In Android, use TCPDUMP to capture Wireshark to analyze data.

Source: Internet
Author: User

In Android, use TCPDUMP to capture Wireshark to analyze data.
GuideIf you want to analyze the network data interaction of an APP in Android, You need to capture packets on the Android mobile phone. The most common packet capture tool is not tcpdump, and tcpdump is used to generate pcap files identified by Wireshark, then, download the pcap file to the computer, load the pcap file with Wireshark on the computer, and analyze the data captured by tcpdump through Wireshark.

1. Install tcpdump

To install tcpdump for an Android phone, you must first root the Android phone. Currently, common root tools on the market are very powerful. We recommend that you use the root genie to root the phone, we can install tcpdump on our mobile phone.

Download the tcpdump file first:

adb push tcpdump /sdcard/  adb Shell  su  cat /sdcard/tcpdump > /system/bin/tcpdump

If the previous command prompts no permission, run the following command to add the write permission to the/system directory:


Find a line containing/system in the mount result, which is similar to the following:

/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0

Go to the first half of the line/system, that is, "/dev/block/platform/msm_sdcc.1/by-name/system". Run the following command:

mount -o remount /dev/block/platform/msm_sdcc.1/by-name/system /system

At this time,/system has the write permission and continues to execute:

cat /sdcard/tcpdump > /system/bin/tcpdump  chmod 777 /system/bin/tcpdump

So far, tcpdump is successfully installed in the "/system/bin/" directory, and the following command is used to capture packets:

Ii. Use tcpdump to capture packets
tcpdump -i wlan0 -s 0 -w /sdcard/1.pcap

You can use the Ctrl + c shortcut to stop tcpdump from capturing packets. The captured data is saved to the/sdcard/1. pcap file.

Re-open a Terminal and execute the following command

adb pull /sdcard/1.pcap .

1. The pcap file is downloaded to the current directory on the terminal.

3. Install Wireshark and analyze pcap files

Download the Wireshark suitable for your system from the Wireshark official website click the Wireshark installation package you downloaded to install Wireshark. pcap file, double-click 1. pcap file, 1. the pcap file is automatically opened by Wireshark. Input the following Filter conditions in Wireshark Filter to analyze data sources more conveniently.

View plaincopy to clipboardprint? Tcp. port = 80 // filter TCP Data udp from port 80. port = 12345 // filter UDP data ip addresses from port 12345. src = // filter data IP addresses whose source ip address is dst = // data whose destination IP address is

The preceding filter conditions can be combined with and or, for example

View plaincopy to clipboardprint? Tcp. port = 80 and ip. src = // filter the number of TCP udp requests from port 80 with the source IP address port = 12345 or ip. dst = // filter UDP data from port 12345 or data with the destination IP address



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.