Internet Protocol Detail Records IPDR reveal a lot of secrets about WhatsApp, Telegram and other IP based Voice / Video Calling Services

What is IPDR / Internet Protocol Detail Records?

IPDR is a record of internet activity of an internet user, which is maintained by the ISP for purposes of billing and accounting, but it can also be used to track the internet usage of the user or subscriber. It is very useful for forensic investigation and tracking of suspects and can be helpful to Police or other investigating agencies.

Are my WhatsApp Voice Calls truly safe? Can the government tap into my WhatsApp Voice Calls?

Though the content of your WhatsApp calls are “End-to-End encrypted” and cannot be intercepted or tapped into, the fact of your calling someone can be determined by some educated guesswork by investigating agencies which use information like Call Detail Records and Internet Protocol Detail Records from both suspects’ cell phones to establish a link of possible communication between them. This information buttressed with circumstantial evidence can be a useful tool in the hands of investigating agencies to determine interaction and communication between suspects. Even if the actual content or information shared during the call or the text chat is not available, the fact of the call backed by some other facts can help determine a sequence of events surrounding an incident.

What does IPDR Contain?

IPDR logs contain many field which reveal alot about a user’s internet activity.

It includes fields like:

  • Calling Mobile Number
  • Called Mobile Number
  • Duration of Session
  • Start Time / End time of Session
  • Amount of Data Transferred in that session
  • Internal / External IP Address of user IPv4 or IPv6
  • Port Number of the user
  • Cell Tower ID / Location
  • Azimuth Angle of the User’s Device from the Cell Tower
  • Protocol Used
  • Service Used
 
Field Name Field Value
Record Type IPDR Message Record
Record Version 4
Time Interval 2022-03-09T10:00:00Z – 2022-03-09T10:05:00Z
Service Class ID 5
Service Category ID 3
Sender ID +123456789
Receiver ID +987654321
Message ID 1234567890
Message Type Text
Message Content Hello, how are you?
Message Timestamp 2022-03-09T10:02:00Z
Message Status Delivered
Bytes Sent 256
Bytes Received 512
Packets Sent 2
Packets Received 4

Under which law can the Police in India request for IPDR from the Service Provider?

Under section 91 and 92 of the Criminal Procedure Code, the police or Court can request the IPDR information from the service provider and get an officially certified copy of the same from the Nodal office of that ISP. 

91. Summons to produce document or other thing.—(1) Whenever any Court or any officer in charge of a police station considers that the production of any document or other thing is necessary or desirable for the purposes of any investigation, inquiry, trial or other proceeding under this Code by or before such Court or officer, such Court may issue a summons, or such officer a written order, to the person in whose possession or power such document or thing is believed to be, requiring him to attend
and produce it, or to produce it, at the time and place stated in the summons or  order.
(2) Any person required under this section merely to produce a document or other thing shall be deemed to have complied with the requisition if he causes such document or thing to be produced instead of attending personally to produce the same.
(3) Nothing in this section shall be deemed—
(a) to affect sections 123 and 124 of the Indian Evidence Act, 1872 (1 of 1872), or the Bankers’ Books Evidence Act, 1891 (13 of 1891), or
(b) to apply to a letter, postcard, telegram or other document or any parcel or thing in the custody of the postal or telegraph authority.

92. Procedure as to letters and telegrams.—(1) If any document, parcel or thing in the custody of a postal or telegraph authority is, in the opinion of the District Magistrate, Chief Judicial Magistrate, Court of Session or High Court wanted for the purpose of any investigation, inquiry, trial or other proceeding under this Code, such Magistrate or Court may require the postal or telegraph authority, as the case may be, to deliver the document, parcel or thing to such person as the Magistrate or Court directs.
(2) If any such document, parcel or thing is, in the opinion of any other Magistrate, whether Executive or Judicial, or of any Commissioner of Police or District Superintendent of Police, wanted for any such purpose, he may require the postal or telegraph authority, as the case may be, to cause search to be made for and to detain such document, parcel or thing pending the order of a District Magistrate, Chief Judicial Magistrate or Court under sub-section (1).

Which laws, rules or guidelines govern and protect IPDR in India?

For how long does a service provider or intermediary need to store the IPDR information?

As per the old Circular No. 820-01/98-LR /Vol. (VII) Part-II issued by the Department of Telecommunications on 13-4-2021, all ISP’s needed to maintain all commercial records/ Call Detail Record (CDR) / Exchange Detail Record (EDR) / IP Detail Record (IPDR) with regard to the communications exchanged on their network for at least one year for
scrutiny by the government for security reasons and may be destroyed thereafter unless directed otherwise by the government.

