Android via Tcpdump grab Bag

1. The phone must have root privileges

2. Download Tcpdump http://www.strazzere.com/android/tcpdump

3.tcpdumptcpdump

4. adb shell chmod 6755/data/local/tcpdump

5, adb shell, su get root permission

6, Cd/data/local

7,./tcpdump-i Any-p-S 0-w/sdcard/capture.pcap

Command parameters:

# '-I any ': Listen on any network interface

# "-P": Disable promiscuous mode (doesn ' t work anyway)

# "-S 0": Capture the entire packet

# "-W": Write packets to a file (rather than printing to stdout)

... do whatever your want to capture and then ^c to stop it ...

8, ADB pull/sdcard/capture.pcap d:/

9, on the computer with Wireshark open Capture.pcap can analyze log

Execute the following if you would a-to-watch packets go by rather than capturing them to a file (-N skips DNS lookups. -S 0 captures the entire packet rather than just the header):

ADB shell Tcpdump-n- s 0

Typical tcpdump options apply. For example, if you want to see HTTP traffic:

Listen only for HTTP

adb shell tcpdump-x-n-s 0 Port

Based on the above information, write a bat to execute (the tcpdump file must be in the current directory).

Start tcpdump

ADB push tcpdump/data/local/tcpdumpadb shell chmod 6755/data/local/tcpdumpadb shell rm-r/sdcard/capture.pcapadb Shell /data/local/tcpdump-i Any-p-S 0-w/sdcard/capture.pcappause

Download tcpdump file to your computer

ADB pull/sdcard/capture.pcap Capture.pcap

problem: Some machines after root through the ADB shell, the default is not the root user, you need to enter SU to switch to root, so there is a problem in the execution of batch processing, the workaround is as follows

adb shell "su-c ' sleep 1 '" adb start-server

ADB push Tcpdump/data/local/tcpdump

Problems caused by no root privileges

adb shell su-c "/data/local/tmp/tcpdump-i any-p-S 0-w/sdcard/netcapture.pcap"