Android via tcpdump grab bag (WiFi, 2g, 3g all Can)

http://blog.csdn.net/deng529828/article/details/20646197

1. The phone must have root privileges

2. Download Tcpdump http://www.strazzere.com/android/tcpdump

3. ADB Push C:\wherever_you_put\tcpdump/data/local/tcpdump

If this step does not push the real machine, you can use ADB push c:\where_you_put\tcpdump/sdcard, that is, the file into a folder that does not require permission, here with SDcard, and then upload to/data/local/tcpdump.

4. ADB shell chmod 6755/data/local/tcpdump

5, adb shell, su get root permission

6, Cd/data/local

7,./tcpdump-i Any-p-S 0-w/sdcard/capture.pcap

Command parameters:

# '-I any ': Listen on any network interface

# "-P": Disable promiscuous mode (doesn ' t work anyway)

# "-S 0": Capture the entire packet

# "-W": Write packets to a file (rather than printing to stdout)

... do whatever your want to capture and then ^c to stop it ...

Download tcpdump file to your computer

ADB pull/sdcard/capture.pcap Capture.pcap

You can then open it with Wireshark to see the details of the packet.

2G, 3G environment, then must root in the tcpdump way to grasp .

Get ready:

First, Root

cf-auto-root:http://autoroot.chainfire.eu/

Need to clean up all data, pay attention to backup

Do not be afraid of root after the insecure, root authority by Superu management authorization.

Recommended after Root: Green protection, Fqrouter, xposed, Xprivacy.

Second, the software

-ADB

Included in Android SDK, via USB Debug and Android Interactive tool

-Tcpdump

Install a tcpdump related App,app boot will get root privileges will be tcpdump installed, of course, not afraid of trouble can also under the Android tcpdump version manual copy in

----Update 2015-1-2

Android 5, forced to require binary file support Pie (position-independent-executable) to improve system security, can find the tcpdump package basically no pie can not execute, you need to modify the Tcpdump compilation options, Just found the compiled ready: http://www.liudonghua.com/?p=372 There is a download (test available).

-BusyBox

A collection of command tools, in which the ADB shell provides most Linux commands, and the NC we need to use is inside

Three, offline grab bag

-Way One: adb USB connection go in to execute the grab bag

ADB Shell Su

Tcpdump-s 0-w/sdcard/tmp.pcap

-Way two: Tcpdump app to execute grab bag

A lot of related apps

Benefits: Can not use USB connection, can also catch the normal environment of network packets,

The Android system will not enter deep sleep when the USB is connected, and the client may behave differently during deep sleep (wake lock, Alarm, WiFi switch). ）

Also recommended Betterbatterystat http://forum.xda-developers.com/showthread.php?t=1179809

-Take out the bag

After the capture, because the file is written through the root account, Windows can not see, the MAC itself is not supported, so stop back to the system shell

ADB pull/sdcard/tmp.pcap.

four, real-time view grab bag

Share the heat, 360 mobile WiFi can do, but there are problems:

1. WiFi Internet Only

2. Because it is an intermediate node, the timing of the captured packet is not necessarily the timing of the client package

2G/3G network can also be done, the principle will tcpdump standard output to NC, ADB is only port mapping, the native NC connection adb map port, will flow to create Pipe,wireshark support pipe flow

Script:

1. adb_tcpdump.sh

12	sutcpdump -s 0 -w - | busybox nc -l -p 11233

2. adb_wireshark.sh

12345678910

adb shell < adb_tcpdump.sh &sleep 1adb forward tcp:11233 tcp:11233sleep 1 mkfifo /tmp/sharkfinwireshark -k -i /tmp/sharkfin &nc 127.0.0.1 11233 > /tmp/sharkfin

Execute under Mac./adb_wireshark.sh can pop Wireshark real-time look at the phone traffic

Android via tcpdump grab bag (WiFi, 2g, 3g can be)