Android Traffic Analytics tcpdump & Wireshark

Source: Internet
Author: User

App competition has been heated, control of their own Android app traffic can give users a good user experience Oh, give the user a reason not to uninstall.

How does Android perform traffic analysis? Good tcpdump & Wireshark these two tools.


1, tcpdump the command line mode, its command format is:
tcpdump [-ADEFLNNOPQSTVX] [-C Quantity] [-f filename]
[-I Network interface] [-R FileName] [-S Snaplen]
[-T type] [-w file name] [Expression]
Introduction to Tcpdump Options
-A converts the network address and broadcast address into a name;
-D gives the code of the matching packets in a compiled format that people can understand;
-DD the code of the matching packet is given in the format of the C Language Program section;
-DDD the code for matching packets is given in decimal form;
-e Prints the header information of the data link layer in the output line;
-F Print out the external Internet address in digital form;
-L causes the standard output to become the buffer line form;
-N Do not convert the network address into a name;
-T does not print timestamps on each line of the output;
-V outputs a slightly more detailed information, such as the TTL and the type of service that can be included in the IP packet;
-VV output detailed message information;
-C After receiving the specified number of packets, the tcpdump will stop;
-F reads an expression from the specified file, ignoring other expressions;
-i specifies the network interface for listening;
-R reads packets from the specified file (these packages are typically generated via the-w option);
-W writes the package directly to the file and does not parse and print it;
-T interprets the heard packet directly as a specified type of message, with the common type of RPC (remote procedure
Call) and SNMP (Simple Network Management Protocol;)

2, tcpdump parameter turn from http://www.cnblogs.com/maifengqiang/p/3863168.html
The first is about the type of keywords, primarily including host,net,port, such as host 210.27.48.2, which indicates that 210.27.48.2 is a host, and that net 202.0.0.0 indicates that 202.0.0.0 is a network address, Port 23 Indicates that the port number is 23. If no type is specified, the default type is host.
The second is to determine the transmission direction of the keywords, mainly including SRC, DST, DST or SRC, DST and src, these keywords indicate the direction of transmission. For example, SRC 210.27.48.2, which indicates that the source address in the IP packet is 210.27.48.2, DST net 202.0.0.0 indicates that the destination network address is 202.0.0.0. If no direction keyword is indicated, the default is the src or DST keyword.
The third is the key word of the agreement, mainly including FDDI,IP,ARP,RARP,TCP,UDP and other types. FDDI indicates that it is a specific network protocol on FDDI (Distributed Optical Data Interface Network), in fact it is "ether" Alias, FDDI and Ether have similar source address and destination address, so the FDDI protocol packet can be treated and analyzed as a ether packet. The other key words are the protocol content of the listening packet. If no protocol is specified, tcpdump will listen for all protocol packets.
In addition to these three types of keywords, other important keywords are as follows: Gateway, Broadcast,less,greater, there are three logic operations, take non-operation is ' not '! ', with the operation being ' and ', ' &&; or ', ' or ', ' | | ' These keywords can be combined to form a powerful combination of conditions to meet people's needs.

Here are a few examples:
A want to intercept all packets received and sent by all 210.27.48.1 hosts:
#tcpdump Host 210.27.48.1
b to intercept host 210.27.48.1 and host 210.27.48.2 or 210.27.48.3 communication, use the command: (when applying parentheses to the command line, be sure to
#tcpdump host 210.27.48.1 and/(210.27.48.2 or 210.27.48.3/)
c If you want to get host 210.27.48.1 in addition to the IP packets that communicate with all hosts except host 210.27.48.2, use the command:
#tcpdump IP host 210.27.48.1 and! 210.27.48.2
D If you want to get the Telnet packet received or issued by the host 210.27.48.1, use the following command:
#tcpdump TCP port, host 210.27.48.1


3, Wireshark turn from http://www.cnblogs.com/TankXiao/archive/2012/10/10/2711777.html


4, how does Android traffic analysis? Specific operation
4.1, Tcpdump
Tcpdump-i any-p-vv-s 0-w/sdcard/dump.cap
4.2. ADB Pull
ADB pull/sdcard/dump.cap D:\dump.cap
4.3, Wireshark
View D:\dump.cap with Wireshark
4.4. Detailed analysis
Through Wireshark analysis, it is possible
If you need more detailed analysis, you can export dump.cap from Wireshark to a CSV file, and then write your own small program analysis.

5. Summary:

Android traffic analysis is an important aspect of Android application post-optimization, and with good tcpdump&wireshark, you can control the flow of your application.






Android Traffic Analytics tcpdump & Wireshark

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.