Packet capture is a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network .

Once a packet is captured, it is stored temporarily so that it can be analyzed. The packet is inspected to help diagnose and solve network problems and determine whether network security policies are being followed.

In simple terms we can say that it is a way of watching the data which is being transmitted from one computer to another computer , one cellphone to another cellphone when you are connected to internet. When you use internet on a computer or smartphone to access websites or apps , there is an exchange of data between your computer and the website.

Let's take a simple example , suppose you are signing up on an android app, when you submit your details such as email, name and passwords , this data will be sent to the server over a network connection where your data will be saved temporarily or permanently. This data is either will be sent in a plain text or in an encrypted way. If it is being sent in plain text then there are chances that a hacker might get access to your personal information . It depends on how secure your network is. People who uses public WiFi network are more prone to such incidents.


Why you need it ?

Do you know that most of the users who downloads apps from play store or any third party website don't care about the permissions which is being used by an app.

When you install a simple app for editing a photo , it usually needs the permission of android Storage (Internal and external SDcard) to get access to images in gallery for editing them .

What if it needs internet permission , accessing call logs, contacts etc ? now there are two possibilities
1- Internet permission is being used for showing ads.
2- If your app is adfree but it still need internet permission then there are chances that it is collecting some data related to app usage. Like what section of an app you access oftenly .

Most of the users not going to care about these two things . But you should also know that these permissions can easily be misused by any app developer. Android users who give priority to privacy , they are aware of such small things . They will always find an alternative app for their use instead of using an app with vague permissions which threat their privacy and personal data.

But there is no need to worry because by monitoring your network traffic you can find the about the apps which maybe sending your personal data without your consent.


How To Capture Network Traffic Of An Android App ?

This article is written by keeping in mind that an average android can do these things easily on his own . We are going to use an android app called Packet Capture.

Its a simple app that can intercept the data which is being sent by all android apps when you use your Internet connection. This app works without root .

Packet capture also works for apps which uses https protocol for transmission of data . You need to install an SSL certificate for this. Its totally safe to use this app.

I am not going too deep about its feature . Its a pretty simple app with easy setup .

Screenshots


How to start capturing traffic ?

  • First of all install Packet Capture For android From Play Store.
  • Open the App , you will be see option to install SSL certificate , you can skip if you don't want to install. I recommend it to install because you will get more information about the network traffic of an app using this.
  • You need lockscreen pin or pattern to be enabled before you install ssl certificate . If you already have a pin or pattern lock then it will ask for pin or pattern , its necessary for installing SSL certificate.
  • Now when you are ready start capturing traffic by clicking on start button given on top right corner. The app will ask to setup a VPN connection , so click on OK.
  • Capturing will start , and you will see apps names , just click on app name to see the data its been sending and receiving .


There are some features missing in app . We can't monitor traffic of perticular app . App will display data of all apps which are using internet . some data which is encrypted using keys can not be decrypted. So you will find some redundant data which you can not understand. So just skip it.


How to get rid of PIN number
If you want to get rid of entering PIN number on a lock screen after Packet Capture is uninstalled, it is needed to clear credential storage.
Go to OS Setting->Security->Clear credentials.