Help in termux about termshark HOT 6 OPEN

Hi @Reaperv2 - as far as I'm aware, termshark on Android can't capture packets yet without some sort of root access e.g. via a rooted ROM. Someone did suggest wrapping termshark in something that implements the Android VpnService API to provide access to packets at the network layer. I find that intriguing and would like to investigate, given the time, but I've done no work on it so far :-/

from termshark.

Hi @Reaperv2 - I found a way to do what you want. It involves a couple of extra steps, but they aren't onerous, and no root is required. I'll post instructions soon!

from termshark.

Hi @Reaperv2 - here's a video to illustrate how to capture packets on Android without root:

https://drive.google.com/file/d/1LpMMfTH0bwHc8dngkEHwGCjKcLZHEMi3/view?usp=sharing

I used https://github.com/emanuele-f/PCAPdroid which you can find on Google Play or F-Droid. I hope this method works for you. The downsides I can see are that you can't see the packets as they come in, as you would with termshark -i eth0, and you can't filter them live. PCAPdroid offers a UDP-based capture interface too - maybe I can find a way to have termshark make use of that directly.

Once you have the pcap open in termshark, you can type "tcp" into the display filter and hit enter to see only tcp packets.

from termshark.

Hi again @Reaperv2 - I found a better way that works as a live capture using the UDP exporter feature of PCAPdroid. I'll post updated instructions.

from termshark.

Hi @Reaperv2 - here is a new video showing how to do a live capture on Android:

https://drive.google.com/file/d/18xbFEKMwH4GwKUtJIlAsfc-NAKV3cJXj/view?usp=sharing

Hope that helps, and feel free to update this issue if any of the steps don't work for you.

from termshark.

You can use PCAPDROID
https://play.google.com/store/apps/details?id=com.emanuelef.remote_capture
https://github.com/emanuele-f/PCAPdroid to capture without root.

from termshark.