Monitoring or capturing Wi-Fi traffic on Android smartphones and tablets is possible. I’m not just talking about Wi-Fi stumblers or traffic usage apps, but full network sniffers that can capture and display the raw 802.11 network packets from the airwaves. Instead of having to run captures on your bulky laptop, you can walk around with your Android tablet or phone tucked away in your pocket.
ITworld/Eric Geier
Example of capturing wireless packets with Intercepter-NG.
These sniffers can be useful when performing advanced troubleshooting of wireless connectivity or performance issues. They can also aid in security auditing, penetration testing, and ethical hacking, or so you can better visualize and understand certain network vulnerabilities. Or you might just be curious of what the real data packets look like or exactly what devices and apps are sending and receiving.
Just about all the network sniffer apps will only work on rooted devices; if you haven’t unlocked your Android device yet, consider the free tPacketCapture app. It offers packet capturing without requiring root permissions by using the VPN Service of the Android OS. It is a very simple app that saves the packets in a PCAP file format that you can open in another app or transfer to a PC for viewing. The Pro version of tPacketCapture ($10.71) and adds application filtering so you can optionally capture only packets for a specific application.
Another app that does not require a rooted device is the free Wi-Fi PCAP Capture app from Kismet. However, it does have more specific device requirements and must be used with a specific type of external Wi-Fi adapter. This likely also requires a USB on-the-go (OTG) cable to convert from Micro-USB to the full USB Type A.
If you have a rooted Android device, there are many more apps to consider. Shark for Root and SniffDroid are two free simple sniffers, both requiring the export of a PCAP file in another app for viewing the packets, like the two previously mentioned apps.
ITworld/Eric Geier
Some sniffer apps provide a network or host scanner as pictured in this screen shot of Intercepter-NG.
ITworld/Eric Geier
WiFinspect is one of the few free sniffer apps that also provides vulnerability scanners.
For more bells and whistles, consider the free Intercepter-NG, WiFinspect, or Dr Network sniffer apps. Intercepter-NG also provides a network scanner to detect devices on a network and a cookie scanner to hijack account logins. WiFinspect also offers a network discovery function with port scanning, access point and other network vulnerability scanners, and basic network tools like Traceroute and Ping. Dr Network also offers the usual basic network tools, such as Ping, Netcfg, Netstat, Tcpdump, Ifconfig, ARP Cache, IP Routing Table, and IP Locator.
Two paid options you might consider for rooted devices are bitShark ($2.99) and Wi.cap. Network sniffer Pro ($15.00). Both only provide packet sniffing, but have much more user-friendly and practical GUIs than the free apps. They’re useful if you plan to view and analyze the packets on the actual Android device, though you can still export in the universal PCAP format for viewing on other devices and computers.
This story, "How to monitor Wi-Fi traffic on Android devices" was originally published by ITworld.