Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
IMG_0443.PNG

This is my network as of right now. Running the port scanner
 
Screenshot 2023-04-13 at 2.29.30 PM.png
Sorry I take it back. I tried to do an internet search for something unrelated and it was a basic search nothing special and it’s saying I have no data connection but yet I do and so I switched Wi-Fi scanned my ip for open ports and this is what im getting.
 
That’s easy, they are all on iPhone and using cellular. I haven’t discussed the network transitions while on Wi-Fi yet. I know I mention it happening but I have been keeping this separate when I am discussing this. So all the parameters I mentioned were cellular specific and on my iPhone.

Now as I type this my current IP while at home is 166.198.34.55 (internal)

My external IP if it matter is 10.113.298.112

I have two DNS assigned both having the same number. 172.26.38.2

When I attempt to do a reverse on my DNS it says unavailable or Private IP. This is using MXToolbox. Using DNSchecker.org it resolves itself as both Host and IP.

Most times it returns nothing when I search as an IP but yesterday I was able to get a AS number as AS7018 which has a parent and the parent resolved to an Amazon webserver.

The tools I use on my phone are a couple so I can cross check my findings but Scany is one (great for using as an open port analyzer) and I’ve used, myip.ms, whatismyip.

Netanalyzer on my phone states my network is 5G NS (I don’t know what the NS stands for but I’m pretty sure it’s irrelevant to this problem)

The other IP my phone switches to is 107.77.211.169 the last three sections are typically different. But when my phone was using this IP it stated my DNS was my loopback 127.0.0.1 and it has also stated it was Proxying but I don’t know how to use a proxy nor have I done so.

Again all on my iPhone and using cellular

Just a bit of background to make sure we're on the same page. There are certain address ranges that people can use for their own networks (LANs) that are guaranteed not to conflict with public addresses you might need to reach on the internet. Here's a good wikipedia page: https://en.wikipedia.org/wiki/Private_network. Notice that 10.113.298.112 and 172.26.38.2 are both private addresses. Notice also that 166.198.34.55 is a public address.

Generally, when people say "internal" address, they're usually referring to a private address on a LAN. When they say "external" address, they're referring to a public address that my ISP has allocated to the WAN side of a router. Notice that you are doing the exact opposite; you are naming a public address as your internal address and a private address as your external address.

Since I requested we only talk about cellular, I'm going to assume when you mention internal/external addresses, you're referring to cellular networking. I've never heard of the internal/external distinction for cellular networking. What do you mean by "internal" - internal to what? Certainly your cellular networking does not involve your LAN at all.

Assuming you have WiFi turned off, tell me exactly where you see that internal address and that external address, and I'll try to duplicate it on my end. I do own Net Analyzer Pro.
 
I'm not sure what's going on. I'm seeing new posts after I made mine, that appear to have been made earlier. Sorry if I missed all that.
 
I see now, from your Scany screenshots, that you had them reversed when you identified "internal" and "external" addresses. That's a real problem if your posts aren't accurate. I'm not really sure how to proceed in helping you diagnose when I can't count on the details you provide :(.

I might have to buy Scany to figure out what it's saying. I'm also going to study some to see if I can figure out what that 10.* address labeled as "Cellular" means.
 
I see now, from your Scany screenshots, that you had them reversed when you identified "internal" and "external" addresses. That's a real problem if your posts aren't accurate. I'm not really sure how to proceed in helping you diagnose when I can't count on the details you provide :(.

I might have to buy Scany to figure out what it's saying. I'm also going to study some to see if I can figure out what that 10.* address labeled as "Cellular" means.
Apologies for the miscommunication there on int vs ext. there was a lot going on at the moment.

Here is a screenshot from Net analyzer pro

*also thank you for the info on the difference. I believe I understood it to be somewhat the same as you stated but this helps clarify it better. Like I said I’m self taught with regards to Networking and I know it’s quite complex. I have done some system administration but I’m an accountant and it was all ERP and CRM system related for Netsuite. But I worked for several startups and so some of my knowledge is just from exposure also.
 

