search

emanuele-f / PCAPdroid

No-root network monitor, firewall and PCAP dumper for Android
https://emanuele-f.github.io/PCAPdroid
GNU General Public License v3.0
2.43k stars 286 forks source link

ICMP traffic not available #430

Closed All3xJ closed 6 months ago

All3xJ commented 6 months ago

Even if I ping from my computer to my Android and I also get the response, the pcap will not have ICMP packets. Is this because I am not rooted? If yes, I think it would be better if you write this in README.md

kevin0t commented 6 months ago

Yes , it is because you are not rooted. Pcapdroid in vpn mode relies on the vpnservice and does not directly capture packets from the network interface like in root mode.. The explanation given here and here might help you. Also the vpn service will only capture ingress connections and not egress connections. And yeah currently the docs could be improved to add specific details about the shortcomings of the VPN mode. You are also welcomed to contribute to the docs.

emanuele-f commented 6 months ago

Even if I ping from my computer to my Android and I also get the response, the pcap will not have ICMP packets

Ingress connections are not captured in non-root mode

Also the vpn service will only capture ingress connections and not egress connections.

Note: it will only capture egress connections

And yeah currently the docs could be improved to add specific details about the shortcomings of the VPN mode

Mmm I thought this was written somewhere but this was not the case. I've added it to the FAQ and traffic analysis sections of the user guide

https://github.com/emanuele-f/PCAPdroid/commit/f832711285a0477b2d4282e04e753adee743b0d0 https://github.com/emanuele-f/PCAPdroid/commit/beacf116ac4a8220ceaa3354465d189b031e7f45