In December 2021, the DoT amended the earlier guidelines and as per Circular No. 20-271/2010 AS-I Vol. (III) issued by the Department of Telecommunications on 21-12-2021, all ISP’s now need to maintain all commercial records/ Call Detail Record (CDR) / Exchange Detail Record (EDR) / IP Detail Record (IPDR) with regard to the communications exchanged on their network for at least two years for
scrutiny by the government for security reasons and may be destroyed thereafter unless directed otherwise by the government.

As per law, what information does the IPDR in India need to contain?

As per the DoT letter dated 1-10-2013 bearing No. 820-01/98-LR/Vol. (IX) Pt. I, the IPDR needs to contain atleast this information:

  1. Name of user / organization
  2. Address
  3. Contact No.s
  4. Email address
  5. Landline / MSISDN / MDN / Leased circuit ID
  6. Internet access User ID
  7. IP Address assigned
  8. Static / Dynamic IP Address allocation details
  9. Source port in case of NATing
  10. IP Allocation Start Date / Time in IST format
  11. IP Allocation End Date / Time in IST format
  12. Source MAC Address / Device ID No. / Virtual MAC Address
Point 1 to 5 are available in the Customer Acquisition Form i.e. CAF
 

Common IP addresses / Port Number List for well-known services

Whatsapp:
TCP Ports: 4244, 5222, 5223, 5228,50318, 59234 & 5242
UDP Ports: 34784, 45395, 50318, 59234

Telegram:

This information is sourced from the Internet through Public and Private forums. This information may keep changing depending on the Service Provider / Intermediary.

How is IPDR Different from CDR?

Information which the IPDR contains but CDR does not contain

IPDR includes data about IP-based services: IPDR is designed to capture data from IP-based services such as internet browsing, email, chat, and VoIP (Voice over Internet Protocol) calls, whereas CDR is primarily used for traditional voice calls.

  • IPDR contains more detailed information about sessions: IPDR captures more detailed information about sessions than CDR. This includes the start and end times of each session, the amount of data transferred during the session, the protocol used, and more.
  • IPDR captures information about the type of device used: IPDR can capture information about the device used for the communication, such as the make and model of the phone or computer, and the type of browser or app used.
  • IPDR captures information about the location of the communication: IPDR can capture information about the location of the device at the time of the communication, including the GPS coordinates, IP address, and cell tower ID.
  • IPDR captures more granular data about communication patterns: IPDR can capture data about communication patterns between users, such as the frequency and duration of calls, and the types of services used.
  • IPDR captures more detailed billing information: IPDR captures more detailed billing information than CDR. This includes the amount of data transferred, the time and duration of the communication, and the type of service used.

Overall, IPDR provides more detailed information about IP-based services and can capture a wider range of data than CDR.

Information which CDR contains but IPDR does not contain:

CDR includes data about traditional voice calls: CDR is designed to capture data about traditional voice calls, such as the start and end times of the call, the duration of the call, the phone numbers of the parties involved, and the location of the call.
CDR captures information about call setup: CDR records information about the call setup process, including the phone number that initiated the call, the phone number that received the call, and the time it took to set up the call.
CDR captures information about call termination: CDR records information about the termination of the call, including the reason for the call termination, such as whether it was a missed call or a hang-up, and the duration of the call.
CDR captures more detailed information about call quality: CDR can capture more detailed information about the quality of a voice call, such as the signal strength, noise level, and call drops.
CDR captures information about roaming: CDR records information about roaming, including the location of the caller when they initiated the call, and the location of the caller’s home network.

Sample IPDR data

Record Version Record Type Timestamp Source IP Address Destination IP Address Protocol Source Port Destination Port Service Type Session Duration Bytes Transferred
1 10 N/A 2022-03-08T12:30:00Z 192.168.1.10 8.8.8.8 TCP 54321 80 Web Browsing 00:10:00 1000000
2 10 Start of Session 2022-03-08T13:00:00Z 192.168.2.20 10.0.0.2 UDP 12345 5000 VoIP 00:20:00 500000
3 10 N/A 2022-03-08T14:30:00Z 192.168.3.30 172.16.1.1 ICMP N/A N/A Network Monitoring 01:00:00 0
4 10 N/A 2022-03-08T15:45:00Z 192.168.4.40 8.8.4.4 TCP 80 443 Web Browsing (HTTPS) 00:05:00 50000
5 10 N/A 2022-03-08T16:00:00Z 192.168.5.50 10.1.1.1 TCP 8080 80      

Sample IPDR entry of a WhatsApp Voice Call

Note: This is just a sample IPDR table and the values provided are for illustrative purposes only. Actual IPDR data may vary depending on the specific service provider and the technology used for the communication.

