AMITIAE - Tuesday 20 January 2015

Tracking Networks and Risks on the iPhone: Available Utilities - More Misses than Hits

apple and chopsticks


By Graham K. Rogers

Internet Tracing

Every couple of terms, I am asked to teach the subject of Morals and Ethics to Computer Engineers. Over the last year or two, a lot of the content has changed. The last time I taught, the revelations from Edward Snowden were appearing day by day, and I was having to rewrite content as I went: sometimes just before going into the classroom.

Things have changed considerably since the Post Office was steaming open letters in wartime Liverpool and Alan Turing was one of a team trying to crack Enigma encryption. Their efforts were right, particularly in a time of war; but the lines have become blurred, particularly in the last few years.

The argument about security and surveillance is that if we are doing nothing wrong, then we should not worry. Only the terrorists or the criminal gangs, or those interested in child pornography (the arguments are cycled) are the targets.

But we should worry. Forget the points about current methods and capabilities, the problems are in the future. As a former policeman, I remember pushing the limits of the law and sometimes - particularly in the early days of UK drink-drive legislation - fudging those limits. We were always kept in check, by senior officers (worried about blame) and particularly by the courts and lawyers: sometimes our arguments were accepted, sometimes not. I am grateful for that and the respect for law that it taught me.

There is less assurance of those checks and balances nowadays. Indeed some of the revelations about interceptions strongly suggest laws are being ignored as a matter of course. However, it is not only the government that users could be at risk from.

One of the subject areas I examine, is metadata. Last week I played for the students a video with the chilling words of Gen. Michael Hayden: "We kill people based on metadata." His follow-up comment, "just not this metadata", was not reassuring. Taking metadata a little further, I am now looking at steganography: words inside pictures.

This came into public awareness just a few years ago when a cell of Russian spies - years after the end of the Cold War - were arrested in the USA: dead drop boxes, chalk-marked tree stumps, the brush pass, maps, photographs were all being used (Robert Tilford, Examiner). One method of concealment that caught my eye was the way they had concealed text inside images. I found a few examples of software that I could try on the Mac and a couple for iOS devices. I wrote about these in two articles for the Bangkok Post, Database:

Stegosec Stegosec

The best app for iOS was StegoSec and for the Mac, StegoSecOsX. An additional and major advantage was that data encrypted in one could be decrypted in the other. Although not updated these still run on current versions of the respective operating systems. They are not industrial strength applications.

There is of course an ethical problem here - why hide data in such a way? - until one thinks about the actions of certain régimes, for example, Ceauscescu's typewriter registration. There are good people fighting bad authorities; only the authorities don't see it that way. And if you think that the commercially available steganography is worth trying, remember that the US authorities cracked the spies' encryption because the USA had better algorithms than the Russians. These are not industrial strength applications.

Looking for up to date information on the applications, I found that the developer of StegoSec, Raffaele De Lorenzo, had another application: GeoTCPTrace. This provides a toolset of network administrator utilities and sent me off in a different direction, although still focussing on security.

For those who have used UNIX, there are a number of such tools available baked into the operating system. Simple commands like who, whoami and ping have long been used. Not everyone is comfortable working at the command line and with the Mac the Network Utility has some of the tools but with a more user-friendly interface.

With more people moving to handheld devices, utilities for these are also needed. I spoke to a young smartphone user a couple of weeks ago who does not have a computer. When I asked Why, he replied, "What's the point?"

Since using the iPhone 3G, I have had a utility called Network Ping Lite from MochaSoft (see below), along with aSubnet (for calculating IP address data). There are a number of other networking solutions, such as Solar Winds, for managing IT infrastructure; as well as apps for remote file access, VPN and other system management software.

Which brings me to GeoTCPTrace. It is not the newest tool (2010) and is in need of an overhaul. It has 5 basic tools plus About: GeoIP, Ping, Check Connection, Traceroute and Servers Monitoring. Only GeoIP worked by identifying the location of an IP number (I used one of Apple's), but the keyboard would not clear, so I was unable to view the map.

Ping, Check Connection and Traceroute all crashed the app (even after I restarted the iPhone), while Servers Monitoring did not allow me to enter any data (no keyboard) and always refused to return to the main page, needing an app restart each time I tried.

Trace Trace Trace

This took me back to Network Ping Lite in my frustration. This has a quite simple interface with a list of options available: Ping, Ping Subnet, Traceroute, Netbios lookup, Telnet and Device list.

