PCAPdroid is an open-source app that lets you monitor and export the network traffic of your device. The app simulates a VPN to achieve non-root capture but, contrary to a VPN, the traffic is processed locally into the device.
– Log and examine the connections made by user and system apps
– Extract the SNI, DNS query, HTTP request, HTTP URL, and the remote IP address
– Create rules to filter out the good traffic and easily spot anomalies
– Dump the traffic into a PCAP file, download it from a browser, or stream it to a remote receiver for real-time analysis (e.g. Wireshark)
– Use the app in combination with mitmproxy to decrypt HTTPS/TLS traffic (technical knowledge required)
– On rooted devices, capture the traffic while other VPN apps are running
PCAPdroid Paid features:
– Detect malicious connections by using third-party blacklists
If you plan to use PCAPdroid to perform packet analysis, please check out the specific section of the manual.
You can join the PCAPdroid community on telegram to discuss and receive updates on the latest features.