This migration away from direct Web access in favor of dedicated smartphone apps has made for a richer user experience, but it also has made knowing exactly what is going on “under the hood” a lot harder.
Monitoring Android Traffic with Wireshark article from Linux Journal tells how you can use Wireshark to monitor data flow between the app running in smart phone and the cloud service. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. Wireshark is originally designed for monitoring TCP/P and Ethernet network traffic, but can be used to also monitor wireless networks and USB traffic.
Monitoring Android Traffic with Wireshark article shows how, with just a little bit of work, you can use Linux to transform almost any laptop into a secret-sharing wireless access point (WAP), connect your phone and view the data flowing to and from the phone with relative ease. All you really need is a laptop running Linux with one wireless and one Ethernet connection. You don’t need to mess around with your existing router (no need to change security settings) and doesn’t require rooting or installing anything unseemly on your phone.
This looks interesting and something I might need some day. I have used Wireshark very much (I have even written my own protocol dissectors to it using Lua), but I have not yet used it to monitor wireless traffic from Android phone.
110 Comments
url says:
It’s going to be end of mine day, except before ending
I am reading this fantastic post to improve my experience.
Tomi Engdahl says:
Google Gemini can read pcap files
Tomi Engdahl says:
https://wiki.wireshark.org/samplecaptures#iec-61850-9-2
Tomi Engdahl says:
https://wireview.github.io/
This is in browser wireshark like pcap file analyzer
Implemented with WASM
Tomi Engdahl says:
Publicly available PCAP files
This is a list of public packet capture (PCAP) repositories, which are freely available on the Internet.
https://www.netresec.com/?page=PcapFiles
Tomi Engdahl says:
https://www.gradenegger.eu/en/inspect-https-ssl-traffic-with-wireshark/
Tomi Engdahl says:
Decrypting TLS traffic in Wireshark
https://www.youtube.com/watch?v=bSt6E48mGuc
HTTPS Decryption with Wireshark // Website TLS Decryption
https://www.youtube.com/watch?v=GMNOT1aZmD8
Tomi Engdahl says:
Wireshark – Decrypting HTTPS (HTTP over TLS) Traffic for Analysis or Packet Captures (PCAP)
https://www.youtube.com/watch?v=tKBbYK0KVXI
Decrypting HTTPS Traffic With Wireshark
https://www.youtube.com/watch?v=a9eVf2uleaA
Tomi Engdahl says:
How to DECRYPT HTTPS Traffic with Wireshark
https://www.youtube.com/watch?v=5qecyZHL-GU
Tomi Engdahl says:
TLS Handshake Deep Dive and decryption with Wireshark
https://www.youtube.com/watch?v=25_ftpJ-2ME
Warning! We go deep in this video to explain how the TLS handshake is completed. Warning! This is a technical deep dive and covers a lot of detail including SSL decryption and discusses RSA, Public and Private Keys, symmetric key exchange and lots more.