Ping and Ping Subnet were straightforward, with the latter usefully highlighting the devices it found in the subnet. Traceroute was a little less helpful. I ran this a number of times and on each try it was unable to identify several of the hops, eventually running out of steam. In comparison, the Mac version in Network Utility found my IP in 17 hops.

Network Utility

Netbios may be less useful these days as it looks for devices using the SMB protocol: mainly used for sharing access to files and printers between computers on a network. This has been superseded by SMB 2.0. No devices were recognised by the panel.

I was unable to make the Telnet function work. This is used less nowadays for reasons of security, and other methods are now more commonly used to make connections. I tried the same addresses I used in the Ping app on the Mac using Terminal, but was similarly unsuccessful, whereas I had been in the past. The paid version is listed at $3.99.

Trace Trace Trace

The Device List function was more useful, but the Lite version of the app limits the discovery to 4 devices on a network. Several other devices were listed - including some identified as Apple - but I was unable to access information. The data shown for those 4 included IP and MAC numbers.

Although the information using the app was limited, both in terms of features and access, it does provide some ways that users may make discoveries about the environment they are working in. What is missing however are the features of Lookup and Whois, which are particularly useful when trying to identify sources of phishing emails.

Trace Trace Trace

There was a rather interesting app that showed maps of the internet in a quite attractive graphical format: Map of the Internet by Peer 1 Hosting. The reality of the links is that these are highly complex as the local map of connections to Thailand alone would show.

Internet Connection Map - from NECTEC
Internet Connection Map - from NECTEC

As well as the interest and education values here, there were a couple of useful tools and I was able to perform a traceroute, but the display was only graphic and not data, so has limitations: nonetheless, entertaining.

Trace Trace Trace

A large number of companies and organisations are pre-entered (like Apple, Google and the London Internet Exchange), so these could be shown quite quickly. Entering a specific IP number brought up the display fast enough, but there was no facility to save in the case of a specific IP number or site that a user might want to examine often.

I was a little more hopeful with NETSTAT which does give me a basic display of connections that are being made by the device I was running this on. The display is in 3 sections: Carrier, Wifi and Local; with each displaying connections.

I was able to identify several of the connections as Apple (IP numbers beginning with 17.x.x.x) and the app also identified email use. Facebook was also shown and certain changes were evident as I used different apps.

The app is somewhat limited as it is not possible to search for IP numbers and glean other information. I was, however, able to send the data from the app via email, in CSV format. This was a little more accessible and I would be able to use other applications to track down any suspect connections.


By opting for one of the in-app upgrade purchases at $0.99 I was able to read far more detail about individual connections within the app. There is also a $4.99 option that provides "All Features". The basic (free) app provides a fair amount of detail, but I was much happier with the small upgrade as this allowed me to see a number of useful data as well as being able to Ping the host.

Trace Trace Trace

InetTools - Network Diagnose Tools looked as if it had some promise as the screenshots in the App Store showed a better array of tools. As well as the free version there are several upgrade options.

  • Ping was quite successful and I was able to add the server I used to a favorites list.
  • Traceroute was a little reluctant, like the earlier attempt with GeoTCPTrace
  • DNS lookup scored with all the addresses I tried, including a number that did not use the standard .com suffix
  • PortScan needed me to enter IP number for a server and a range of ports. I was warned if I had wrong information, or when the range of ports was too wide. A result open/close was given. Scanning each port takes about 10 seconds.
  • Whois was not available and needed me to upgrade to the Pro version.
  • Server Monitor was not available and needed the Pro version upgrade
  • LAN Scan needed the Pro version upgrade
  • My Server List, showed any servers the user added
  • Recent Tasks displayed the checks I had made and allowed full access to the results - a quick reference feature.

The full version was an in-app upgrade of $1.99 but I saw in the App Store that the whois feature could be added for $0.99, as could LAN Scan and Server Monitor support ($0.99 each).

There seems to be a shortage of tools for use on iOS apps that are strong enough for today's threats. An example might have been Network Analyzer, but this is not available in the Thai app store. There are plenty of speed test apps as well as those for VPNs (essential for some users).

The utilities I examined, mainly performed sub-par, with only Map of the Internet by Peer 1 Hosting, NETSTAT and InetTools - Network Diagnose Tools, considered adequate. These types of tools will not be valuable for all users, but as the internet grows, it will become more necessary to make checks in order to verify the safety of connections or to analyse links in use.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2015