0

I am trying to capture http traffic using pcap4j from an android emulator / ios simulator to a server which is hosted on the same machine. The machine can run either linux / windows or osx.

I tried capturing packets from wireshark first for testing, but it didn't catch any. I guess this is because the emulator uses the loopback interface to talk to the server since they are running on the same machine. Is there any way I can capture the traffic other than making the emulators use a sort of "man in the middle http proxy"?

Thanks.

barisdad
  • 515
  • 7
  • 19

2 Answers2

1

I tried capturing packets from wireshark first for testing, but it didn't catch any. I guess this is because the emulator uses the loopback interface to talk to the server since they are running on the same machine

Yes, so, unless you capture on the loopback interface, you won't see the traffic. On Linux, that interface is called "lo"; on OS X (and most other UN*Xes), it's called "lo0". On Windows, you're out of luck, unfortunately.

0

The iOS Simulator uses the same network interfaces as the host. There is not separate interface and Wireshark will see traffic from within the iOS Simulator the same way it will see traffic from any other Mac OS application.

Jeremy Huddleston Sequoia
  • 22,938
  • 5
  • 78
  • 86
  • I don't think this answers my question. no traffic will be sent to the LAN since they are on the same computer, and unless I do something with the loopback interface I can't catch any traffic. – barisdad Apr 30 '15 at 06:23
  • Just because the server you're talking to is on the same machine, it doesn't necessarily follow that you're using the loopback interface for the connection. My point is specifically that there is nothing special about this case for the iOS Simulator. We don't do any magic for network interfaces in the simulator. From the perspective of Wireshark, your app running in the simulator is just like any other process on the system. – Jeremy Huddleston Sequoia Apr 30 '15 at 07:24
  • I didn't understand your first sentence. Is there a cross platform way to make it go to the wire and not use the loopback interface? I know they are like other processes, and therefore their loopback usage policy is like any other process. For example, this means that when I run the android emulator in windows it will use the loopback interface by default, and as far as I know there is no way to override this in windows. However, there is specific stuff you can do in the android emulator, like the httpproxy run option I mentioned before. – barisdad Apr 30 '15 at 09:13
  • "Just because the server you're talking to is on the same machine, it doesn't necessarily follow that you're using the loopback interface for the connection." Why not? Most of not all UN\*Xes will send packets with any of the sending machine's IP addresses as the destination address - including, but *not* limited to, 127.0.0.1 - over the loopback interface. (Most Ethernet adapters won't receive their own traffic, so sending it over the Ethernet wouldn't work; I don't know whether it'd work with Wi-Fi and an access point.) –  Apr 30 '15 at 19:34
  • @GuyHarris If the server in question is configured to just bind to a particular IP address (eg like setting 'Listen 10.0.0.1:80' in apache) then wouldn't it only bind to the interface configured for that address (eg: en0 and not bind to lo0)? Am I completely missing something fundamental here? – Jeremy Huddleston Sequoia May 01 '15 at 01:34
  • It's irrelevant whether it binds to lo0 - if 10.0.0.1 transmits a packet to 10.0.0.1, that packet will be sent over the loopback interface, not over a real network interface. –  May 01 '15 at 01:48
  • Ok, cool. Good to learn new bits. Still, to the poster's point, we don't do anything special with networking in the sim. From the perspective of tools like wireshark, the process running in the sim is just like any other OS X process. – Jeremy Huddleston Sequoia May 01 '15 at 03:54