393 words
2 minutes
Is School Wifi blocking my Spotify connection?
2024-09-22
General
Networking
/
Forensics

Introduction#

Midterms and Assignments are coming up soon, and I’ve been spending most of my time in School grinding code and studying. While connected to the School Wifi, I tried to launch Spotify, but alas it wouldn’t work. Frustrated, I tried restarting my laptop but nothing worked. It was only when I got home that day where I was able to launch Spotify!

Curious, and wanting to dive deeper into the source of this issue, I decided to put my Networking and CTF skills to the test. In this blog, I’ll go through how I debugged the issue, and how you guys can track and trace any connections your computer is making!

Tracking open sockets#

I suspected that the issue was the School Firewall interfering with the Spotify Packets. In order to trace the source of this, we first need to open spotify and check which ports are being used. The first command I did was

sudo ss -ut

This allows me to check UDP and TCP sockets that currently have a connection.

TIP

You can include the ‘-a’ tag if you want to see all packets

Command 1 Here you can see all the sockets that have established connections. I’m only choosing to show the UDP packets here because I’m particularly interested in this specific connection.

Tracking parent process#

If you want to track the parent process of a particular socket, you can use this command

sudo ss -uap | grep "35.186.224.24"

As shown below, you can clearly see the parent user alongside the pid! Command At this point we know that Spotify is indeed making UDP connections to a server at that particular address. Most likely, NUS has a Firewall configured with Implicit Deny that’s preventing the packets from going through, which results in Spotify being unable to launch.

Deeper Dive#

Of course I couldn’t just stop there, so I opened Wireshark and took a look at these packets. Wireshark Image These are QUIC Packets, which are built on top of UDP. QUIC is typically used for HTTP/3 and is quite a fascinating protocol, I might do a whole blog dedicated to it!

Summary#

Just to sum this short blog up, I wanted to show how to do a simple analysis of UDP/TCP sockets. This isn’t exclusive to Spotify, if you’re worried about a backdoor or a suspicious process transferring data to a server, you can easily do that with the commands shown above.

I hope this was helpful!

An analysis of the XZ Utils Backdoor (CVE-2024-3094)
© 2024 Jovan Tan. All Rights Reserved.
Made in Astro and Fuwari.