Attachments

  • Screenshot 2023-04-14 at 2.02.35 PM.png
    Screenshot 2023-04-14 at 2.02.35 PM.png
    230.6 KB · Views: 120
Like I said I’m self taught with regards to Networking and I know it’s quite complex

The more I study this topic over the past couple of days, the more I realize that you are quite knowledgeable; I've learned some important things (e.g. I'd never heard of the mxtoolbox site - it's fabulous). I'm also self-taught, but it is going on 25 years of constant exposure and study. Unfortunately, as one of my past math teachers said, smart people can investigate in the wrong direction for much longer than less smart people; there is some of that going on with you.

I have two DNS assigned both having the same number. 172.26.38.2

When I attempt to do a reverse on my DNS it says unavailable or Private IP. This is using MXToolbox. Using DNSchecker.org it resolves itself as both Host and IP.

This is an example of investigating in the wrong direction. You *seem* to be lacking that fundamental and required knowledge of private, non-routable addresses. Whenever you are wondering about an address, find out if it's a private one. Also, make sure you completely understand the implications of an address being private...

It is totally valid for me to configure my home network (my private LAN, behind a NAT'ing firewall) to use the addresses between 172.16.0.0 and 172.31.255.255. That is the block defined by 172.16.0.0/12 (you need to a bit of base-two calculation to see they are the same). So, and critically important, it is totally valid for thousands and thousands of private networks to be using the address 172.26.38.2. It is completely invalid for any network to use that address and expect it to be reachable from the internet at large. Attempting to do DNS resolution on it will either give you no answer or some random answer; it will completely depend on which DNS server you happen to be asking the question of.

Years ago my home's private network ran its own caching DNS server. I added my own hosts to that, so that my private host names would translate to my private IP addresses. So, if you asked by own DNS server what 172.26.38.2 was, you'd get a answer (that would make sense only to me). If you asked another DNS server what it was, that server would throw up its hands and say "wut??".

So, STOP CHECKING WHAT 172.26.38.2 resolves to, unless you can find a relevant DNS server. Since 172.26.38.2 is a DNS server, you would probably get some answer from that - something like "hey, that's me! I'm Barbara". But, of course, don't try to reach that DNS server from your WiFi network, for example.

--

Another thing to throw out... I checked by cellular address. Then I put my phone into and out of airplane mode. Then I rechecked my cellular address. It was different than before. So, don't be surprised when cellular addresses change.

Anyway, I have no cell coverage in my office. I'm going to a coffee shop today where I'll be working. I'll try to investigate further.
 
** Meant to be sent last night.

I just wanted to document that there is the change in my IP again. This is a screenshot per Scany and NetAnalyzer Pro.

This is from my phone connected via cellular only and no apps open.
 

Attachments

  • Screenshot 2023-04-15 at 12.26.49 AM.png
    Screenshot 2023-04-15 at 12.26.49 AM.png
    105.1 KB · Views: 97
The more I study this topic over the past couple of days, the more I realize that you are quite knowledgeable; I've learned some important things (e.g. I'd never heard of the mxtoolbox site - it's fabulous). I'm also self-taught, but it is going on 25 years of constant exposure and study. Unfortunately, as one of my past math teachers said, smart people can investigate in the wrong direction for much longer than less smart people; there is some of that going on with you.



This is an example of investigating in the wrong direction. You *seem* to be lacking that fundamental and required knowledge of private, non-routable addresses. Whenever you are wondering about an address, find out if it's a private one. Also, make sure you completely understand the implications of an address being private...

It is totally valid for me to configure my home network (my private LAN, behind a NAT'ing firewall) to use the addresses between 172.16.0.0 and 172.31.255.255. That is the block defined by 172.16.0.0/12 (you need to a bit of base-two calculation to see they are the same). So, and critically important, it is totally valid for thousands and thousands of private networks to be using the address 172.26.38.2. It is completely invalid for any network to use that address and expect it to be reachable from the internet at large. Attempting to do DNS resolution on it will either give you no answer or some random answer; it will completely depend on which DNS server you happen to be asking the question of.

Years ago my home's private network ran its own caching DNS server. I added my own hosts to that, so that my private host names would translate to my private IP addresses. So, if you asked by own DNS server what 172.26.38.2 was, you'd get a answer (that would make sense only to me). If you asked another DNS server what it was, that server would throw up its hands and say "wut??".

So, STOP CHECKING WHAT 172.26.38.2 resolves to, unless you can find a relevant DNS server. Since 172.26.38.2 is a DNS server, you would probably get some answer from that - something like "hey, that's me! I'm Barbara". But, of course, don't try to reach that DNS server from your WiFi network, for example.

