Bypassing hotspot restrictions for data

Many mobile carriers restrict personal hotspot usage, forcing users to upgrade to pricier plans just to share their internet connection. For example operators in Panama offer unlimited data (“Ilimitado”), but that does not include hotspot traffic.

How do they detect and block tethering / hotspot? One common method is checking the Time to Live (TTL) value in data packets originating from phone.

What is TTL and How Does It Reveal Tethering?

Every internet packet has a TTL value, which decreases by 1 each time it passes through a router. It’s like a counter and its primary goal is to avoid loops.

Example: Let’s say a device sets TTL in a packet to 2. The first router decreases it to 1, the next router decreases it to 0. A zero value means the packet should be dropped (just discarded and not forwarded further).

A typical mobile device sends packets with a TTL of 64, so when another device connects via hotspot, its packets arrive at the carrier’s network with a TTL of 63—a dead giveaway that they were routed. Why is it so? Your laptop has also a TTL of 64 by default. Your phone passes the packet through the hotspot, but decreases TTL to 63. Carriers detect this and can throttle or block tethering – or limit hotspot use data to say 1GB.

Why Changing TTL to 65 Works

By setting your computer or router’s TTL to 65, the packet arrives to the network with 64, making it indistinguishable from normal phone traffic. This simple tweak tricks the carrier’s network into thinking all traffic originates from your phone, effectively bypassing hotspot restrictions.

How to set it up on Linux

echo "65" > /proc/sys/net/ipv4/ip_default_ttl

Thanks to @wilderko.

It will not persist reboot.

How to set it up on MacOS

sudo sysctl -w net.inet.ip.ttl=65

This won’t persist reboots, in order to persist reboot, do this:

sudo nano /Library/LaunchDaemons/com.custom.ttl.plist

Paste the following:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>com.custom.ttl</string>
    
    <key>ProgramArguments</key>
    <array>
      <string>/usr/sbin/sysctl</string>
      <string>-w</string>
      <string>net.inet.ip.ttl=65</string>
    </array>
    
    <key>RunAtLoad</key>
    <true/>
    
    <key>KeepAlive</key>
    <false/>
  </dict>
</plist>

Press CTRL + X, then Y, then Enter.

Set permissions and load launch daemon:

sudo chmod 644 /Library/LaunchDaemons/com.custom.ttl.plist
sudo chown root:wheel /Library/LaunchDaemons/com.custom.ttl.plist
sudo launchctl load /Library/LaunchDaemons/com.custom.ttl.plist

You can see the current value with:

sysctl net.inet.ip.ttl

Alternative approach with SOCKS proxy

If you can’t set it on client machine (for example you don’t have root access), there is another option – you can run a SOCKS (or HTTP) proxy on your smartphone. This way your browser (or SSH client through socksify) connects to your phone and the phone creates a new connection (with TTL 64).

You can run Every Proxy on your Android (preferably GrapheneOS) phone. Then configure either your system or just a browser to go through the proxy. One advantage is that if you run a VPN on your phone, the connections will go through VPN (since they originate from the phone). This is not the case with Mobile Hotspot itself – even if you use VPN, connections from your laptop bypass the VPN connection.

Enjoy!