PCAP Remote

Today I’m releasing an initial version of my Android app called PCAP Remote. The app is a non-root network sniffer that allows you to debug and analyze traffic in Wireshark on the fly using the app’s built-in SSH server, which is useful and often a must when developing Android software solutions that use complex/custom network protocols.

Although the app is primarily designed to be used in conjunction with Wireshark, other similar tools can also be used as packets are captured in the commonly used pcapng format.

Let me know if you have any ideas/issues.
email: egorovandreyrm@gmail.com

Download from Play
Tutorial

Join the Conversation

3 Comments

  1. I’m trying to use PCAP remote to debug my app which uses SIP over TLS (not HTTP). I’ve set up PCAP Remote as instructed, including installing the certificate and adding the network security override to the application manifest. When running PCAP Remote, I get the pcap to Wireshar, there are no errors (either in the “SSL Errors” tab or in the wireshark packet view) but I can’t see decrypted traffic: the TLS packets are not showing anything other than “encrypted application data” and if I use “Follow TLS stream” then I get an empty view with 0 bytes in the stream. If I capture from the server (having a copy of the server private key), the TLS traffic decodes just fine.

    Can you please help me troubleshoot this issue? Here is a small capture of my app starting and using a SIP “REGISTER” sequence with the server, which – as I understand should include the required decryption secrets: http://code.geek.co.il/pcap/myapp.pcap

    Thanks in advance!

  2. Thank you for the bug report. I think I’ve found a bug on my side. I will let you know as soon as it is fixed.

Leave a comment

Your email address will not be published. Required fields are marked *