2. Second frontier: TTL analysis.
It should be understood that only the routers themselves will be caught at the first line, and the Wi-Fi access point enabled in the phone settings is not visible to the operator.
But there is a trick: a device that distributes the Internet via Wi-Fi will, by default, reduce the TTL field on all ip packets passing through it.
Knowing the typical initial TTL values for mobile platforms, you can react to all other values \u200b\u200bas a signal that Wi-Fi is hiding somewhere.
To implement this, the operator will already require additional costs.
It is clear that no one will install a separate device to catch Wi-Fi lovers, so usually the operator's DPI is involved in this - a complex that classifies and "colors" subscriber traffic, thanks to which, for example, separate tariffication conditions for social networks become possible.
By the way, it's surprising, but, firstly, not all DPIs can do this (Erickson, you're ashamed, right?). Secondly, those that can, can do it for some money in the form of a license to be purchased.
3. The third milestone: heuristics
The topic is interesting and fascinating.
Yes, the subscriber can change the IMEI directly in the phone settings.
Yes, the subscriber can reflash the phone so that it does not touch TTL.
But, as soon as there are a lot of cunning subscribers, it becomes profitable for the operator to invest in advanced traffic analysis at the same DPI.
So what can be done?
Well, immediately:
3.1. Do you access the Internet directly from your phone through the built-in browser? Congratulations, you just told the operator in the User-Agent field of the HTTP protocol what mobile platform you have and what version!
How is it that from one device the operator sees different User-Agents, pointing either to Android or to Apple? Guys, do you have Wi-Fi there!
3.2. TCP/IP fingerprinting. Different mobile platforms (like Android/Apple) use different initial field values in ip packets. Yes, take at least the same TCP Window size! Analyzing them, one can guess at least the platform manufacturer. And combining this with the same analysis by IMEI...
Guys, how is it: the device itself is from Apple, and the values of the fields in the ip-packets are typical for Windows Phone?
Or why does your traffic look like Android or Blackberry?
It is clear that heuristic analysis is implemented, especially not on every DPI, and even more so, separate money for a license. Yes, and such an analysis squanders productivity very well ...
However, the technical means already exist, and as soon as they begin to pay off financially, it becomes profitable for the operator to implement them.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question