Capture Network Packets in Android?

Question

I am working on a project where I need to capture the incoming/outgoing packets and store them in a pcap file.

Android has provided VpnService for this purpose which was added in API Level 14. Although there seems to be a lot of questions regarding this on SO, surprisingly there are very less working examples of it. I tried using ToyVpn which is added in the samples but I was not able to make it work. Then i came upon this example.

VpnService Example

The example summarizes the capture in the following steps.

1. Create a TUN interface ( I am still not sure what TUN is but surfing on the internet says that it is emulation of Network Layer on the device).
2. Get the file Descriptor for incoming packets and outgoing packets through the TUN.
3. Forwards these packets to the actual server. ( Not sure what server here is? Every outgoing packet has a requestUrl, So does server here means delegate the request to the requestUrl server. Or does server mean that create your own server somewhere on AWS and redirect all the traffic there which in turn will redirect the traffic to the actual destination ).
4. Get the response from the server.
5. With the help of TUN, pass this response again to the intended component of the Application.

I created a TUN using the below code. I gave the address which were given in the above mentioned tutorial. Not sure, if there are the correct values. And how to decide this address.

 Builder builder = new Builder();
 ParcelFileDescriptor mInterface = builder.setSession("MyVPNService")
          .addAddress("192.168.0.1", 24)
          .addDnsServer("8.8.8.8")
          .addRoute("0.0.0.0", 0).establish();

Next I got the file descriptor, and opened the tunnel.

     FileInputStream in = new FileInputStream(
              mInterface.getFileDescriptor());
   DatagramChannel tunnel = DatagramChannel.open();
          // I have created a EC2 instance on AWS, and gave the ip Address and port of that server. Not sure if this is the correct method.

          tunnel.connect(new InetSocketAddress("54.254.187.207", 5000));
          //d. Protect this socket, so package send by it will not be feedback to the vpn service.
          protect(tunnel.socket());

Then applied a while loop for reading the packets.

 while (true) {

        BufferedReader reader  = new BufferedReader(new InputStreamReader(in));
        while(true){
          String line = reader.readLine();
          if(line ==null){
            break;
          }else{
            System.out.println("line is "+line);
          }
    // I am guessing that here after reading the packets, I need to forward them to the actual server. 

        }}

which was giving me the following output

02-21 19:12:26.074 16435-16778/awesomedroidapps.com.debugger I/System.out: line is E����@�'@��@������<��5��,��������������������graphfacebookcom������E����@�(@��
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is E����@0@��@����d�:�N����P�V�x�%0/�W�����
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��EP���
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is �%0.�%0/E����L�@��@�����Ɂ��5��8�[�����������������apploadingestcrittercismcom������E����@�:@��@�����d6�� �>�Wz� y�A�x�[����
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��T@�
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is y�1�y�7E����A�@��@��������5��-��-�����������������decidemixpanelcom������E������;@��@�F���d6��   �>�Wz�y�A�x������
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��]@���F����BA   �+��q�ϔ���Jb2_'�D�y�̯��[:�1)���PΠ�ѡ���h71�L�3�=~������(�����������������S�~'U������9d_���"�I�E����@0@��@�
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ���d�:�N����P�V�x�%0/�W������
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��^P���
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is �%0.�%0/E����=�@��@���������5��)l����������������t   appsflyercom������E����=�@��@������6��5��)�.����������������t   appsflyercom������E����@0@��@����d�:�N����P�V�x�%0/�W������
    02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ���P���

From the logs it is clear that I am able to capture the outgoing packets in the TUN. The above logs somewhere print hosts like facebook.com which makes me believe I am on the right track.

But what should I do next after this? How to forward data to the server? I believe there are less working examples. But can someone give me step by step procedure on how to achieve this thing?

Update: Upon further digging, I came to know that I need to create a server and forward the intercepted packets to the server. I created a server on my computer and was able to successfully forward intercepted packets to my server. But I am not sure how to get the actual destination ip and port from the received packet so that I can send them to the intended destination.

PS: I also went through JnetPcap library, but it seems that to capture the live packets, the phone needs to be rooted which is not the requirement of my application.

Answer 1

Pretty sure your best bet is to setup a proxy server and then use something like wireshark to monitor the traffic going to and from. I'm not an expert at this, but in the old days before switching routers were so cheap, it was very easy because all packets were broadcast to all computers on the same subnet. Maybe if you could get your hands on a hub/router that has the ability to disable switching you could use this method instead of a proxy.

These days most comm's is done using http and for that you have excellent tools like Charles (mac) and Fiddler (windows) which do exactly what you want except for http. They may at least be able to give you ideas on how to do the same thing with Wireshark