On 2021-01-17 at 17:48 -0500, vom513 wrote: > I managed to catch some of the DNS traffic from his phone (I told him > I was doing this :) ) - and have it up in Wireshark. Looking at > this, at the beginning of this flurry of queries, I see some for > connectivitycheck.gstatic.com. So while it might be a red herring, > it does seem grouped if you will with the other questionable > queries. I’m familiar with the random alpha strings that chrome will > query for to detect DNS wildcarding etc - this wasn’t that. > > So my actual question - could anyone give me a summary of what this > Android phone is doing - or better yet - point me to some Android > developer docs or something that might/hopefully spell these > mechanics out ?
Hello The connectivitycheck.gstatic.com is "normal". From the top of my head, it starts by requesting a known content from connectivitycheck.gstatic.com, both using https and also trying http if needed. This way, it can detect if it has access to the internet or is in some kind or captive portal. If you block these queries it will determine that it has connected to a network with no access to the internet. Now, *after* it succeeds and claims "I have internet!", then everything else will start connecting, from registering with the generic push notification api, to individual apps calling home for its own reasons. Best regards _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
