How to sniff local network traffic on an unrooted Android device

Google Play hosts a number of applications that focus on local network traffic sniffing for Android devices, but for the majority of them you would first need to root the device. I worked on a project where I needed a quick glance on what networking requests an Android application does in the background, so the easiest way was to setup a local sniffer on the device itself.

tPacketCapture is a free application developed by Japanese company Taosoftware and distributed through Google Play. Its main benefit is that it doesn’t require a rooted device, as it cleverly uses the built-in VpnService provided by the Android operating system. VpnService creates a virtual network interface and, by using this method, no root permissions are needed for packet capturing.

Do have in mind that this application can only record local traffic between your Android device and the connected network, so it isn’t a solution for passive sniffing of the entire network and its interconnected devices.

The service is easy to use and the packet capture output is saved into a PCAP file that you can easily analyze by using a network protocol analyzer application such as Wireshark.

If you want a general overview of the captured data, you can use the built in HTML viewer. For proper analysis, the PCAP file should be tapped and sent over e-mail to a device with the analyser software installed.

Earlier this year, Taosoftware released a pro version of this application which is sold in through the Google Play store for $10.27. The selling point here is that it provides application filtering opportunities, so you can use it for capture communications related to the specific application.

More about

Don't miss