Field Value
Call ID 123456789
Source Number +91 9876543210
Destination Number +1 1234567890
Call Start Time 2023-03-08 10:00:00
Call End Time 2023-03-08 10:05:00
Call Duration 00:05:00
Call Type Voice
Call Quality Good
Call Charges N/A
Call Location Mumbai, India
Connection Type Wi-Fi
Handset Manufacturer Samsung
Handset Model Galaxy S21 Ultra
OS Android
App Version WhatsApp v2.22.5
Bytes Sent 1,024,000
Bytes Received 2,048,000
Encryption Status Encrypted
Call Direction Outgoing

Sample IPDR Entry of a WhatsApp Voice Call

Field Name Value
Record Type IPDR
Protocol WhatsApp
Service Video Call
Call Start Time 2023-03-09 10:30:00.000 GMT+5:30
Call End Time 2023-03-09 10:32:00.000 GMT+5:30
Duration 2 minutes
Source IP 192.168.0.10
Source Port 57334
Destination IP 142.250.64.14
Destination Port 443
Bytes Sent 3,427 KB
Bytes Received 2,239 KB
Video Resolution 720p
Audio Codec Opus
Video Codec VP9
Frames Per Sec 30

 

Can the police hear my phone call recordings through the IPDR?

No. Just like Call Detail records (CDR) the IPDR only contains the meta data of your Internet activity. It does not store the actual content sent or received.

It does not have the audio recording of your call or the text messages that you have sent through services like WhatsApp, Telegram etc. but it has ancillary information about the call, which can reveal some facts about the nature of the call.

What are some of the limitations of IPDR information?

  • IPDR and CDR both do not store your actual call recordings or the audio from your call.
  • IPDR information has an element of guess work in determining who were the called and calling parties. Without external circumstantial evidence, IPDR maybe of little use.
  • IPDR analysis is heavily dependent on publicly available information of the Service Providers or intermediaries. Not all intermediaries or service providers have their IP Addresses and Port Numbers publicly listed. This is sourced from public domain information on the Internet which may not be verified.

Is there any way to prevent being tracked through IPDR?

Trusted VPN Services are one way of avoiding IPDR Tracking. Although the VPN Provider maybe keeping logs of the traffic passing through, it will make it more difficult for law enforcement agencies to track traffic going through a VPN tunnel.

List of Resources which reference IPDR in India

  • https://dot.gov.in/sites/default/files/Authentication and Maintenance.pdf?download=1
  • https://dot.gov.in/sites/default/files/Compliance%20of%20IPDR.pdf?download=1
  • https://dot.gov.in/sites/default/files/Revised%20IPDR%20fromat%2016-11-21.pdf?download=1
  • https://dot.gov.in/sites/default/files/Letter%20and%20CDoT%20Booklet%20for%20IPDR%20options.pdf?download=1
  • https://dot.gov.in/sites/default/files/DOT%20letter%20dated%2015-11-2022%20wrt%20Compliance%20of%20Revised%20IPDR%20format.pdf?download=1
  • https://dot.gov.in/sites/default/files/ILDAmendment_2.pdf?download=1
  • https://dot.gov.in/sites/default/files/21122021%20UL%20CDR%20two%20years.pdf
  • https://dot.gov.in/sites/default/files/Amendment%20in%20Internet%20Service%20Provider%20.pdf?download=1
  • https://dot.gov.in/sites/default/files/Amendment%20Commercial%20VSAT.pdf
  • https://dot.gov.in/sites/default/files/Letter%20dated%2019-09-2022%20for%20compliance%20latest%20by%2031-10-2022.pdf?download=1
  • https://dot.gov.in/sites/default/files/Amdmt.%20in%20VMS%20AT%20UMS%20dated%2027.01.2022.pdf

You may also like...

4 Responses

  1. Pooja devi says:

    Watsapp diya coll and video call

  2. Pooja devi says:

    WhatsApp voice call and video call

  3. Sagar says:

    its very easy to understand

  4. Amir says:

    good informations

Leave a Reply

Your email address will not be published. Required fields are marked *

error: The content on this website is (C) Lawgic.info. Ask for permission at info@lawgic.info !!