How to capture the traffic of Genymotion Emulator with WireShark?

17
votes

I would like to capture with wireshark one of the Android application's http messages.

I was trying to filter to android's ip address, then mac address without success. I'm sure the solution would be simply, but I couldn't figure it out yet.

2
androidemulationwiresharkgenymotion

2 Answers

19
votes

Genymotion VMs have two network adapters in the underlying VirtualBox configuration. Which one you should capture on depends on what you're looking for. Also, some of the details (adapter names, etc.) depend on what OS you're using. However, the concepts are identical.

Adapter 1, usually vboxnet0 if you're on Ubuntu, is a host-only adapter used to support local interactions between the host and the VM. In the default Ubuntu setup, this is the 192.168.56.0 network. The host machine is 192.168.56.1 and the VM usually ends up getting 192.168.56.101 from VirtualBox's built-in DHCP server. This connection is used by the Android Debug Bridge (ADB) to connect development tools with the VM. For example, this is how Eclipse ADT and Android Studio are able to communicate with the VM for installing APKs, etc. When you do adb shell you are also connecting over this network. If you want to examine how your dev tools are communicating with your VM, capture on vboxnet0 (or equivalent).

Adapter 2 is normally NATed to your host's network connection, usually something like eth0 or wlan0 on Ubuntu. This enables Internet access for the VM. If you want to see how your VM is interacting with the local network or Internet, capture against your host's main network adapter. Unfortunately, when the VM is NATed, your VM traffic will have the same IP as your host, making it difficult to filter. If this causes a problem, shut down your VM, open VirtualBox directly (i.e., no Genymotion launcher), change Adapter 2 to "Bridged Adapter", and select the current active host adapter in the VM's network configuration. If your local LAN uses DHCP (likely), this will allow the VM to get it's own IP which you can then filter on in Wireshark. Once you restart the VM (from the Genymotion Launcher), you can find out what address it's been assigned with adb shell ifconfig from the host. Look for eth1 which corresponds to VIrtualBox Adapter 2 (eth0 is for the adb connection over VirtualBox Adapter 1).

0
votes

If you use Genymotion, capturing traffic between Host (i.e your machine) and Guest (i.e Genymotion Emulator) is very simple.

  1. As Gennymotion uses Virtualbox to create Virtual Environment, you can find vboxnet0 interface listed in wireshark, select it and record all traffic flowing between Guest (Genymotion) and Host (Your System).

WireShark Interface List

  1. In case if you dnt want to use WireShark to monitor traffic, you can also use Fiddler and configure proxy settings in Genymotion (Adding Proxy steps documented in Genymotion docs) towards Fiddler-running machine IP address and port.

  2. And in Fiddler to capture traffic make this setting: Tools menu > Fiddler Options > Connections and tick the Allow Remote Computers to connect box, than restart Fiddler.