It’s a very long story but ultimately all you need to know is, i have to make sure an unknown app isn’t sending an assload of traffic through port 25 on any network im connected to. How can I confirm this on my android device without an external PC?

  • @Hobbes_DentEnglish
    35 months ago

    Is tcpdump possible for you?

    • @yokonzoOPEnglish
      25 months ago

      Maybe, is that something I can do in terminal?

      • @Hobbes_DentEnglish
        65 months ago

        It’d be number 8 on this list but honestly number 4 is where I’d start. I don’t have android specific experience from this decade, sorry.

        https://techwiser.com/wireshark-alternatives-for-android/

        Edit: so many of those require rooting. Is it common to do so? I wouldn’t personally go too far down a rabbit hole on the device because it’s a pain unless you have no access to the access point or router or some other device that may have easier access to logs.

  • Toes♀English
    35 months ago

    You have some options.

    If your router is sophisticated enough to have tcpdump/iptables you could monitor and block it that way.

    If your phone is rooted it may be possible to do so on your device in the same way.

    Since you do not have a computer you may consider renting a VPS and configuring a VPN for your phone for monitoring.

    Configuring an outbound firewall to log port 25 and block any traffic.

    Many ISPs block port 25 unless the client is interacting with a whitelisted server.

    • @yokonzoOPEnglish
      15 months ago

      I’m rooted but that’s a bit overkill for what I’m trying to achieve, so far I’ve just found a traffic sniffer app and I’m manually picking out any traffic on 25, i suppose I could go home and just set something up on my router but I’m trying to do this at work

      • Toes♀English
        55 months ago

        Ah, yeah I’d imagine such an app needs root for that functionality. Low ports are protected by the kernel. If you’re suspecting malware on the phone, you might just wanna wipe it and secure your accounts?

        • @yokonzoOPEnglish
          35 months ago

          I’m not personally suspecting it but the organization I’m with has reason to suspect an android phone is infected and blasting out traffic through that port. I’m just confirming it’s not me to be safe, though Im pretty sure it’s someone else, as I generally keep my phone activities to youtube

          I may just wipe anyways since I’ve had issues with this rom but jeez is it gonna be a process

          • Toes♀English
            15 months ago

            They might be looking for a chromebook, fingerprinting software can be a bit dubious at correctly identifying devices.