IPTables: Get UID of incoming network traffic

Question

I want to be able to log all my network traffic for all apps on Android. Currently I am using iptables for that purpose which generates me log messages like this:

In case of outgoing packets everything is fine and I get the uid of the sending application

Rule: iptables -A OUTPUT -j NFLOG
Logs: IN= OUT=pdp0 SRC=10.179.120.240 DST=173.252.102.16 LEN=52 PROTO=TCP SPT=49541 DPT=443 UID=10093

However, for incoming packages I only get the destination port (DPT) and there is no matching to receiving apps.

Rule: iptables -A INPUT -j NFLOG
Logs: IN=pdp0 OUT= SRC=173.252.102.16 DST=10.179.120.240 LEN=81 PROTO=TCP SPT=443 DPT=49541  

Is that something iptables can cover? If not, how can I get the App that receives a packet over network?

Answer 1

The traffic passes iptables before it end up in local processing by daemons/servers/..., so iptables does not know the owner (UID) of a packet in INPUT chains. See http://de.wikipedia.org/wiki/Datei:Netfilter-packet-flow.svg

Answer 2

To get an application list you could generate a list of applications dynamicly using netstat -tulpen or ss -tulpen and link that data with with your iptables logs from INPUT chains.