Traffic Analysis

During my Wireshark traffic analysis, I feel I learned most about the web infrastructure that supports the browsing most of us do on a daily basis. I put all my phone’s traffic through a VPN I set up using Algo and saved it with Wireshark to a server. After about 24 hours, I took the VPN down, downloaded the pcaps Wireshark had produced and started looking at what I had picked up.

I was interested in just how much Slack factored into the results. I do use the service a fair amount. I also saw a number of names of cloud computing services like Akamai. These are presumably acting as hosts for some sites I might recognize by name (although that’s not necessarily guaranteed).

I expected to see a lot of social media services I use. I use Twitter a lot, and Instagram somewhat—I was definitely expecting to see those. But they both have a few different strategies for serving images. I also learned that Google has its own image service called Gstatic.

I got a chuckle out of seeing “iTunes” so many times in the results, given that the product has been discontinued. I think the name must be relevant to the App Store app, which was based on iTunes once upon a time. I was interested in just how much Apple traffic came through. A lot of connections to Apple’s cloud computing and image serving and things like that. I also saw Apple’s keyvalueservice daemon, which works to maintain a user’s keychain passwords.

To be clear, my phone was made by Apple. I’m confident that my traffic is encrypted, but it’s not always the middleman I’m worried about. I’m certain that many of these services—especially the free ones, but including things like Spotify—are collecting data on how I use them. And these processes are not especially transparent, either.