That being said, not every phone will create IPv6 log. To check if you have an IPv6 assigned by service provider, go to website at I haven’t seen any IPv6 in Teamviewer log until I used a couple of mobile phones for testing. That’s why sometimes we spot private IP from the logs in a test environment. If Device A and Device B are in the same network(private), they don’t need to use public IP for communication, they use private IP instead. UDP hole punching is a commonly used technique employed in network address translation (NAT) applications for maintaining User Datagram Protocol (UDP) packet streams that traverse the NAT. That’s why Device A is able to access Device B without any network device in home environment. in Fig 4.) in the middle, between Deivce A and B works for us. We call this technique, UDP hole punching. NAT Table in home environment? So we need an intermediate node(Server) that works NAT Translation for each party. Device A and B does not know each other’s public IP, private IP and even so, they cannot directly communicate without NAT Table. In the network world NAT does always matter, specifically for P2P(peer to Peer) communication. If this doesn’t ring a bell in the future, remember attacker gets the upperhand, gets stronger position. Support PC(Device A) always has type 6 and role 6 whereas, client PC(Device B) has type 3 and role 3. ParticipantsĮasy way to distinguish whether a portion of logs belong to Device A or B, is just use the role type number. We know Device A(Remote) and Device B(Local)’s fingerprints from the log that makes us have another chance to match suspect’s fingerprint if we find a PC on the crime scene. The fingerprint is generated on the local TeamViewer client by the machines public key and consists of letters, numbers, and special characters. Like the TeamViewer ID, each device has a unique fingerprint. If we look at the box highlighted in Fig 4 above, local and remote fingerprints are hashed(SHA256) repectively. Session Start & Encryption NegotiationĪs a start point, log begins with Activating Router carrier, followed by encryption negotiation process where using AES-256 encryption algorithm for a symmetric key and RSA for key exchange. Let’s assume that remote access starts from Device A all the way to Device B.ġ. That aside, the file is automatically separated with the name of ‘TeamViewer#_OLD.log’ as soon as the size of original is over 1MB more or less. This tells us the program was upgraded from 14 to 15 at some point in the past. above, filename is containing version numbers, 14 or 15. ➔ Records detailed information of remote access & connections.Īll right, We have two logs illustrated in Fig 3. C:\Program Files(x86)\TeamViewer\TeamViewer#_Logfile.log (install path) ➔ Records general information of software operation.Ģ. %USERPROFILE%\AppData\Roaming\TeamViewer\TeamViewer#_Logfile.log Although they both have the same name, contents are distinct.ġ. Two log files with the exact same name are saved in different directories. TeamViewer#_Logfile.log is applied in LocalTime, UTC+9 in here South Korea. The two digits ‘#’ followed by ‘_Logfile.log’ indicates software version. Unlike the ‘connections_incoming.txt’, ‘TeamViewer#_Logfile.log’ has more rich information about remote access. We have more information coming right up, tips & details including IPv6 in part 2. In the previous post, we covered the basics of Teamviewer log analysis and confirmed that we have a lot more to delibrate from the basic log, ‘connections_incoming.txt’.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |