1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

Suspected Sniffer - Programmers Please Analyze Packet Log

Discussion in 'OS X Mountain Lion (10.8)' started by Antifragile, Aug 12, 2013.

  1. macrumors newbie

    #1
    Over the last week I've had a guest staying in my home. Due to suspicious activity on my i-phone and i-pad mini I decided to run a packet logger through one of the evenings he or she stayed. I can also add that this particular guest has access to extremely sophisticated software as well as the implementation know-how. I have may other details - including i-phone logs when I was suspicions of my phones activity - but before we get into all of that I'm hoping to get some feedback on this topic first.

    Included in this post is just a simple screenshot - is there something in the packet logger file I would want to search for in particular to give me details as to whom it could have been.

    If there is more information I may provide please let me know.

    Thanks so much for your time and analysis.

    This is my first post on the MR forum - admins if I have posted in the incorrect place I apologize in advance.

    -Antifragile
     

    Attached Files:

  2. macrumors 68020

    MacModMachine

    #2
    most of that is the HCI bluetooth controller, looks like a possible BT sniffer.

    anymore screen shots?
     
  3. macrumors newbie

    #3
    Would it be safe to post the .pklg file?
     
  4. Antifragile, Aug 12, 2013
    Last edited: Aug 15, 2013

    macrumors newbie

    #4
    More images for analysis until further recommendation...

    Thanks

    Edit Test
     

    Attached Files:

  5. macrumors newbie

    #5
    Anyone else care to add their thoughts? Thanks
     
  6. macrumors P6

    Intell

    #6
    That's all Bluetooth. Hardly something to fret over.
     
  7. macrumors newbie

    #7
    I must disagree - what sort of background do you have in tech? Thanks :)
     
  8. macrumors P6

    Intell

    #8
    A few college degrees, various technical certificates, many years of experience. I wonder, do you disagree with your doctor if he/she points to your oddly bend arm and says "It's broken" and you respond "No it isn't". You came here asking for advise, then question the advise given to you.
     
  9. macrumors newbie

    #9
    I was not attempting to be a jerk AT ALL! Much respect - and I appreciate your advice - but what is your take on where it actually says - Mode Change - Sniff Mode - ?

    I also have Peer-to-Peer Logs from iphone that make me suspicious...
     
  10. macrumors 6502a

    laurihoefs

    #10
    Sniff Mode (among other BT modes) is explained here: Bluetooth Sleep Modes

    Could you elaborate what you think is suspicious in the logs? Do you have BT devices connected? If so, then that's pretty much what your log should look like.
     
  11. macrumors 68020

    #11
    What was the "suspicious" activity?

    In that case, your best bet might be to use social engineering:
    "Dave, have you been messing with my stuff?"
     
  12. macrumors 68020

    MacModMachine

    #12
    there are some pretty good Hardware BT sniffers, this to me looks like a large amount of BT traffic but not knowing what possible devices are around it could be anything.

    although i highly doubt one is trying to hack your phone/ipad/computer via bluetooth unless you have some nuclear launch codes or something.
     
  13. macrumors P6

    Intell

    #13
    That's Mac OS X's buled. The traffic shown is generated and sourced from it. Unless the OP has a sniffer running in that machine in a unusual configuration, that's all normal.
     
  14. macrumors newbie

    #14
     
  15. macrumors P6

    Intell

    #15
    Those logs from the iPhone are normal. I get those very often on mine. Nothing unusual there.
     
  16. macrumors newbie

    #16
    Log 5

    Wed Aug 14 12:10:53 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_ginIpDH123eW1zb: No such file or directory
    Wed Aug 14 12:10:53 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_vYKI0J3ZcLMNesX: No such file or directory
    Wed Aug 14 12:10:53 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_nmpWQpmiDABGge3: No such file or directory
    Wed Aug 14 12:10:53 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_cfRamaVrMjhAgQe: No such file or directory
    Wed Aug 14 12:13:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_ginIpDH123eW1zb: No such file or directory
    Wed Aug 14 12:13:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_vYKI0J3ZcLMNesX: No such file or directory
    Wed Aug 14 12:13:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_nmpWQpmiDABGge3: No such file or directory
    Wed Aug 14 12:13:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_cfRamaVrMjhAgQe: No such file or directory
    Wed Aug 14 12:28:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_ginIpDH123eW1zb: No such file or directory
    Wed Aug 14 12:28:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_vYKI0J3ZcLMNesX: No such file or directory
    Wed Aug 14 12:28:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_nmpWQpmiDABGge3: No such file or directory
    Wed Aug 14 12:28:42 2013 backboardd com.apple.backboardd[26] <Warning>:Facebook[773]: Could not stat /private/var/mobile/Applications/CAF61834-294E-4087-8F7F-BE4831E50210/tmp/etilqs_cfRamaVrMjhAgQe: No such file or directory

    ----------

    I appreciate that very much - any explanation as to why all of my stuff seems to be acting so strange? Like why on earth my SAT NAV stereo would reset presets and keep all other info the same?
     
  17. Antifragile, Aug 15, 2013
    Last edited: Aug 15, 2013

    macrumors newbie

    #17
    na
     

Share This Page