--

Another thing to throw out... I checked by cellular address. Then I put my phone into and out of airplane mode. Then I rechecked my cellular address. It was different than before. So, don't be surprised when cellular addresses change.

Anyway, I have no cell coverage in my office. I'm going to a coffee shop today where I'll be working. I'll try to investigate further.
I understand what you’re saying and yes some of this is true. My dilemma with your resolution still begs to ask the question like in my screenshot above …

Why do I have two DNS both resolving to the same DNS?

The other question is why are the ports open for FTP, PTP Tunneling, and RTSP, from my cell phone if I’m not trying to access any camera or what not via RTSP? Everything I have read about port 1723 is that it’s used specifically for Microsoft Point to Point Tunneling and it has known vulnerabilities. if I’m not using a PC, and I do not own a Microsoft account on any device I own!! And why are these ports open on my IPhone using cellular without a VPN and all apps closed and background refresh off entirely. And all settings on all my apps that have location services are set to “while using the app”

I know I may be on the wrong path to find answers I can except that.

The other interface that I cannot find answers on is anp0 if I’m not mistaken. This interface is open and is transmitting packets.

And my final question when you run a traceroute to my IP 7 out of 10 times it does not reach the final destination being me. I ran a traceroute from “whatsmyip.org” using their server and I’ll include the screenshot on this post. I’ve also run the traceroute using Wi-Fi to my cellular IP and same occurs or I get significant packet loss in numerous spots along the route. Significant meaning upwards of 80-90%??

Now I admit I’m not 100% on how to read the traceroute but all the research I’ve done tells me this packet loss means something. Since I have difficulty receiving all my calls, messages, & emails. Most important is password resets…. These 9 out of ten times I don’t receive. So who is receiving them, or where are they going?? I don’t use any 3rd party email service. Only iCloud. Researching this matter is how I came upon MXToolbox. It’s a very useful tool!!

The DNS has been my loopback at times
Or it’s been nothing or it’s been a 169.xx IP address. This is where I end up losing everyone is trying to explain this situation. Because it only makes sense if you know the way it started. Because as I learn ways to work around the problems I encounter the situation evolves. I believe at this point setting a trap of sorts is the only way I can get out of this mess. I have most of the tools to do so. But it’s way above my head to actually implement it. So let’s say if this was happening to you or any other knowledgeable person what would you do to resolve the matter?

Somehow and I don’t even know how to explain this but there is an Azure Virtual machine involved and Gamers that I can tell. But what they are gaining from me or how I’m involved doesn’t make sense to me and I just sound silly trying to explain what I’m trying to say and what I see. Is that just a byproduct of the bigger problem, is there some hack or compromise im unaware of?

Please tell me what you come up with when you lookup “AMDEngagementExtension” it’s part of the original question of this post “source P”. Because the problem I need to resolve is who is stalking me, why, and how
Can I make it stop!!?? I cannot express the pain this has been creating in my life.

At the end of the day I had burned out working for the last Startup Elasticsearch and I’m trying to start two business’s one my photography and the other is a larger project but this problem I’m experiencing has hindered my life to keep me from gaining any progress or even get started. So I’m desperate for help at this point as I’ve put my life on pause for going on 6 years. Because at one point they had rendered all my devices useless. Files get erased or moved. I get locked out of my accounts and unable
To receive password resets. Files get corrupted and I’ve been cut off from all my social media accounts where I need to promote my work. I have woke up only to find my phone having changes. Settings, menus and options either locked or available I’ve never seen before.

So the question is let’s say it’s you in this position, where would you start to try to resolve this? What piece of data is the most beneficial to know for certain if it’s malware or an actual 3rd party hack?
 
This is the traceroute using my home Wi-Fi as starting point.
Btw - THANK YOU for taking this time to help. I can’t tell you how much it means to have a grown up conversation about this and some real guidance. I know we all have busy lives so I genuinely appreciate the help. 🌸
 
I've been writing up the following for a while in a coffee shop. Since I wrote it, you've posted more. I'll try to continue with post #34 onwards soon.

Warning - my knowledge on this topic is evolving. Executive summary - I see nothing amiss in your cellular results. Nothing worries me about your addresses changing, the open ports, and the address of your dns server (and its duplication).

