This migration away from direct Web access in favor of dedicated smartphone apps has made for a richer user experience, but it also has made knowing exactly what is going on “under the hood” a lot harder.
Monitoring Android Traffic with Wireshark article from Linux Journal tells how you can use Wireshark to monitor data flow between the app running in smart phone and the cloud service. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. Wireshark is originally designed for monitoring TCP/P and Ethernet network traffic, but can be used to also monitor wireless networks and USB traffic.
Monitoring Android Traffic with Wireshark article shows how, with just a little bit of work, you can use Linux to transform almost any laptop into a secret-sharing wireless access point (WAP), connect your phone and view the data flowing to and from the phone with relative ease. All you really need is a laptop running Linux with one wireless and one Ethernet connection. You don’t need to mess around with your existing router (no need to change security settings) and doesn’t require rooting or installing anything unseemly on your phone.
This looks interesting and something I might need some day. I have used Wireshark very much (I have even written my own protocol dissectors to it using Lua), but I have not yet used it to monitor wireless traffic from Android phone.
84 Comments
Tomi Engdahl says:
https://github.com/cy-arduino/log2pcap
Tomi Engdahl says:
Perl script to convert a regular log file as syslog messages in a pcap file for wireshark
https://gist.github.com/mdeweerd/47ea977028259ee9a6b6fd8f2356c65d
Tomi Engdahl says:
https://github.com/tiebingzhang/txt2pcap
Tomi Engdahl says:
https://www.wireshark.org/docs/man-pages/text2pcap.html
Tomi Engdahl says:
https://tshark.dev/edit/text2pcap/#example-1-create-packets-from-scratch-with-text2pcap-dummy-headers
Tomi Engdahl says:
AI packet analyzer
https://lab.dynamite.ai/
https://blog.ipspace.net/2024/03/worth-reading-chatgpt-packet-buddy/
https://github.com/automateyournetwork/packet_buddy
https://www.packetsafari.com/aishark
Tomi Engdahl says:
Effortless PCAP File Analysis in Your Browser
Explore and analyze PCAP files online using A-Packets, designed to provide comprehensive insights into network protocols like IPv4/IPv6, HTTP, Telnet, FTP, DNS, SSDP, and WPA2. This tool allows users to easily view details of network communications and dissect layers of data transmission.
https://apackets.com/
Tomi Engdahl says:
https://linuxexplore.com/2010/05/30/remote-packet-capture-using-wireshark-tcpdump/
https://serverfault.com/questions/38626/how-can-i-read-pcap-files-in-a-friendly-format
Tomi Engdahl says:
https://apackets.com/pcaps
Tomi Engdahl says:
https://www.xda-developers.com/ways-use-port-mapping-on-your-home-network/
Tomi Engdahl says:
https://stackoverflow.com/questions/56458846/wireshark-data-as-ascii
Tomi Engdahl says:
Setting up custom column views within Wireshark.
https://www.youtube.com/watch?v=qamES2CmfSA
Tomi Engdahl says:
Wireshark | 01 | Introduction to Wireshark
https://www.youtube.com/watch?v=28PwBTWLliY&list=PLTS-Jel4E3gX2tNXyXVImwdW2NaV-dR6U
Tomi Engdahl says:
https://medium.com/@viewshola/analyzing-pcap-files-using-wireshark-73fc1bef3c05
Demystifying a PCAP File: The Comprehensive Guide
https://www.netwitness.com/blog/pcap-file-guide/
Tomi Engdahl says:
https://github.com/tinpotnick/packetpeek
Tomi Engdahl says:
https://github.com/caesar0301/awesome-pcaptools
Tomi Engdahl says:
https://github.com/arkime/arkime
https://www.youtube.com/watch?v=4KKET3oJ790
Tomi Engdahl says:
https://lab.dynamite.ai/pcaps
Tomi Engdahl says:
https://carlosmv.hashnode.dev/4-open-source-packet-analyzers-to-explore
Tomi Engdahl says:
https://github.com/tinpotnick/packetpeek
https://github.com/kunklejr/node-pcap-parser
Tomi Engdahl says:
https://stackoverflow.com/questions/45494453/read-pcap-gz-file-in-js
Tomi Engdahl says:
AI packet analysis
https://www.packetsafari.com/aishark
https://app.packetsafari.com/
https://www.b-yond.com/ai-pcap-analyzer
Tomi Engdahl says:
Troubleshooting Packets with AI
https://www.youtube.com/watch?v=kYSUy10Y5U8
Analyzing Packet Captures with AI
https://www.youtube.com/watch?v=ugrfLrL_j0Q
Tomi Engdahl says:
Analyzing DHCP and BGP packet captures with multi AI with Kubernetes
https://www.youtube.com/watch?v=Ft7C10mHB1U
Tomi Engdahl says:
https://www.crowdstrike.com/en-us/cybersecurity-101/next-gen-siem/log-file-formats/
Tomi Engdahl says:
https://graylog.org/post/log-formats-a-complete-guide/
Tomi Engdahl says:
https://www.varonis.com/blog/packet-capture
Tomi Engdahl says:
https://en.wikipedia.org/wiki/Common_Log_Format
Tomi Engdahl says:
https://discoveringsystems.com/how-to-use-chatgpt-to-get-wireshark-filters/
Tomi Engdahl says:
https://www.toolify.ai/gpts/g-VQAlpoZ9n
https://chatgpt.com/g/g-VQAlpoZ9n-wireshark-tcp-dump-analyzer/c/67b884eb-017c-8006-b7a8-aa935ccd5ae3
Convert the file to text (e.g., using tcpdump -r captureWithOnOff.pcap -n -tttt > capture.txt) and upload the text output for analysis.
Tomi Engdahl says:
https://www.tcpdump.org/pcap.html
Tomi Engdahl says:
https://github.com/markofu/pcaps/blob/master/PracticalPacketAnalysis/ppa-capture-files/telnet.pcap
Tomi Engdahl says:
https://web.archive.org/web/20160313101246/http://tech-diy.com/audio_bs.htm
Tomi Engdahl says:
How to Decrypt SSL with Wireshark – HTTPS Decryption Guide
If you’ve ever tried using Wireshark to monitor web traffic, you’ve probably run into a problem – a lot of it is encrypted transmissions. In fact, most sites are using SSL or Transport Layer Security (TLS) encryption to keep their users safe.
https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/