C/P by Snowman

Just some information for people looking at internet connected devices. There seems to be alot of questions / answers.
I have worked in the IT field for 15 years and fell I can add information that can help others.

1st Lets cover your connection to the internet.

At some point in your home or business you have a connection this connection can be 1 of many ways, cable, dsl, wireless, dialup satellite etc the basics here is you have a modem of some sort connected to your provider. You modem negotiates your connections and passes information to you from the provider. Your modem does have a IP address but in reality your data is transmitted to you basically via MAC address which is hard coded to your device. every device in a network has a a MAC Address.. the principals of networks learn MAC addresses and Ip addresses together to make a full circle.. routes to specific networks are defined via routing tables in routers. and they learn each other via mac addresses.. want to see what your computer knows ? open a command prompt window and type in the following arp -a will show you your physical address.... you think nothing of it but you will notice it shows your IP address as well.. its a internet address not machine address.. physical addresses are MAC addresses and there are no 2 the same in the world or you will get network problems...




2nd point .. your internal network...

Your internal network is defined as all devices in your home connected to a router or switch (usually a router ) and is connected to your internet connection form there (WAN).. you rinternal network has non-routable IP addresses, non-routable means you cant try and get to my computer becuase I have a non-routable internet address of 192.168.xxx.111 or something similar to that.. 192.168.xxx.xxx are all non internet addresses.. this way we can all have 255 devices on our own little network and not bother anyone else... (large companies use 10.xxx.xxx.xxx addresses) as well because they can get millions of things on their internal networks they are not routable outside their company.... your internal network is pretty well hidden from the outside world... Unless you open it up for others to see which is a done via port forwarding and other means to detailed to get in to at this time.. internal networks use something called NAT (Network Address Translation) to get your internal computer connected to the internet.. basically all the devices on your network look like 1 address to the internet world.. which is the IP address assigned to your MODEM / Router and that is how you get to talk to the internet from multiple devices in your internal network... it always looks like 1 device talking to the internet.. if you remember back in the days when ICQ, MAS,YAHOO all had the messengers if you had 2 computers only 1 would run the messenger program.. why because they relied on a IP address not the software to connect to servers... now they can work behind routers because they don't use direct IP addresses to function... and NAT addresses are allowed..

Summary of Point 2 - you have 1 IP address for your router/ Modem it gives you the ability to have many items on your home network but you still have only 1 real internet addressable IP address...


3rd point. . Wireless networks....

Wireless networks in your home function exactly the same as point 2 above only difference is you don't have a cable connecting you.. you still go out to the internet from your modem and you still have a NAT address.. you still use the single address supplied by your provider for your modem and it looks like all traffic from your wireless is going from that single address..

Summary point 3 .. still just your internal network... still use the same ideas as point 2


by now your either confused or just don't care.... but if your interested i'll go on a bit more...

In the world of internet and servers and clients there are many ways to track people.. Are they feasibility or economically good to the person wanting information is the question. depends on who you are and what you want..


Lets use a internet connected box for example...

lets say i buy a box that gets me some free content from some internet server. my box is connected to my wired or wireless network and it talks to some server someplace (unknown where on earth it is) but it exists... lets break down how it actually communicates to the server..


1. Box decides it needs info
2. Box sends info to router (wired / wireless) asks to connect to the server
3. Router tells modem hey you I am MAC address xxxx.xxxx.xxxx.xxxx and i need to get to data.server.someplace.com
4. Modem then asks the next router in line hey how do I get here.. all the time passing the routers Ip address and mac address in a packet with what it want to know..
5. router figures out how to get to next router in the route it knows or if it does not know the route it sends it to a default router that might now and so on till it finds the place it needs to be

6. server gets request for data and sends it back the same way not necessarily the same route but whatever route it finds that is the fastest .
7. you modem / router says hey i got your information I'll send it over toy you because the server does not know you but I do here ya go...
8 your box get the info....

start over again if it needs more info..

ok pretty simple.. eh .. not really 90% of this is done with MAC addressing not IP addressing.. and it always looks like it is 1 box on your network.. your router doing the asking.. the world has no clue whats on the other side of your router..


So lets say I want to try and find out where you are going on the internet because Big Brother wants to know... what does that involve ?

Lets see...

1. I need to determine if it is worth my time and money to do so.
2. Going to need a court order to get my sniffers on the network i think is involved. (after i researched the providers for acceptable amount of time)
3. Get my sniffer active on network, sniffing all the packets to the server I think is the culprit. trace all the packets back to other mainline provider(cable,dsl,etc)
3. Get court orders to get records from all the mainline providers i identified.
4. Have mainline internet providers trace them back to MAC address of each modem attached to their networks.
5. Wait for all the results.
6. Get court order to have server company provide owner name of server and request that the owner cease operations. and provide log files of access to server (Pretty sure he was smart enough to make sure his server didn't keep log files for this reason).
7. Make determination if I want to keep going this route or just concentrate on the server owner. as it would be costly to trace every connection and try and get all that filed in court..
8. Find out server owner pulled the plug last night and moved his operations to a new server and not sure where it is located or what IP / MAC address I need because I see zero traffic on the old addresses..
9. Go back to # 3 and start over again....



Crazy Huh...... this is the way it works....


OK now for those that get their internet free from a friend or neighbor.. with or without their permission...

the principals are the same your just getting to from your neighbor instead of paying for it your self.. yes bit easier not to be tracked because if they go to your neighbors house they cant find the box.


Air cards and such are exactly the same thing but alot easier to track data because the cellular traffic is tracked for usage more than your broadband or cable or dialup is...


My summary....

You probably only have 1 address for your entire network that the world "could" possibly see...

99% of your devices are not accessible from the internet unless you apply port forwarding and such.

Nothing is 100% untraceable if someone wanted to spend enough time and money someone could find what they needed to know.

Hope some people find this information useful.

__________________

Please don't PM me with fta related questions, ask them in open forums so others can benefit from them too.