No internet connection / only DNS traffic caputured

[Excpt0r]

Hi,

great app! Unfortunately not working with my setup, similar to issue #8.
While capturing (http mode), my applications are not connecting to the internet anymore.
PCAPdroid is only showing DNS traffic, and it seems the applications are not getting DNS answers.

Example capture

Protocol: Unknown (UDP)
Source: 10.215.173.1:14973
Destination: 10.215.173.2:53
Bytes: 0B down, 116B up

I already tried to switch my wifi setup to use my router as DNS, instead of an external IP. Didn't help.

Is there anything else I could try, or more debug info to provide?

Environment:
PCAPdroid 1.2.12 from F-Droid (latest not available, switched to google play later)
PCAPdroid 1.2.13 from google play
Phone: Samsung Galaxy S9 SM-G960F, Android 10, security patch level 01.02.2021

[emanuele-f]

Can you verify that the non DNS traffic is working correcly? E.g. install termux, run pkg install curl and then curl 216.58.208.131.

Can you check the app log to see which DNS server it detects? It prints an information log when you click the start button:

Log.i(TAG, "Using DNS server " + public_dns);

You can retrieve the log with adb logcat

[Excpt0r]

Hey, thanks for the quick reponse!

• Normal traffic using curl with an IP is working
• DNS is also working, when disabling Wifi
• DNS is not working via wifi, when using my local router or using 8.8.8.8 as DNS in android wifi config
• When using 8.8.8.8 as DNS, this is also printed when using "dig" in termux
• The DNS that PCAPdroid logs to be using is IPv6 and probably from my provider (vodafone/unitymedia)

Here is the logcat

02-14 17:48:21.001  7194  7194 D VpnService: prepare function with android vpn context is called for non knox vpn profile
02-14 17:48:21.003  7194  7194 D Main    : onActivityResult -> start CaptureService
02-14 17:48:21.008  7194  7194 D CaptureService: onStartCommand
02-14 17:48:21.010  7194  7194 I CaptureService: Using DNS server 2a02:908:2:b::1
02-14 17:48:21.050  7194  8511 D VPNProxy: getIPv4Pref(getVpnDns) = 10.215.173.2
02-14 17:48:21.050  7194  8511 D VPNProxy: getIPv4Pref(getPublicDns) = 2a02:908:2:b::1
02-14 17:48:21.050  7194  8511 E VPNProxy: getPublicDns() returned invalid address
02-14 17:48:21.050  7194  8511 D VPNProxy: getIPv4Pref(getVpnIPv4) = 10.215.173.1
02-14 17:48:21.050  7194  8511 D VPNProxy: getIPv4Pref(getPcapCollectorAddress) = 127.0.0.1
02-14 17:48:21.050  7194  8511 D VPNProxy: getIntPref(getPcapCollectorPort) = 1234
02-14 17:48:21.050  7194  8511 D VPNProxy: getIntPref(dumpPcapToUdp) = 0
02-14 17:48:21.050  7194  8511 D VPNProxy: getIntPref(dumpPcapToJava) = 1
02-14 17:48:21.050  7194  8511 D VPNProxy: getIntPref(getTlsDecryptionEnabled) = 0
02-14 17:48:21.050  7194  8511 D VPNProxy: getIPv4Pref(getTlsProxyAddress) = 0.0.0.0
02-14 17:48:21.050  7194  8511 D VPNProxy: getIntPref(getTlsProxyPort) = 8080
02-14 17:48:21.062  7194  8511 D VPNProxy: Starting packet loop [tapfd=79]
02-14 17:48:21.062  7194  8511 D VPNProxy: zdtun_parse_pkt failed
02-14 17:48:21.062  7194  8511 I chatty  : uid=10343(com.emanuelef.remote_capture) CaptureService identical 1 line
02-14 17:48:21.062  7194  8511 D VPNProxy: zdtun_parse_pkt failed
02-14 17:48:21.063  7194  7194 D getLocalIPAddress: Using WiFi IP: 192.168.0.206
02-14 17:48:21.338  7194  8511 I CaptureService: Get uid local=/10.215.173.1:44656 remote=/69.171.250.61:443
02-14 17:48:21.344  7194  8511 I CaptureService: Get uid=10207
02-14 17:48:21.344  7194  8511 D UID_RESOLVER: uid [ipv4][proto=6] 10.215.173.1:44656 -> 69.171.250.61:443 => 10207
02-14 17:48:21.344  7194  8511 I VPNProxy: [proto=6]: 10.215.173.1:44656 -> 69.171.250.61:443 [10207/com.whatsapp]
02-14 17:48:21.347  7194  7194 D MainReceiver: Got StatsUpdate: bytes_sent=60, bytes_rcvd=0, pkts_sent=1, pkts_rcvd=0
02-14 17:48:21.364  7194  8511 D VPNProxy: Exporting a 132 B PCAP buffer
02-14 17:48:21.453  7194  8511 D VPNProxy: zdtun_parse_pkt failed
02-14 17:48:21.516  7194  8511 D VPNProxy: zdtun_parse_pkt failed
02-14 17:48:21.538  7194  8511 D VPNProxy: l7proto: app=119, master=91
02-14 17:48:21.768  7194  7194 D MainReceiver: Got StatsUpdate: bytes_sent=702, bytes_rcvd=705, pkts_sent=9, pkts_rcvd=9
02-14 17:48:22.131  7194  8511 D CaptureService: sendConnectionsDump(1 connections)
02-14 17:48:22.132  7194  7194 D MainReceiver: Got StatsUpdate: bytes_sent=742, bytes_rcvd=782, pkts_sent=10, pkts_rcvd=10
02-14 17:48:22.636  7194  7194 D MainReceiver: Got StatsUpdate: bytes_sent=782, bytes_rcvd=782, pkts_sent=11, pkts_rcvd=10
02-14 17:48:23.138  7194  8511 D VPNProxy: Exporting a 1768 B PCAP buffer

I don't want to use my providers ipv6 dns, so the question is where that is coming from.
I can't change the DNS that is delivered from the router via DHCP, but I changed both DNS1 and DNS1 in the wifi settings.

[emanuele-f]

Thanks for the useful information. It should be fixed in 3235c03. You can find the new apk at https://github.com/emanuele-f/PCAPdroid/releases/tag/v1.2.14 or wait for the playstore version to be available. Can you confirm that it works?

Regarding the IPv6 DNS, your router probably has DHCPv6 running. Usually you can either disable it or configure a custom IPv6 DNS server.

[Excpt0r]

Works perfect for me, thank you! It's really awesome to see an issue analysed, fixed and a new version released within hours, hats off.
It's using now the dns1 from my wifi configuration, which is ipv4, and is also shown in the "Stats" window :)