Smartphone network packet capture program report

I. Job Requirements

1. Job content: develop a program to capture data on the smart phone network. The system is not limited, and there are no restrictions on objects (WiFi, Bluetooth, GPRS, etc ).

2. Organizational Form: The team members can be divided into groups. The group consists of up to three members with a clear division of labor. The group leader should be designated.

3. Submit jobs: source code, documents (electronic and printed), and demos.

Ii. Assignment Research

1. System Platform Selection

Smart Phone applications, especially those that are close to the underlying functions, do not yet have a good technical solution that can be developed at a time and are suitable for almost all systems, such as iPhone, Android, and Windows Mobile. Even Java me cannot do this well. Therefore, you must make a choice on the platform before making a formal decision.

Based on the following considerations, we chose Google's Android operating system. From the subjective perspective, for the current smartphone operating system, we have been engaged in and researched mostly on Android, and have done application development on (and only on) the Android platform, familiar with application development on the Android platform. Considering the objective factors, Android is an open-source mobile phone operating system, which is advantageous for our research and exploration, While iPhone and Windows Mobile are closed Mobile Phone operating systems, the ability to obtain materials is relatively limited. In addition, the market share of Android mobile phones in smartphones is huge, which determines that the development of the smartphone package capture program on the Android platform is quite practical.

2. Research on Development Solutions

On the Android platform, we started to read articles and books related to topics such as Android and Network Data Capturing on the Internet and libraries. Because the Android system has the "kinship" between Linux and Java, you can also read articles related to topics such as network and data capture in Linux and Java. After some efforts, we have summarized several basic solutions for data capturing on the smart phone network and analyzed them briefly.

A. tcpdump + Java Parsing

Use tcpdump (the underlying Linux tool of Android) to capture network data and store it in a file. Use the Java File Operation Method to parse the file and display it on the user interface. This is our solution, which will be described later.

B. Analysis of tcpdump + jpcap

Tcpdump is used to capture network data and store it in the network. Based on the format characteristics of the tcpdump file, jpcap (or jnetpcap) is parsed using libpcap Java. Compared with the above scheme, this scheme has the advantage that it does not need to implement the File Parsing class by itself. The disadvantage is that in this job on Android, The jpcap method we need to call is very limited, but it must contain a series of complete jar files, it is unintentional to increase the size of the final program. It is too costly for devices that are sensitive to resources such as mobile phones. At the same time, the jpcap originally developed for the desktop platform is transplanted to the Android platform (some code requires cross-compilation). Although the difficulty is not great, there is some uncertainty.

C. libpcap + ndk

Use libcap and Android ndk. Android provides an ndk development kit that can be used to compile Android class libraries in C and C ++ languages. Libcap is a network packet capture code library of a very program on Linux. It is implemented in C language. Therefore, you can combine the two to implement the desired functions. Specifically, it is to use ndk to compile libcap into the underlying library that can be called at the Android Application Layer and provide the response function interface. The main functions of user interaction and simple logic processing are implemented at the application layer. The advantage of this solution is that it has a lot of room for trial in terms of operation efficiency and development flexibility, but ndk is very unfamiliar to us and its learning curve is also relatively long, this solution is not suitable for our limited job time.

D. Socket + ndk

The basic idea of using socket and Android ndk is the same as that of libpcap and Android. The difference is that the existing libpcap library is replaced by the self-implemented socket, so that the program volume can be lighter than the previous scheme. However, this requires familiarity with Linux socket programming and cross-Compilation of Android. Although we have a certain understanding of this knowledge, we are also very interested, but like the above solution, the implementation of this solution is too costly and feasible.

 

Iii. Operation solution description

After the above research, we finally adopted the tcpdump + javaio solution. We call the final Android Application andump, which means the combination of Android and tcpdump.

1. program function design

Before starting development, you must first determine the program implementation functions and the functions that are not implemented at the moment. For andump, we plan to implement the following functions:

Function A: Call tcpdump to capture packets and store them in the specified file;

Function B reads captured data from a specified file and displays it to users in a friendly manner;

Function C: Specifies the packet capture type, such as TCP, UDP, and IP (tentatively implement the division of these three types );

Function D, which can easily control the operation, start, and stop of tcpdump (tentatively only implement these two types of control );

Function E. Other auxiliary functions that may be required.

2. Basic Program Framework

Based on the features that require the above implementation and the basic methods of application development on the Android platform, after analysis, we have developed the basic framework of the andump program, as shown in.

As shown in, the entire program consists of four core modules. The functions of each function module are described in detail below.

3. Module Design Description

(A) Storage setting module

Corresponding class: dumpsettings.

This module is an auxiliary module designed to save data that is frequently used between modules during runtime. For example, set the data packet type. This class is implemented through the singleton mode, ensuring data uniqueness. A complete tcpdump command is generated.

Contact with other modules for the configuration module to set the runtime parameters (packet capture type and whether to block debugging communication information) for the packet capture module to obtain the complete running commands.

(B) Control Module

Corresponding class: controlactivity.

