1. Download and install Tcpdump
: tcpdump
To install tcpdump, the command-line mode executes sequentially:
Java
123 |
adb root adb push C:\users\ trinea\desktop\< Span class= "crayon-i" >tcpdump /data/local/tcpdump adb Shell chmod 6755 /data/local/tcpdump |
Where the first parameter of the ADB push is the path of the local tcpdump.
2. Start and run tcpdump
command-line mode to run the following command:
1 |
ADB Shell /data/local/tcpdump -n -s 0 |
At this point on the phone to do any of the network-related operations will be printed on the screen, you can stop by CTRL + C.
Due to the limitation of the command line maximum output and the constant scrolling of the screen, we can save the crawled network packet to the SD card, such as the following command:
1 |
adbshell /data/local/tcpdump -i any< Span class= "crayon-h" > -p -s 0 -w /sdcard/netcapture pcap |
Still through CTRL + C stop, pull files to the local PC
1 |
ADB pull /sdcard/netcapture. Pcap d:\\ |
Through help we find that Tcpdump supports the following parameters:
tcpdump [-AADDEFLLNNOPQRSTUUVXX] [-C Count] [-c File_size]
[-E Algo:secret] [-F file] [-I. Interface] [-M secret]
[-R File] [-S Snaplen] [-T type] [-W file]
[-W FileCount] [-y Datalinktype] [-Z User]
[Expression]
Where-C indicates the number of requests for monitoring, and the maximum size of the stored file;
-I represents the type of monitoring, and-s indicates the size of the crawled network request, and 0 is the fetch of the entire network packet, and-W indicates that the crawled package saves the file path and does not print in standard output at this time. And the port parameter can be added to represent the ports.
3. Analyze data with Wireshark
Wireshark, Chinese address: http://www.onlinedown.net/softdown/2883_2.htm, English address (requires FQ): http://www.wireshark.org/download.html
Log can be analyzed by opening capture.pcap with Wireshark
About Wireshark specifically visible: http://www.cnblogs.com/TankXiao/archive/2012/10/10/2711777.html
Rotor http://www.trinea.cn/android/tcpdump_wireshark/
Android uses tcpdump and Wireshark to crawl network packets