I have an Android tablet, specifically an Amazon Fire HD 10, and want to block it from contacting its over-the-air update servers.
Unfortunately, this blocking cannot be implemented in the tablet itself (was possible in Fire OS version 7.3.2.1, but no longer in 7.3.2.2), and so I want to use my OpenWrt router's firewall rules to block all connections to Amazon's update servers.
To do that, I first need to find out what the domain or IP address of those servers are.
So my plan is to give WiFi connection to the tablet in its out-of-the-box condition and use the tcpdump command to capture (trace) all connections to and from the tablet.
It seems to me the particular command to use would be:
tcpdump host 192.168.0.10
where 192.168.0.10 is the IP address of the tablet.
Once the command gives me the outside hosts contacted by the tablet, I would then set up firewall rules blocking connections to those hosts.
The question is: Is that the right tcpdump command?
Just to put the question in context, I am not a "computer person" at all and have often had the experience of having it turn out that what looked to me like the obviously right thing to do was completely wrong.
Please give the heads-up too if another part of the plan is plain crazy. For example:
I realize that the plan assumes that the tablet will never go to Internet except through my own router.
Some people say that the plan will fail once Amazon changes the update server's address. But here, I don't see how the table would know what the future (new) server addresses will be. (Short of Amazon's having loaded the OS with "future looking" server addresses, some of which are unused today but are gradually activated over the years. But why? Just to defeat someone like me?)
use br-lan probably... just try them all and see what happens... you cant break anything...
after you get the hang of it an know what you are looking for... you will probably want the -nn or whatever stops dns resolutions of addresses... but its probably handy to see names at this point...
With luci-app-wireshark-helper, I presume that installing it (per your instruct) will give me a new menu item in Luci and that, once I am there, it'd be all intuitive click and choose?
ip you are going to capture (maybe... this is easily done in wireshark with a small filter line... that's the hardest bit)
In the Wireshark app, set the filter to the monitored IP, for example if the IP of the device you want to sniff packets to/from is 10.2.3.111, then set the Wireshark filter to
(ip.src == 10.2.3.111) || (ip.dst == 10.2.3.111)
I am trying to catch the device while it goes, "Let's see any more update? Okay I guess not."
For now, I have already updated to the latest (and bad) 7.3.2.2 (when I didn't know what I was doing). I am trying not to update to the next (and potentially even worse) version.