In this article, I will introduce you to 2 free Android packet sniffing apps for non-rooted devices. You can efficiently use these Android apps to capture packets from your Android device. One of the Android apps included in my list will even allow you to analyze network packets of your device right from within its interface. The other Android packet capturing app will capture packets from your device and store them in a PCAP file which you can export to Wireshark or any other PCAP analyzer. Both of these Android apps use VPNService of the Android OS and thus they don’t require any special root privileges for capturing network packets.
So let’s see these Android packet sniffing apps for non-rooted devices:
Packet Capture is a free Android packet sniffing app that requires no root privileges. The best part of this free Android packet sniffer is that you can view and analyze captured network packets right from within its interface. It uses VPN Service of Android to capture packets from your Android and therefore it doesn’t require any root permissions. It can also decrypt SSL traffic by using Man in the middle technique. It will capture packets from all running Android applications and you will be able to see them in Hex or text format. It is a good app for Android developers as they can use it to monitor traffic from their applications.
Let’s see the steps to capture packets on Android using this free Android packet sniffing app:
Step 1: Download it from the link provided above and then open it. If you want to use its SSL Decryption feature then you’ll be prompted to install the “Packet Capture CS” certificate. So, if you want to decrypt SSL traffic using this free Android packet capture app then you have to install this certificate, as shown in the screenshot below.
Step 2: Now, simply click on the Start button on the top of its main screen and then authorize this app as trusted one in order to begin the packet sniffing task.
Step 3: It stores the captured network packets right on its main screen and for each different capture session, it creates a different folder which follows the “Month-Day Hour-Minute-Seconds” naming convention. To view captured network packets, open a network session folder from its main screen. It will then display all network packets captured from your Android device, as shown in the first screenshot of this Android app. Most of the basic details of a packet are displayed within the list, like, its type, IP address, date and time, size, etc. You can further view network packet details by opening a particular packet from the list. It will then display the content of a packet (if any) as shown in the screenshot below.
Another best part of this free Android packet capture app is that it displays both the upstream and downstream packets (sent and received packets) and you can choose to export them either in separate text files or in the same text file. To save the packets stream, tap on its menu and then select “Save Upstream(<—)” or “Save Downstream(—>)” option to save only Upstream or Downstream packets in the TXT file. Select “Both” option to export upstream and downstream packets in the text file.
tPacketCapture is another free Android packet sniffing app for non-rooted devices. This Android packet sniffer app captures packets from your device and saves them in PCAP format. You can then export this PCAP file to Wireshark or any other packet sniffing software to analyze the network traffic of your Android device. It uses VPN Service provided by Android to capture data packets and thus it doesn’t require any root privileges.
After capturing my Android device traffic by tPacketCapture, I exported the PCAP file to a packet sniffer software for Windows called Network Miner to see what it exactly captures in the PCAP file. As I opened the PCAP file in Network Miner, it showed me communication process of different applications. I was also able to extract certificates from the captured PCAP file on Android, and different communication sessions of applications as well. I am adding a screenshot of the captured PCAP file viewed in Network Miner, just you give you an idea that it is quite a handy application to capture network traffic on Android.
In its paid version, it gives you the option to filter applications and just capture data packets from selected applications. Getting started with this free Android packet sniffer is really easy, download it from the link provided above. After that, start capturing data packets and it automatically stores them in a PCAP file. It displays the file storage path on its FILE LIST tab, as you can see in the screenshot above. It also gives you the option to export a PCAP file from its FILE LIST tab as well.
Let’s see how to capture Android device packets using this free Android packet sniffer:
Step 1: Click on the Capture button on its main screen to begin the data packets sniffing process. After that, you’ll see a dialog box which will ask you whether you trust this application or not. As I mentioned above that it uses VPNService of Android to capture data packets, so this Android app is totally secure and there are no external servers involved in capturing your Android device data packets. Feel free to select “I trust this application.” option and then click on the OK button.
Step 2: After that, it will start capturing packets from your Andriod device in PCAP file, as you can see in the screenshot below.
Step 3: To stop the packet capturing process, click on the VPN tPacketCapture notification and then click the Disconnect button, as shown in the screenshot below.
Now, you can share the captured PCAP file either directly from its FILE LIST tab. To share a PCAP file, tap on it for a long time and then it will give you the option to share to external Android applications.
In this article, I introduced you to 2 free Android packet sniffing apps for non-rooted devices. Both of these Android apps will allow you to capture network packets of your Android device and export them in text and PCAP files respectively. Personally, I think, both of these apps do a pretty good job in capturing packets but Packet Capture has an added advantage as it allows you to view network packets directly from its main interface. But, tPacketAnalyzer allows you to export the captured network traffic as PCAP file which you can use to reconstruct certificates, files, and other resources as I demonstrated in this article.