I'm considering the possibility of using the new android (4.0) VpnService interface to implement simple packet capture and analysis. Does anyone know if it's possible to take the packets you receive in a VpnService implementation and simply write them out to the active/default network device? To receive data, I'd have to be able to read from the network device as well, of course. If it is possible, what APIs can be used to write to the network device(s)?
tPacketCapture creates a second socket to the remote machine to forward the packets. I have looked at tPacketCapture
using adb shell netstat
:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.126:49828 97.74.42.79:80 ESTABLISHED
tcp6 0 0 ::ffff:127.0.0.1:5000 :::* LISTEN
tcp6 0 522 ::ffff:10.8.0.1:50294 ::ffff:97.74.42.79:80 ESTABLISHED
tcp6 0 0 ::ffff:192.168.1.126:34210 ::ffff:74.125.141.188:5228 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.126:43379 ::ffff:74.125.224.174:80 CLOSE_WAIT
tcp6 0 1 ::ffff:192.168.1.126:60217 ::ffff:74.125.239.14:443 CLOSE_WAIT
Note 97.74.42.79:80 twice.
Guess I'll have to do the same unless someone has a better idea.
I have worked with the VPN API. You have a tun device where you can specify the routes. But after having read you need to take care of the packets yourself. Usually that means handing them over to the VPN Server. The Android SDK provides a simple ToyVPNServer Example.
But a simple pcap like interface is difficult (if even possible) to implement without implementing VPN too.
You could parse the TCP/UDP header create an own socket with the same src/dest port/ip, use protect() on this socket so it not routed over tun0. Since tPacketCapture only supports udp/tcp and not icmp they might use this approach.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With