Opera Mobile routing traffic via China!

Anurag Bhatia
networking

Few months ago I moved away from Google Chrome to Opera Mobile on my Android device. Google Chrome is pretty loaded and overall slow.   Recently I noticed browsing was pretty slow. I noticed that “Off-Road mode” was enabled.  

I disabled it and performance was much better. I did heard of it in past and clearly it’s a proxy mode where packets between Opera instance running on cell phone and destination server are routed via an Opera server which uses some special compression technologies and helps in making browsing faster. Carrying with my obsession for looking at ASNs and IP address, I enabled it again and visited bgp.he.net and was surprised to see the result.

I saw this: bgp.he.net - Opera off road mode    

Clearly packets seem to be routing via Chinese network!!   Is that legitimate or did Chinese hijacked Opera’s IP space and announcing it to grab traffic and route via China for analysis? To find out, I setup tcpdump on my European server and visited my blog on cell phone essentially triggering request on server.

anurag@server7:~/test$ sudo tcpdump ‘src 123.103.8.49’ -w sample.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C301 packets captured
302 packets received by filter
0 packets dropped by kernel
anurag@server7:~/test$

Here’s what I see in packets (as analysed by wireshark) Wireshark output

I did noticed that only http content was requested. https ofcourse went via direct link and not proxy. So who owns 123.103.8.49 ? It appears to be with a Chinese provider. Is it Opera? Likely yes because prefix is not owned directly by Opera and hence it must be embedded in Opera code itself to use that Chinese proxy. If it was a prefix hijack it would have been Opera’s IP space being announced by China Net Center.   If performance anyhow better? Well, because of routing NO!

Anurags-MacBook-Pro:~ anurag$ mtr -wrc 10 123.103.8.49
HOST: Anurags-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev
1.|– 192.168.1.1 0.0% 10 1.9 2.5 1.7 7.2 1.7
2.|– 10.228.1.25 0.0% 10 69.0 104.3 34.3 492.9 137.3
3.|– 10.228.21.18 0.0% 10 79.0 99.3 38.8 426.8 116.0
4.|– 116.202.224.145 10.0% 10 132.7 112.6 41.4 362.6 100.8
5.|– 116.202.224.25 0.0% 10 58.3 123.0 40.7 443.4 137.1
6.|– 61.95.255.193 0.0% 10 59.7 141.4 36.9 558.5 157.1
7.|– 182.79.245.185 0.0% 10 211.4 217.5 134.6 503.4 111.9
8.|– vlan65.te13-2.br01.sin02.pccwbtn.net 0.0% 10 121.8 173.7 118.3 451.9 101.2
9.|– tenge0-2-0-1.br03.hkg15.pccwbtn.net 0.0% 10 183.5 205.1 161.1 396.9 68.6
10.|– ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
11.|– 202.97.61.37 0.0% 10 397.7 482.7 392.0 896.2 156.9
12.|– 202.97.53.225 0.0% 10 418.8 462.7 389.8 804.5 127.7
13.|– 202.97.53.145 30.0% 10 415.7 467.8 408.2 700.6 106.0
14.|– 220.181.177.74 80.0% 10 635.5 561.3 487.1 635.5 104.9
15.|– ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
16.|– ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
17.|– 203.212.0.69-bj-cnc 11.1% 9 318.7 314.6 271.2 467.5 63.6
18.|– 123.103.15.18-bj-cnc 11.1% 9 309.9 316.5 290.2 412.0 40.8
19.|– 123.103.8.49-bj-cnc 11.1% 9 284.8 298.8 272.6 357.3 27.1
Anurags-MacBook-Pro:~ anurag$

Have a fun weekend!