Scany's presentation of "Cellular IP Address" is the address assigned to your device. And, or course, the "External IP Address" is your public address. So, you were quite right that there is the notion of internal and external for cellular; the internal address is that assigned to the sim card. (I am not sure I'm using the right terminology.) In one of the tools I use, that internal address is listed under the category "DATA SIM INFORMATION".

Each time I toggle airplane mode, I get a different internal address. *Sometimes* I get a different external address. My guess is the internal address is acquired via something like DHCP. I notice in one of your screenshots that you had just one bar of cellular reception. Perhaps you occassionally lose that and when you get reception again, you get a new IP address via DHCP. Be aware that I'm only talking about IPv4. I haven't reviewed the IPv6 addresses; it could be they a deterministically derived and might be unchanging.

So, I don't think there's anything to worry about your IP address changing. On to open ports.

I do understand that it would be troubling to think your phone has open ports. However, I believe you are essentially hitting a NAT'ing firewall that has those ports open. From my recent reading, most all mobile providers use CGNAT, "Carrier Grade NAT". So that external address you were worried about, 166.198.34.55, is shared by many cell phones. Given that, it's pretty certain incoming traffic won't make it to your phone. Perhaps your carrier sometimes opens those ports for diagnostic purposes. I did do a nmap scan of that IP address and there were no ports open at that time.

So, I don't think there's anything to worry about those open ports. On to DNS.

I wouldn't read too much into the fact that you have a duplicate entries. It could be simply that your DHCP provider is configured in a confusing way. There are lots of crazy reasons this could have been done. Imagine some administrator was asked to set up the DNS servers and they had two fields to fill in. Suppose they were fields that had to have values or else the settings couldn't be committed. "Hey Barbara, what DNS servers go in these fields?". "Well Joan, we only have one." "But, Barbara, I need two!". "Stop moaning Joan and be a problem solver!! Put the same number in both fields!"

But there's still the question of how the DNS server is allowed to have a private address. Apparently CGNAT is also called NAT444; implying there are 3 IPv4 network segments: your private segment (having the internal address), your carrier's segment, and the public internet. Your DNS server is located in your carrier's segment, which would allow it to have a private address. The internet at large could not reach that DNS server at that address, but your cell phone can.

So, I don't think there's anything to worry about the DNS.
 
Last edited:
Yeah I don’t really understand what a NAT firewall is? It’s just not been something I researched but I’ll try to understand what it means.

Funny enough is that this week in general my phone has been really normal. Which my husband, and my kids both know I have been actively posting here looking for answers. So is it a coincidence hard to say. Just going on the information I was given being it’s someone I know and them having complete control of my device. But I have also been keeping my phone off as often as I can in hopes to shake this person or make
Them bored enough to forget. And lastly I don’t think I’ve spent more than an hour in full on my Wi-Fi at home. So I’m going to connect via Wi-Fi and see what happens I’ll send a screenshot of my network settings via Wi-Fi. If I stand back it makes sense it may be my home network related.

Sometimes when your deep in it the water gets muddied and it’s hard for me to pinpoint which direction it’s coming from as it’s also emotionally draining.
 
Traceroute executive summary - nothing is wrong. Details follow...

I'm sure you don't have the bandwidth for it, but the man page of traceroute (on the Mac) is pretty informative. It does mention some of the reasons that you don't get replies for the various hops along the way to the final destination. None of those failures say anything about throughput or latency for actual data traffic.

I did buy Scany. I ran its traceroute to 166.198.34.55, while my phone was only on WiFi. I got a result like you did - a whole bunch of clouds before the final result. And it took quite a while to reach the final destination. I did the exact same traceroute from my Mac to that address, using the very same WiFi network; it reached that address in 14 successfully reported hops, in under a second.

You see that 12.242.120.153 before all those clouds in Scany? And you see the 12.242.120.157 in the other traceroute? They are both the last hop before reaching 166.198.34.55. (Remember that network paths to the final destination can vary.) Basically your two traceroutes expose that the 166.198.34.55 is somewhat "resistant" to the type of probes being used in those two traceroutes. There are a number of different approaches to sending probe packets; 166,198.34.55 is not resistant to the default approach taken by MacOS' traceroute.

