Wireless Access

last person joined: 3 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Samsung Captive Portal Detection

Jump to Best Answer
  • 1.  Samsung Captive Portal Detection

    Posted Mar 20, 2018 01:02 AM

    Hi, first of all sorry if I posted this in the wrong forum. I was just wondering how samsung detects captive portals? We have a media server with a captive portal without internet and all phones and laptops aside from samsung phones get a portal popup. On samsung, it outright says internet may not be available and does not give the user the captive portal. Does samsung ping an IP to decide about the availability of the internet? If so what IP or host is this? Because then maybe we can have a workaround on our server so that samsung phones wont detect our SSID as not having internet and direct users to the captive portal. We are doing this on an instant AP btw but i dont think it matters



  • 2.  RE: Samsung Captive Portal Detection

    Posted Mar 20, 2018 10:36 PM

    May want to capture the packets from the client perspective to identify what the Samsung device is trying to communicate with to determine it has Internet access.

     

    Another way, is from the IAP, run the following command "show datapath session" when the client connects. Look at the entries for the IP of the client to see what's being denied and add to a whitelist for the Guest.



  • 3.  RE: Samsung Captive Portal Detection

    Posted Mar 21, 2018 04:46 AM
    Thanks for the suggestion mnarine. I ran show datapath session on the IAP and I saw amazonaws IP's. So samsung phones might be relying on this to determine internet connectivity. Now I am stuck on how to trick these phones of thinking that they can reach amazonaws specially since amazonaws has a ton of IP's and each phone I tested sent requests to different amazonaws IP's. Our media server is running on an ubuntu machine, might have to go to a linux forum now for more answers :)


  • 4.  RE: Samsung Captive Portal Detection
    Best Answer

    Posted Mar 21, 2018 10:22 AM

    from my S6 with Android 7, non rooted, it will try to reach the following

    http://connectivitycheck.gstatic.com/generate_204

    and it expects to get an empty but valid 204 response, e.g.

     

    root@kali:~# curl --verbose http://connectivitycheck.gstatic.com/generate_204
    *   Trying 172.217.27.99...
    * Connected to connectivitycheck.gstatic.com (172.217.27.99) port 80 (#0)
    > GET /generate_204 HTTP/1.1
    > Host: connectivitycheck.gstatic.com
    > User-Agent: curl/7.56.1
    > Accept: */*
    > 
    < HTTP/1.1 204 No Content
    < Content-Length: 0
    < Date: Wed, 21 Mar 2018 14:06:19 GMT
    < 
    * Connection #0 to host connectivitycheck.gstatic.com left intact
    root@kali:~# 

    but if there is a captive portal in the middle it will receive some sort of 200/OK instead. In the case of aruba, that would look like the below  - the important thing is that its not an empty 204 response, which is how it knows to pop up the mini browser thing

     

     

     

    HTTP/1.1 200 Ok 
    Date: Wed, 21 Mar 2018 14:01:23 GMT 
    Server: Apache 
    X-Frame-Options: SAMEORIGIN 
    X-UA-Compatible: IE=edge;IE=11;IE=10;IE=9 
    Expires: 0 
    Content-Length: 168 
    Connection: close 
    Content-Type: text/html 
    <html>
    <head>
    <meta http-equiv='refresh' content='1; url=http://connectivitycheck.gstatic.com/generate_204&arubalp=68a501fb-e8af-4f54-bce2-73a1dc7577'>
    </head>
    </html>

    [edit: I just saw you're on IAP, I don't know if IAP can do this, the below would be true for a controller, leaving it here for completeness]

     

    if you wanted to do something with this, create a named netdestination and acl to use it as you see fit (the IP to name will be filled by dns snooping)

     

    netdestination connectivitycheck
       name connectivitycheck.gstatic.com
    !
    
    ip access-list session android_cp_thing
       user  alias  connectivitycheck svc-http  <whatever>
    user alias connectivitycheck svc-https <whatever> !

    hth

     

     

     



  • 5.  RE: Samsung Captive Portal Detection

    Posted Mar 22, 2018 04:11 AM
    Hi dugem2016,

    Thanks for your reply, if that's the case, that the phone is waiting for a response like a 204/200 then it might not be possible for us to trigger the portal using a vlan with no internet for the SSID. Out of curiosity how were you able to obtain those logs? That will definitely come in handy in the future.


  • 6.  RE: Samsung Captive Portal Detection

    Posted Mar 22, 2018 04:18 AM

     

    hi Dejavu989 

    I think if there is no internet available you will get other complaints about limited connectivity and the like.

     

    The logs for the aruba captive portal were made with the "packet-capture datapath" command, the steps were roughly

     

    1. create a quick default captive portal (aaa profile, vap and ssid)

    2. set the destination "packet-capture destination local-filesystem"

    3. start the capture "packet-capture datapath <mac of client> all"

    4. connect the client, let it do its thing

    5. stop the capture (not necessary to do) using no <command in 2. above>

    6. move the capture to flash using "packet-capture copy-to-flash datapath-pcap"

    7.  extract the flash: datapath-pcap.tar.gz file to my laptop and open it in wireshark

     

     



  • 7.  RE: Samsung Captive Portal Detection

    Posted Mar 22, 2018 04:45 AM
    Thanks for the procedure dugem2016

    Yeah but its what the phone says when it connects to an ssid without internet with a portal, really weird. On the other hand when the ssid has internet portal popup works fine. This is a problem for us since our ssid is simply used for a media server to share content, which basically means that samsung users will have to force the portal on the browser instead of it popping up normally like what iphones and other android devices do even for ssid's without internet. I guess this is the end of this, thanks everyone for helping


  • 8.  RE: Samsung Captive Portal Detection

    Posted Apr 09, 2020 08:12 PM

    Hi there!

    I've been messing around with captive portals and mobile devices and I have experienced the same issues as you guys. By doing some research and lots of hours, I found out that  after they try to get the generate_204, Samsung devices send a request to the port 5094 of an ip. When I nmaped this port of this ip, I found out that it's a sentinel-lm service, which it's a kind of license service. I suppose Samsung checks for the generate_204 file and, if it's not available, it checks for this kind of license maybe to know if there is actual connection behind the captive portal or it's just an off line fake access point.

    Anyway, this post helped me so much when I was starting with this thing of captive portals and I didn't understand anything so I wanted to give back what I found. Good luck!



  • 9.  RE: Samsung Captive Portal Detection

    Posted Dec 26, 2018 01:18 AM

    HI dugem2016

    Do you know the version of Android 7 or higher?

    It doesn't seem to work in the Android 8 version.

    Http://connectivitycheck.gstatic.com/generate_204



  • 10.  RE: Samsung Captive Portal Detection

    Posted Jan 03, 2019 12:56 AM

    hi ken.jhuang

    What doesnt work specifically ? You can follow the steps outlined in the post above to make a "packet-capture datapath' of the user and inspect it in wireshark (or post the pcap file here for others to assist).