One advantage of Android over iOS for those of us in the packet industry is the ability to access the network interfaces. The popular Kismet Android PCAP app lets you capture on a USB wireless adapter using an Android device. But did you know that you can also capture directly on Android’s wireless interface? Paired with Kismet’s CloudShark Uploader for Android and you can actually capture, upload, view, and analyze all from your mobile android device.
If you have a “rooted” Android device, you can actually use tcpdump by copying the program to your device and using a terminal emulator. Alternatively, we came across this really cool app from Tao Software that actually lets you perform packet captures on your device’s wireless and mobile interfaces.
We tried this out here on our Samsung Galaxy S4. tPacketCapture performs this functionality by using the VPNService provided by Android OS, so it will ask you for permission before it starts. When you are doing capturing, just disconnect the VPN it creates. The file will then be available in the file list in tPacketCapture. If you have the CloudShark Uploader installed, you can upload to a CloudShark Appliance using the “share” function by tapping and holding the file in the file list:
- Select the file in tPacketCapture.
- Share it with the CloudShark Uploader.
- View it in your browser.