The Scany one is kind of easy to guess at, since it looks like a situation described in the MacOS traceroute man page. Basically, the response from 166.198.34.55 won't make it back until the TTL of the original probe is 2x the total path length. That's roughly consistent with there being 14 successful hops followed by 14 failures, and then the final result. Basically, 166.198.34.55 is using the residual TTL to get the response back to you. So, for example, if it takes 100 hops to get to a destination, then reply would need 100 hops to get back. So even though the destination is 100 hops away, you won't get the response until you look for that server at 200 hops away. CRAZY.

Unfortunately, traceroute is not easy to understand unless you put in the time. I don't think you have that kind of time.
 
The DNS has been my loopback at times
Or it’s been nothing or it’s been a 169.xx IP address.
First, let's make sure you understand the 169 address - https://en.wikipedia.org/wiki/Link-local_address

Basically, if you phone fails to get an IP address from some DHCP server, it uses a random address that starts with 169.254. Is there any chance that you checked things when you cell coverage dropped for a bit and before it could get another address from the DHCP server?

If you phone failed to get a DHCP response for it's interface it probably also failed to get a response which specified the DNS server. If might just be a timing thing whether the phone sets the DNS to 127.0.0.1 or to the ultimately assigned IP address of 169.254.*. But, this is just guesswork.
 
Is there any chance you have a bad SIM card? Is it a new one in your new phone? Is your cell coverage spotty at your place?

I only have cell coverage at my house when I'm upstairs. To avoid problems, I generally keep my phone in airplane mode when I'm at home. I use WiFi calling almost exclusively.

I've checked my phone's routing table when I have both WiFi and Cell data up. I get two default routes, one for each interface. I'm not actually sure which one gets priority. (I believe it's the WiFi one in my case, for a couple of reasons.) But I suppose, if you are having trouble with cellular, it could impact networking performance even if your WiFi is working perfectly.
 
A good resource (scanner) for port vulnerabilities is available at grc.com.

grc shields up common ports.jpg

grc shields up 1723 copy.jpg
 
Via Wi-Fi I’ll try to keep to details but since it started I have had two different ISP’s. One was Viasat and currently it’s Xfinity.

I’m using the most secure gateway Xfinity offers. I had purchased my own but I’ve had such trouble setting it up. I even tried bridging it but I can’t get Xfinity to recognize it and as I’m locked out of the admin settings via browser I can only rely on the app. I am the administrator to the account and I’ve reset the gateway 3 times which Is a pain to no avail regaining those admin settings.
View attachment 2188583Sorry I take it back. I tried to do an internet search for something unrelated and it was a basic search nothing special and it’s saying I have no data connection but yet I do and so I switched Wi-Fi scanned my ip for open ports and this is what im getting.
did you happen to look over these screenshots?
 

Attachments

  • IMG_0463.png
    IMG_0463.png
    127.3 KB · Views: 112
It makes sense to move on to WiFi; so many more tools are available since you probably have a computer on the same network.

I just want to reach closure on two small things related to your cellular and the testing you've done related to it.

-- about open ports --

I did say you don't have to worry about open IPv4 ports since you're double NAT'd. However, your IPv6 address is a public address and reachable from the internet. If you're still worried about open ports, you could check that address. Unfortunately Scany doesn't seem to support IPv6. Net Analyzer Pro does and seems generally to be a much more powerful tool than Scany. But, I think the best way to probe your device is to do it from a different device; your Mac would be ideal since you could run nmap. whatismyip.com from you phone, when on cellular only only, would tell you your cellular IPv6 address. Then you could probe it from your Mac. I don't think this is a very important exercise, but I can assist if you want to try and want my help.

I did probe my phone's IPv6 address. It didn't respond to pings and all ports ignored incoming requests. However, nmap was able to detect my device was up and it correctly guessed that it was either a Mac or iPhone.

-- about traceroute --

Net Analyzer Pro can do traceroutes. But, most importantly, it has a toggle for the traceroute that lets you use UDP probing. UDP probing is the default when running traceroute on the Mac. I tested Net Analyzer Pro traceroute to your IP address. Without UDP on, I got the same result as Scany. With UDP on, I got the same result as I got on my Mac. If I were you, I would switch from Scany to Net Analyzer Pro for traceroutes, port scanning, and other stuff.
 
did you happen to look over these screenshots?

