Possible to use VpnService implementation to capture and send packets?

Question

I\'m considering the possibility of using the new android (4.0) VpnService interface to implement simple packet capture and analysis. Does anyone know if it\'s possible to t

Answer 1

I have worked with the VPN API. You have a tun device where you can specify the routes. But after having read you need to take care of the packets yourself. Usually that means handing them over to the VPN Server. The Android SDK provides a simple ToyVPNServer Example.

But a simple pcap like interface is difficult (if even possible) to implement without implementing VPN too.

You could parse the TCP/UDP header create an own socket with the same src/dest port/ip, use protect() on this socket so it not routed over tun0. Since tPacketCapture only supports udp/tcp and not icmp they might use this approach.

Answer 2

tPacketCapture creates a second socket to the remote machine to forward the packets. I have looked at tPacketCapture using adb shell netstat:

Proto Recv-Q Send-Q Local Address              Foreign Address            State 
tcp        0      0 192.168.1.126:49828        97.74.42.79:80             ESTABLISHED
tcp6       0      0 ::ffff:127.0.0.1:5000      :::*                       LISTEN
tcp6       0    522 ::ffff:10.8.0.1:50294      ::ffff:97.74.42.79:80      ESTABLISHED
tcp6       0      0 ::ffff:192.168.1.126:34210 ::ffff:74.125.141.188:5228 ESTABLISHED
tcp6       0      1 ::ffff:192.168.1.126:43379 ::ffff:74.125.224.174:80   CLOSE_WAIT
tcp6       0      1 ::ffff:192.168.1.126:60217 ::ffff:74.125.239.14:443   CLOSE_WAIT

Note 97.74.42.79:80 twice.

Guess I'll have to do the same unless someone has a better idea.