This module is located at the center of each module and is also the main module for users. The main functions of this module include,

Call other modules (configactivity, dumpservice, and readactivity) and receive the information returned by calls from other modules. Provide the user interface of function D (the following describes why function D is not implemented ).

Contact with other modules to start other modules.

(C) Setting Module

Corresponding class: configactivity.

This module is started by the control module and completes Function C (specifying the data packet capture type). After the call is complete, the system returns to the control module. In the actual development process, we found that the android simulator and eclipse have been conducting a large number of irrelevant communications. The data content of these communications is mainly provided to the development tool for some debugging information, it does not have any effect on the actual application, so it provides an option to disable the capture of the debugging information.

Contact with other modules. The configuration information is saved in a singleton object, which is used to plan the execution commands of tcpdump for the packet capture module.

(D) packet capture module

Corresponding class: dumpservice.

This module runs in the system background to implement function a and function D, and assists in implementing function C according to the options of the Setting module (it should be said that it is the essence of Function C ). Use the Objective C (string) method to enable a tcpdump sub-process. (Tcpdump is a Linux underlying program that can capture network data. You can store and filter data by configuring the tcpdump Parameter options .) Close this sub-process to stop the packet capture activity.

Contact with other modules to accept the control information of the control module to start and stop Packet Capturing. Store the captured data in a file for use by the read package module.

(E) read packet module

Corresponding: readactivity.

This module implements function B. On the one hand, it needs to read and analyze the modules obtained by the packet capture module, and display them on the user interface. Because the Android system is sensitive to the UI thread time response, background threads are used to read packet capture files. The amount of data captured each time is also large. One-time display shows that the consumption of memory resources on the mobile phone is too large, so simple paging is used.

Contact other modules to read the storage files obtained by the packet capture module.

(F) types related to file data analysis

Corresponding class: classes under CN. Todd. andump. layerreader.

These classes analyze the meaning of each byte or byte block according to the TCP/IP protocol specification according to the Read Binary file method, and then store them in a certain data structure. For the file format, refer to this article: http://www.360doc.com/content/11/1117/17/8151417_165252820.shtml.

(G) Other utilities

Corresponding class: classes under CN. toddapp. andump. util.

These classes are related to the UI implementation mechanism of Android and provide some auxiliary methods for the UI.

The design ideas of each module are illustrated from a macro perspective. The specific implementation can be referenced in the code. I will not go into details here.

 

Iv. Homework results

1. Basic description

This job implements the Android system's smart phone network data grabbing application andump. Due to restrictions, we only tested the android SDK on the android simulator. At the same time, due to time constraints, the test is not very adequate, and the correctness and Stability of the runtime cannot be completely guaranteed. However, in general, andump provides the complete network data capture function, which can work normally in most cases.

2. How to Use

This project is positioned as a learning and research project, so it is only published in the form of source code, without directly installing and using binary files. Before use, import it to the Eclipse project, compile it, and install it on the android virtual machine. The android virtual machine must allocate an sdcard that is large enough (greater than 32 MB.

3. Demo

After eclipse is started, the first picture is shown in.

Click the Wrench Icon to go to the configuration page, as shown on the right.

You can set response running parameters as needed, as shown in figure

Then, click back to return to the main interface. Click the start button to start the capture system interface. The system tray displays that the andump program is running. The three buttons will respond to changes at the same time. As shown in.

This is the home key on the keyboard (do not press back or exit the Program), open the browser, such,

After opening a webpage, you can drag the system tray and click the andump column to return to the home page of andump. Click Stop to stop packet capture. You can use the read and wrench buttons. Click Read To Go To The data packet Viewing Interface. The page displays a list of captured data packets at a certain time. Click any LAN in the list to view the detailed information of the data packet, as shown in.

As we can see, the two IP addresses in the captured data packet are 10.0.2.15, which is the virtual IP address of the Virtual Machine and 74.125.71.104, which is the IP address of the Google homepage, what we just visited is Google's homepage, proving that our data capture is correct.

Of course, the paging function is also partially implemented here. Click the menu key to view the menu button for the next page. Click it to go to the next page (the previous page function is still to be improved ). As shown in.

As you can see, after clicking Next, the data list on the interface is refreshed.

 

V. Postscript

After several nights of struggle, we finally completed the smart phone network data packet capture program. In this process, we have a better understanding of TCP/IP protocol, Android Application Development, Java file reading, and other technologies. In fact, according to this article, this android application does not have a particularly complex or high-end technology, and more importantly, it determines the final process of selecting the solution to be used in this article.

The question given by Mr. Liu is very concise, which has advantages and disadvantages for us to complete our homework. The disadvantage is that when you get the job requirements, there will be a feeling of "Nowhere to start", because the job requires too little information. The advantage is that we are more free to complete our jobs. Therefore, at the beginning, we thought of the four solutions mentioned above. Of course, there may be other better solutions, but for the completion of a job, I was able to think of so many solutions when I officially started. Loose job requirements are an important factor.

Of course, we have made some improvements to this application. We plan to put our code online and develop the source code, let more people improve it.