It’s all about the pcaps baby

So my android phone as an interesting problem, granted it’s an S4, running not the latest build so I don’t know if that problem still exists. Apparently the way the default mail application is set up, it can’t sync the mailboxes unless the Sync button is turned on. But that doesn’t stop that the mail application from trying to sync on a schedule.

So under email app > settings > manage accounts > email address > sync settings: Sync Email is checked. In the same bar, under Sync Email it says Master sync has been turned off. In the past I googled and tested, and found that if that is off, the app will not sync.

Below that is a thing called “Sync Schedule”. I left that set to default (which has a peak schedule). So even though “Set Sync Schedule” is set to manual, I have a choice to overide that for peak times, and days, and can say what those times and days are.

Going through Logcheck emails the other day, I’ve said before logcheck is awesome, I started to notice things like this

Well, that’s a little odd. To my knowledge nothing should be trying to connect from the home network (I didn’t see the cell network stuff until a few days later).

So I started tcpdump running on the network:

Which is how I found the cell address space, after breaking my pfsense box at home and having to re-install. (I’ll have to remember to write about that later).

Well this is odd (I was tethering my laptop to my cell), why is my laptop calling my mail server.

More pcaps (mail2 and mail3), I find that the cell phone is connecting while not at home too. Run a pcap for 2 days on the firewall, and low and behold the cell phone when on either cell or wireless is doing the connections.

After I turned off the peak hours setting that problem stopped. So with peak hours set, sync set to manual, and master sync turned off. The phone would still try to sync, and just fail out after opening the imaps connection.

All about knowing how to read pcaps, and logs, or it would still be doing it. Now if I can just remember later, when I finally buy a new phone running a newer version of Android.

As my favorite shirt says: Pcaps or it never happened.

Lastly forget the Benjamins and the Pentiums, it’s really all about the Pcaps baby.

Leave a Reply

Your email address will not be published. Required fields are marked *