View Single Post
Old 03-15-2011, 11:29 AM   #37
PoP
 curly᷂͓̫̙᷊̥̮̾ͯͤͭͬͦͨ ʎʌɹnɔ
PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.
 
PoP's Avatar
 
Posts: 2,534
Karma: 39999999
Join Date: Dec 2010
Location: ♁ ᴺ₄₅₃₀' ᵂ₇₃₃₇' ₆₀"
Device: K3₃.₄.₂ PW3&4₅.₁₁.₂
Well I ran a 10 hour long tcpdump capture. My analysis doesn't reveal any realy interesting stuff.

Every hour:
The Kindle queries DNS for dogvgb9ujhyxbx.jfk1.cloudfront.net
and DNS answers with a series of 8 IP addresses in the range 204.246.169.XXX
The Kindle queries DNS for pins.amazon.com
and DNS answers with 184.73.176.172

Every 27 seconds:
The Kindle sends a UDP packet to 184.73.176.172

Every 30 minutes:
184.73.176.172 sends a UDP packet to the Kindle

The ports for UDP packets change every hour. The traceroute port 33434 is sometimes, but not always used. The content of the packet is *not* a trace route. I guess it is kind of a keepalive with some Kindle specific information. The Kindle UDP packet always contain the same data. The pins.amazon.com UDP packet data varies.

The UDP packets are possibly encrypted, wireshark doesn't decode the protocol, and at any rate the packet data is not otherwise human readable.

No log was ever sent to amazon, with or without the nolog hack applied.

No other traffic in the capture.
PoP is offline   Reply With Quote