I want to be able to log all my network traffic for all apps on Android. Currently I am using iptables for that purpose which generates me log messages like this:
In case of outgoing packets everything is fine and I get the uid of the sending application
Rule: iptables -A OUTPUT -j NFLOG
Logs: IN= OUT=pdp0 SRC=10.179.120.240 DST=173.252.102.16 LEN=52 PROTO=TCP SPT=49541 DPT=443 UID=10093
However, for incoming packages I only get the destination port (DPT) and there is no matching to receiving apps.
Rule: iptables -A INPUT -j NFLOG
Logs: IN=pdp0 OUT= SRC=173.252.102.16 DST=10.179.120.240 LEN=81 PROTO=TCP SPT=443 DPT=49541
Is that something iptables can cover? If not, how can I get the App that receives a packet over network?
The traffic passes iptables before it end up in local processing by daemons/servers/..., so iptables does not know the owner (UID) of a packet in INPUT chains. See http://de.wikipedia.org/wiki/Datei:Netfilter-packet-flow.svg
