Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jiahoong112
Staff
Staff

Created on ‎09-02-2024 01:36 AM Edited on ‎09-29-2024 10:01 PM By Community Manager

Article Id 338300

Technical Tip: Perform Application Based packet capture on Android devices using PCAPdroid - Fortitoken Mobile, FortiClient, FortiExplorer

Description

This article describes how to use PCAPdroid to troubleshoot Fortinet products.

 

PCAPdroid is an Android application that can be downloaded from the Google Play Store to perform packet captures on the device. This can be useful when troubleshooting issues related to Fortitoken Mobile, FortiClient Android, FortiExplorer, etc. These on-device packet captures can be done in conjunction with debugs and packet captures that are done at the same time on the FortiGate to more effectively troubleshoot issues.
Scope Android devices.
Solution
  1. Download the PCAPdroid from the Google Play Store:
                                      
jiahoong112_3-1725258481506.jpeg

 

  1. After opening the application, tap on ‘Target apps’ to select the application that intends to perform the packet capture. If not doing so, then the application will just capture all packets.
                                                                         
jiahoong112_4-1725258481512.jpeg

 

Once the target application is selected, options will be available to choose the specific application for which the capture is desired, as shown below:

 

WhatsApp Image 2024-09-28 at 12.37.34 PM.jpeg

 

To capture website traffic from Google Chrome, simply select the Chrome application as shown below:

 

WhatsApp Image 2024-09-28 at 12.37.34 PM (1).jpeg

 

Then try accessing www.fortinet.com on the Chrome browser.

 

WhatsApp Image 2024-09-28 at 12.37.34 PM (2).jpeg

 

 

  1. As the PCAP file has been saved in the device storage, it is possible to browse it by opening the File Manager, browsing to the Downloads folder, and then the PCAPdroid folder.
                                                     
jiahoong112_5-1725258481517.jpeg

 

Once the pcap is opened, the packet capture for the www.fortinet.com website can be viewed and analyzed.

 

Capture.PNG

 

The PCAP file can then be uploaded to Google Drive, OneDrive, etc, and can be accessed through the computer. The PCAP file can then be uploaded to the TAC ticket.
529
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.