1. Install tcpdump
To install tcpdump for an Android phone, you must first root the Android phone. Currently, common root tools on the market are very powerful. We recommend that you use the root genie to root the phone, we can install tcpdump on our mobile phone.
Download the tcpdump file first: http://pan.baidu.com/s/1sjM7wTZ
adb push tcpdump /sdcard/ adb Shell su cat /sdcard/tcpdump > /system/bin/tcpdump
If the previous command prompts no permission, run the following command to add the write permission to the/system directory:
Find a line containing/system in the mount result, which is similar to the following:
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
Go to the first half of the line/system, that is, "/dev/block/platform/msm_sdcc.1/by-name/system". Run the following command:
mount -o remount /dev/block/platform/msm_sdcc.1/by-name/system /system
At this time,/system has the write permission and continues to execute:
cat /sdcard/tcpdump > /system/bin/tcpdump chmod 777 /system/bin/tcpdump
So far, tcpdump is successfully installed in the "/system/bin/" directory, and the following command is used to capture packets:Ii. Use tcpdump to capture packets
tcpdump -i wlan0 -s 0 -w /sdcard/1.pcap
You can use the Ctrl + c shortcut to stop tcpdump from capturing packets. The captured data is saved to the/sdcard/1. pcap file.
Re-open a Terminal and execute the following command
adb pull /sdcard/1.pcap .
1. The pcap file is downloaded to the current directory on the terminal.3. Install Wireshark and analyze pcap files
Download the Wireshark suitable for your system from the Wireshark official website https://www.wireshark.org/and click the Wireshark installation package you downloaded to install Wireshark. pcap file, double-click 1. pcap file, 1. the pcap file is automatically opened by Wireshark. Input the following Filter conditions in Wireshark Filter to analyze data sources more conveniently.
View plaincopy to clipboardprint? Tcp. port = 80 // filter TCP Data udp from port 80. port = 12345 // filter UDP data ip addresses from port 12345. src = 192.168.0.1 // filter data IP addresses whose source ip address is 192.168.0.1. dst = 192.168.0.1 // data whose destination IP address is 192.168.0.1
The preceding filter conditions can be combined with and or, for example
View plaincopy to clipboardprint? Tcp. port = 80 and ip. src = 192.168.0.1 // filter the number of TCP udp requests from port 80 with the source IP address 192.168.0.1. port = 12345 or ip. dst = 192.168.0.1 // filter UDP data from port 12345 or data with the destination IP address 192.168.0.1