Android uses tcpdump, Wireshark for grab packs and analysis of technical introductions _android

This article focuses on how to use tcpdump and Wireshark to grab and analyze the Android app, and it's important to note that your Android device must be root before grabbing the bag, and your computer must have an Android SDK environment .

Download and install Tcpdump

Tcpdump Link: http://www.tcpdump.org/

Select a version to download and extract the UH tcpdump file, then push it to your phone:

Copy Code code as follows:

ADB push C:\tcpdump/data/local/tcpdump

Further actions:

Copy Code code as follows:

ADB shellsuchmod +x/data/local/tcpdump

And then you can start grabbing the bag:

Copy Code code as follows:

/data/local/tcpdump-p-vv-s 0-w/sdcard/capture.pcap

At this point you can operate the appropriate operation of the application, grab bag after the completion of CTRL + C stop grasping the bag.

Then will catch Pcap file transmission local start to analyze, here assume you pull to C disk directory.

Copy Code code as follows:

ADB pull/sdcard/capture.pcap c:/

Using Wireshark to analyze grab data

Install Wireshark on PC

Wireshark Download: http://www.wireshark.org/download.html

If the installation is complete, you can directly hit the Pcap file just now.

Use Filters Filter

If you catch too many things, you can use the top filter, for example, I only look at the HTTP protocol, and it's from my device.

Right-click Record to view TCP stream

This feature I prefer, you can view the http,client end of the request and server-side returned data

And what I think is more powerful.

You can store the content and results of the request, for example, to view the contents of the Post

This is the content of each layer of the specific TCP/IP seen in the panel

But after this coding, and the things that are sent out by the byte stream are annoying, with the storage possible, you can see the concrete results:

Choose File->export objects->http, and you can export this record.

Finally, the summary

This is what I have recently done in my work, but in the actual operation of Tcpdump and Wireshark, there are more features, skills can be dug out, this article is for those who have never used these two tools of the introduction bar.