I want to build a sniffer in Android and one of the approaches that was proposed was a loop-back VPN.
The issue with this approach is that all the communication with the outside world will be done through a protected socket and in Java I still cannot sniff low level TCP information from that socket.
For example, I cannot find out when exactly an ACK was received for data that was sent from the phone. Am I missing something or is this approach simply not suitable for a proper sniffer?
You won't be able to get ack information and other low level info using an Android VPN as this data won't be exposed through Java sockets.
An alternative is to utilize a native sniffer (TCPdump is one example, and an Android port already exists), execute it as root from your Java app and then retrieve its output in your app