I only see one screenshot in your post. Everything looks completely normal. Here's what it tells me:

1 - Your Xfinity (aka Comcast) gateway is using a private address of 10.0.0.1 on your LAN. It's running a DHCP server that has given your phone's WiFi interface the private address of 10.0.0.219.

2 - The DHCP reply from the router told your phone that it would handle DNS requests. That's why the DNS #1 says 10.0.0.1.

3 - AT&T's DHCP server gave your phone the private address of 10.143.173.155 (the last time you acquired a cellular data connection). Unlike DHCP on a home network, where you tend to get the same IP address over and over again, I know that DHCP from my cellular provider gives me a new address every time I connect.

4 - You external IP address of 73.151.124.183 is a Comcast owned address. That means your routing table is causing your device to choose WiFi over Cellular when it sends traffic to the internet.

5 - Scany is showing a second DNS of 75.75.75.75. That's one of the standard Comcast public DNS servers. Did you set that up manually? I suppose the DHCP server could have given you two DNS servers and that was the second one, but then Scany is presenting things in a confusing way. I would just check in your phone's settings to see what you have set for DNS.

Just now I tested by connecting directly to my Comcast router. It gave me two IPv4 DNS servers: 75.75.75.75 and 75.75.76.76. It did not give me its own address as a DNS server. I don't see any way in the router's admin pages to configure that. When I connected to a different WiFi router, that router, using DHCP, gave me its own address as the DNS server. You seem to have a mix of the two approaches. I don't see why that would be a problem.
 
Is there any chance you have a bad SIM card? Is it a new one in your new phone? Is your cell coverage spotty at your place?

I only have cell coverage at my house when I'm upstairs. To avoid problems, I generally keep my phone in airplane mode when I'm at home. I use WiFi calling almost exclusively.

I've checked my phone's routing table when I have both WiFi and Cell data up. I get two default routes, one for each interface. I'm not actually sure which one gets priority. (I believe it's the WiFi one in my case, for a couple of reasons.) But I suppose, if you are having trouble with cellular, it could impact networking performance even if your WiFi is working perfectly.
This is awesome in fact to explain what I’m seeing and to help me so I can narrow the paths of data. You have no idea how this is all I’ve ever asked and the responses are just so insensitive

So the open ports concerns me because in my mind I don’t see any reason port 21 should be open unless I’m using File Explorer and I’m not.
 
I only see one screenshot in your post. Everything looks completely normal. Here's what it tells me:

1 - Your Xfinity (aka Comcast) gateway is using a private address of 10.0.0.1 on your LAN. It's running a DHCP server that has given your phone's WiFi interface the private address of 10.0.0.219.

2 - The DHCP reply from the router told your phone that it would handle DNS requests. That's why the DNS #1 says 10.0.0.1.

3 - AT&T's DHCP server gave your phone the private address of 10.143.173.155 (the last time you acquired a cellular data connection). Unlike DHCP on a home network, where you tend to get the same IP address over and over again, I know that DHCP from my cellular provider gives me a new address every time I connect.

4 - You external IP address of 73.151.124.183 is a Comcast owned address. That means your routing table is causing your device to choose WiFi over Cellular when it sends traffic to the internet.

5 - Scany is showing a second DNS of 75.75.75.75. That's one of the standard Comcast public DNS servers. Did you set that up manually? I suppose the DHCP server could have given you two DNS servers and that was the second one, but then Scany is presenting things in a confusing way. I would just check in your phone's settings to see what you have set for DNS.

Just now I tested by connecting directly to my Comcast router. It gave me two IPv4 DNS servers: 75.75.75.75 and 75.75.76.76. It did not give me its own address as a DNS server. I don't see any way in the router's admin pages to configure that. When I connected to a different WiFi router, that router, using DHCP, gave me its own address as the DNS server. You seem to have a mix of the two approaches. I don't see why that would be a problem.
My sincere apologies. It seems that parts log my posts have been removed and one posted without me approving it or
Hitting done. So let me try to read thru your last couple of posts since we moved on to Wi-Fi. As that post had an entire post before that and it sounded somewhat ditzy of me to move on without wrapping up the current topics. This is an example
Of the shenanigans I’m dealing with. They have taken over my keyboard at times and anything I typed look like Alphabet soup that has a stuttering problem. 🤬

