Mobile Forensics
Mobile Forensics
Mobile Forensics
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • Checking Windows Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Network Connections
    • Extract Data for Further Analysis
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • Checking Smartphones
    • Note: curriculum
    • Smartphone System Architecture
    • Check Devices Linked to Chat Applications
    • Check for Suspicious Messages
    • Monitor Network Traffic
    • Note: Monitoring Network Traffic on Linux
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page
  • Configure WiFi Sharing
  • Configure Redirection to Intercepting Proxy
  1. Checking Smartphones

Note: Monitoring Network Traffic on Linux

This page serves as my note for setting up network traffic monitoring on Linux.

Configure WiFi Sharing

Using KDE

  1. Plug-in a wifi adapter that supports AP mode.

  2. Right click on the Network icon on the taskbar. Click Configure Network Connections.

  3. Click Add, select Wi-Fi (Shared).

  4. Under Wi-Fi tab, set:

    1. SSID: whatever you want

    2. Limit Device: select the adapter you just plugged in.

    3. Wireless Security: configure a WPA2 Personal password

    4. IPv4: Method: Share with other computers

  5. Choose a connection name (basically the network profile name)

  6. Save

  7. Left click on the Network icon, click Connect on the connection name you just created.

  8. Now the AP should be started and you should see it from other devices the SSID you just configured.

Configure Redirection to Intercepting Proxy

For mobile forensics, it is usually not necessary to intercept SSL traffic, because to intercept SSL traffic one would typically have to configure a self-signed SSL certificate authority (CA) for the mobile device, however most apps would not trust user-imported SSL CA. To make apps trust the self-signed CA would require rooting the Android device, which is not recommended because when conducting forensics one should not alter the subject device.

PreviousMonitor Network TrafficNextChecking Android Devices Basic

Last updated 1 year ago