@jialin.huang
FRONT-ENDBACK-ENDNETWORK, HTTPOS, COMPUTERCLOUD, AWS, Docker
To live is to risk it all Otherwise you are just an inert chunk of randomly assembled molecules drifting wherever the Universe blows you

© 2024 jialin00.com

Original content since 2022

back
RSS

Why Mobile Hotspot IPs Are Not What They Seem

Why writing this

When using the same WiFi network, we can easily find each other's IP addresses (192.168.0.x) using ifconfig/ipconfig. This is useful for tasks like testing websites on mobile devices, as CSS may render differently on actual phones compared to desktop browser's Responsive Mode.
I then thought about the
nc command, which allows two devices to communicate via terminal:

# Device X: Listen on port 5000
nc -l 5000

# Device Y: Connect to Device X
nc 192.168.0.x 5000

# Now devices can exchange data

What if both computers are using a mobile hotspot, can they communicate?

Turns out, they can't.

Mobile Phone IP Addresses

https://www.where-am-i.co/my-ip-location

When you check your IP at sites like whereami, you're seeing your public IP. Your carrier assigns you an internal network address, so hundreds of devices might share the same public IP.

Here's how it works:

  1. Mobile carriers operate large private networks.
  1. Each base station has a public IP with up to 65,535 ports.
  1. Your phone gets a unique private IP within this network.
  1. Carriers use Carrier-grade NAT (CGNAT) to translate private IPs to public IPs for internet access.

In a hotspot setup

  • The phone has two IPs:
    • One from the carrier (private, e.g., 10.x.x.x, not directly accessible)
    • One as the hotspot (172.20.10.1)
  • The connected computer gets a different private IP (172.20.10.2)
  • Data flows: Computer (172.20.10.2) -> Phone/Hotspot (172.20.10.1) -> Internet (public IP)

Regarding the nc command

While the computer can determine its own IP and the hotspot's IP within the local network (172.20.10.x), it still can't establish a direct connection to another device on the mobile network. This is because:

  1. The phone's carrier-assigned private IP (10.x.x.x) is not accessible from the hotspot network.
  1. The public IP is shared and doesn't allow incoming connections without port forwarding, which mobile carriers typically don't support.

It is inherently unreasonable to attempt establishing a connection between a 10.x.x.x range and a 172.x.x.x range using nc.

Security Issues

What if: My phone can snoop on a computer's packets when it's connected to my phone's hotspot?

The truth is: While your phone can see how much data a connected device uses, it can't easily access the content of the packets. Here's why:

  1. Traffic goes through the phone's hotspot function, not the phone itself.
  1. In practice, regular phone apps can't access these packets due to OS restrictions.
  1. Widespread use of HTTPS encryption makes meaningful inspection difficult.
  1. Actual packet interception would require specialized tools and often root access.

https://www.quora.com/Why-is-my-phone-s-IP-address-public-IP-address-different-even-if-I-am-directly-connected-to-the-internet-without-a-router-in-between

https://www.reddit.com/r/HomeNetworking/comments/mk6u2m/computer_under_mobile_hotspot_is_unreachable/

https://www.whatismyip.com/

https://www.quora.com/How-does-the-NAT-work-on-the-hotspot-How-does-hotspot-assign-IP-to-clients-Do-you-have-an-article-on-this-subject

https://www.quora.com/Does-a-smartphone-mobile-hotspot-use-NAT

https://www.kingtoptec.com/mobile-hotspot/are-devices-connected-to-mobile-hotspots-using-private-ip

EOF