Comments (6)
No, I have not evaluated the HTTP server dump mode because I didn't notice it could be used for real-time monitoring as well. Thanks for pointing this option out. I'm sure it will work for the case described.
from pcapdroid.
Why would you bind the PCAPdroid udp sender to a specific interface?
from pcapdroid.
Why would you bind the PCAPdroid udp sender to a specific interface?
Because in the scenario mentioned the local UDP collector (accessible through Wi-Fi) has no chance to get traffic from the udp sender, most probably it goes to the mobile network (the Android API Reference says: "DatagramSocket () Constructs a datagram socket and binds it to any available port on the local host machine. The socket will be bound to the wildcard address, an IP address chosen by the kernel.").
from pcapdroid.
This does not make much sense, for outbound UDP datagrams, standard route logic should apply, so if the receiver on the wifi is reachable by your device, then it should be able to receive the datagram.
Have you verified that this mWifiNet.bindSocket
solves the issue for you? Can you share your full code?
from pcapdroid.
Ok, let me clarify using the following detailed example:
- The phone (Android 9, no root) is connected to LAN over Wi-Fi (IP:192.168.1.224, i/f wlan0), the Wi-Fi router (192.168.1.1) completely restricts access to Internet for it. The phone has also mobile data connection (LTE, IP: 10.147.215.220, i/f seth_lte0).
- The UDP collector is running on a local server (192.168.1.34).
Without the proposed feature the UDP sender can't "reach" the UDP collector because traffic gets routed to seth_lte0. Here is the log from the phone:
P963F30P:/ $ ip route get 192.168.1.34
192.168.1.34 dev seth_lte0 table 1007 src 10.147.215.220 uid 2000
cache
P963F30P:/ $ ip rule
0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup 99
10500: from all iif lo oif dummy0 uidrange 0-0 lookup 1002
10500: from all iif lo oif seth_lte0 uidrange 0-0 lookup 1007
10500: from all iif lo oif wlan0 uidrange 0-0 lookup 1029
13000: from all fwmark 0x10063/0x1ffff iif lo lookup 97
13000: from all fwmark 0x10072/0x1ffff iif lo lookup 1007
13000: from all fwmark 0x10077/0x1ffff iif lo lookup 1029
14000: from all iif lo oif dummy0 lookup 1002
14000: from all iif lo oif seth_lte0 lookup 1007
14000: from all iif lo oif wlan0 lookup 1029
15000: from all fwmark 0x0/0x10000 lookup 99
16000: from all fwmark 0x0/0x10000 lookup 98
17000: from all fwmark 0x0/0x10000 lookup 97
19000: from all fwmark 0x72/0x1ffff iif lo lookup 1007
19000: from all fwmark 0x77/0x1ffff iif lo lookup 1029
22000: from all fwmark 0x0/0xffff iif lo lookup 1007
32000: from all unreachable
P963F30P:/ $ ip route show table main
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.224
P963F30P:/ $ ip route show table local
local 10.147.215.220 dev seth_lte0 proto kernel scope host src 10.147.215.220
broadcast 10.147.215.220 dev seth_lte0 proto kernel scope link src 10.147.215.220
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan0 proto kernel scope link src 192.168.1.224
local 192.168.1.224 dev wlan0 proto kernel scope host src 192.168.1.224
broadcast 192.168.1.255 dev wlan0 proto kernel scope link src 192.168.1.224
P963F30P:/ $ ip route show table all
default via 192.168.1.1 dev wlan0 table 1029 proto static
192.168.1.0/24 dev wlan0 table 1029 proto static scope link
default dev dummy0 table 1002 proto static scope link
default dev seth_lte0 table 1007 proto static scope link
10.147.215.220 dev seth_lte0 table 1007 proto static scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.224
local 10.147.215.220 dev seth_lte0 table local proto kernel scope host src 10.147.215.220
broadcast 10.147.215.220 dev seth_lte0 table local proto kernel scope link src 10.147.215.220
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan0 table local proto kernel scope link src 192.168.1.224
local 192.168.1.224 dev wlan0 table local proto kernel scope host src 192.168.1.224
broadcast 192.168.1.255 dev wlan0 table local proto kernel scope link src 192.168.1.224
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
fe80::/64 dev wlan0 table 1029 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 table 1029 proto static metric 1024 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
fe80::/64 dev dummy0 table 1002 proto kernel metric 256 pref medium
default dev dummy0 table 1002 proto static metric 1024 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
fe80::/64 dev seth_lte0 table 1007 proto kernel metric 256 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
local ::1 dev lo table local proto unspec metric 0 pref medium
local fe80::3b62:652d:5201:5c9d dev lo table local proto unspec metric 0 pref medium
local fe80::805d:15ff:fe94:3589 dev lo table local proto unspec metric 0 pref medium
local fe80::b61c:30ff:fe08:1ce1 dev lo table local proto unspec metric 0 pref medium
ff00::/8 dev dummy0 table local metric 256 pref medium
ff00::/8 dev seth_lte0 table local metric 256 pref medium
ff00::/8 dev wlan0 table local metric 256 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
A similar Android issue is described here https://www.reddit.com/r/HomeNetworking/comments/r0sruo/android_ignores_routing_table_uses_phone_data/
When it comes to the changes I made to solve my issue, they are rather a hack than a proper implementation of the feature, but please have a look
udp-sender-bind-diff.txt
from pcapdroid.
Ok, this behavior is described in https://android-developers.googleblog.com/2016/07/connecting-your-app-to-wi-fi-device.html , so routes will not be inserted if it has no internet. A network selection combobox could be added to the UI to specify on which network to call bindSocket.
However, have you evaluated using the HTTP server dump mode instead? Maybe it will work without the need to bind the socket, as it's inbound. UDP mode is not ideal if you want a reliable capture, as it will likely drop packets at some point (see https://emanuele-f.github.io/PCAPdroid/dump_modes#24-udp-exporter). Even if you use an ethernet adapter, you may still experience drops, as UDP is not reliable.
from pcapdroid.
Related Issues (20)
- Is that possible to use real-time capture by default? HOT 2
- Activity Monitor HOT 7
- Pvapdroid
- no network connection in specific app when using PCAPDroid HOT 12
- Log: [AppsResolver] Could not retrieve package HOT 1
- Filtering by Prepared Hosts HOT 1
- sslkeylogfile.txt produces "Duplicated entry" warnings in scapy, fails to decrypt traffic HOT 2
- PCAPdroid Trailer not work,lua plugin is loaded normally HOT 8
- Feature request: Geo location block
- ICMP traffic not available HOT 2
- App crashes on Android permissions reset
- Start on boot doesn't seem to work HOT 3
- High cpu usage when use it through root mode, and libcapd.so process doesn't be killed HOT 6
- Implement PCAPdroid trailer equivalent in pcapng
- Garbage characters in PCAPdtoid trailer app name HOT 6
- Save mitmproxy capture HOT 1
- I want to thank those for being patient with me. I didn't know anything about the internet until I got hacked. I have a big problem with reading much more than 2 sentences and I loose focus and skip a quarter page.
- Add network interface information HOT 1
- Mention the Blacklist source when Malware connection is detected and other disclosures HOT 3
- Improve connections error reporting
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pcapdroid.