Apologies again. If it seems that my responses stop making sense be forewarned that is what is happening and it is not me
 
My sincere apologies. It seems that parts log my posts have been removed and one posted without me approving it or
Hitting done. So let me try to read thru your last couple of posts since we moved on to Wi-Fi. As that post had an entire post before that and it sounded somewhat ditzy of me to move on without wrapping up the current topics. This is an example
Of the shenanigans I’m dealing with. They have taken over my keyboard at times and anything I typed look like Alphabet soup that has a stuttering problem. 🤬

Apologies again. If it seems that my responses stop making sense be forewarned that is what is happening and it is not me
It makes sense to move on to WiFi; so many more tools are available since you probably have a computer on the same network.

I just want to reach closure on two small things related to your cellular and the testing you've done related to it.

-- about open ports --

I did say you don't have to worry about open IPv4 ports since you're double NAT'd. However, your IPv6 address is a public address and reachable from the internet. If you're still worried about open ports, you could check that address. Unfortunately Scany doesn't seem to support IPv6. Net Analyzer Pro does and seems generally to be a much more powerful tool than Scany. But, I think the best way to probe your device is to do it from a different device; your Mac would be ideal since you could run nmap. whatismyip.com from you phone, when on cellular only only, would tell you your cellular IPv6 address. Then you could probe it from your Mac. I don't think this is a very important exercise, but I can assist if you want to try and want my help.

I did probe my phone's IPv6 address. It didn't respond to pings and all ports ignored incoming requests. However, nmap was able to detect my device was up and it correctly guessed that it was either a Mac or iPhone.

-- about traceroute --

Net Analyzer Pro can do traceroutes. But, most importantly, it has a toggle for the traceroute that lets you use UDP probing. UDP probing is the default when running traceroute on the Mac. I tested Net Analyzer Pro traceroute to your IP address. Without UDP on, I got the same result as Scany. With UDP on, I got the same result as I got on my Mac. If I were you, I would switch from Scany to Net Analyzer Pro for traceroutes, port scanning, and other stuff.
Can you explain double Nat’ed briefly or provide a link that explains?

I’m going to open the MacBook my older one and look up the couple of things you suggested. Because I did purchase an all new one around Xmas I did the initial setup etc. I left it on Wi-Fi and fell asleep one night and when I looked at it the following morning there were tell tale signs something wasn’t right. Since I had no data on it I just decided to reset to default. I input my AppleID and it required the two factor number sent to my phone but I never received it. Tried to get in 3 times but never would receive my two factor Apple ID number. I got extremely upset and didn’t touch the thing for a couple months. Until about two weeks ago except now my password I set up on the thing even with my hint is not working and I had written it down. Either I have major Gremlins or the universe just doesn’t want me to use my new laptop. And after spending $2k on the damn thing.

One of the general consensus is relating to an MDM being the culprit. My 2015 MacBook Pro was gifted to me when I left Elasticsearch and had in fact discovered an MDM. I contacted my previous employer and they claim to have removed it. But it still is acting as if they hadn’t. I cannot reset this MacBook. I’ve spent hundred on external hard drives to transfer or back up my data but every time it just freezes and so I’m unable to do so. I can see in my console
On the Mac that it’s talking to my phone even though they have different Apple ids assigned and all sharing options are turned off. My MacBook had been taken to Apple for diagnostic checks and they did in fact confirm an MDM.

I’ll turn on the MacBook and try to see what I can pull in the meantime here are some screenshots


One showing assigned DNS along with IPv6 pulled just directly from my device. Not any network tool.

Second being the list of Bonjour services active on my network. I understand the Spotify as this comes from my smart thermostat and I haven’t figure out
How to remove it. Why anyone would
Run Spotify from there thermostat is beyond me but it is and this brings some vulnerabilities. What I don’t know is what is “what’s up._tcp” And what is raop if AirPlay is configures
 

Attachments

  • IMG_0451.jpeg
    IMG_0451.jpeg
    256.2 KB · Views: 93
  • IMG_0453.jpeg
    IMG_0453.jpeg
    294.7 KB · Views: 85
  • IMG_0461.png
    IMG_0461.png
    86.5 KB · Views: 89
  • IMG_0464.png
    IMG_0464.png
    124.3 KB · Views: 87
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.