In Android, use TCPDUMP to capture Wireshark to analyze data.

In Android, use TCPDUMP to capture Wireshark to analyze data.
GuideIf you want to analyze the network data interaction of an APP in Android, You need to capture packets on the Android mobile phone. The most common packet capture tool is not tcpdump, and tcpdump is used to generate pcap files identified by Wireshark, then, download the pcap file to the computer, load the pcap file with Wireshark on the computer, and analyze the data captured by tcpdump through Wireshark.

1. Install tcpdump

To install tcpdump for an Android phone, you must first root the Android phone. Currently, common root tools on the market are very powerful. We recommend that you use the root genie to root the phone, we can install tcpdump on our mobile phone.

Download the tcpdump file first: http://pan.baidu.com/s/1sjM7wTZ

adb push tcpdump /sdcard/  adb Shell  su  cat /sdcard/tcpdump > /system/bin/tcpdump

If the previous command prompts no permission, run the following command to add the write permission to the/system directory:

sumount

Find a line containing/system in the mount result, which is similar to the following:

/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0

Go to the first half of the line/system, that is, "/dev/block/platform/msm_sdcc.1/by-name/system". Run the following command:

mount -o remount /dev/block/platform/msm_sdcc.1/by-name/system /system

At this time,/system has the write permission and continues to execute:

cat /sdcard/tcpdump > /system/bin/tcpdump  chmod 777 /system/bin/tcpdump

So far, tcpdump is successfully installed in the "/system/bin/" directory, and the following command is used to capture packets:

Ii. Use tcpdump to capture packets

tcpdump -i wlan0 -s 0 -w /sdcard/1.pcap

You can use the Ctrl + c shortcut to stop tcpdump from capturing packets. The captured data is saved to the/sdcard/1. pcap file.

Re-open a Terminal and execute the following command

adb pull /sdcard/1.pcap .

1. The pcap file is downloaded to the current directory on the terminal.

3. Install Wireshark and analyze pcap files

Download the Wireshark suitable for your system from the Wireshark official website https://www.wireshark.org/and click the Wireshark installation package you downloaded to install Wireshark. pcap file, double-click 1. pcap file, 1. the pcap file is automatically opened by Wireshark. Input the following Filter conditions in Wireshark Filter to analyze data sources more conveniently.

View plaincopy to clipboardprint? Tcp. port = 80 // filter TCP Data udp from port 80. port = 12345 // filter UDP data ip addresses from port 12345. src = 192.168.0.1 // filter data IP addresses whose source ip address is 192.168.0.1. dst = 192.168.0.1 // data whose destination IP address is 192.168.0.1

The preceding filter conditions can be combined with and or, for example

View plaincopy to clipboardprint? Tcp. port = 80 and ip. src = 192.168.0.1 // filter the number of TCP udp requests from port 80 with the source IP address 192.168.0.1. port = 12345 or ip. dst = 192.168.0.1 // filter UDP data from port 12345 or data with the destination IP address 192.168.0.1

From: http://www.linuxde.net/2014/12/15625.html

Address: http://www.linuxprobe.com/android-tcpdump-wireshark.html