2G, 3G environment, then must root in the tcpdump way to grasp.
Get ready:
First, Root
cf-auto-root:http://autoroot.chainfire.eu/
Need to clean up all data, pay attention to backup
Do not be afraid of root after the insecure, root authority by Superu management authorization.
Recommended after Root: Green protection, Fqrouter, xposed, Xprivacy.
Second, the software
-ADB
Included in Android SDK, via USB Debug and Android Interactive tool
-Tcpdump
Install a tcpdump related App,app boot will get root privileges will be tcpdump installed, of course, not afraid of trouble can also under the Android tcpdump version manual copy in
-BusyBox
A collection of command tools, in which the ADB shell provides most Linux commands, and the NC we need to use is inside
Three, offline grab bag
-Way One: adb USB connection go in to execute the grab bag
ADB Shell Su
Tcpdump-s 0-w/sdcard/tmp.pcap
-Way two: Tcpdump app to execute grab bag
A lot of related apps
Benefits: Can not use USB connection, can also catch the normal environment of network packets,
The Android system will not enter deep sleep when the USB is connected, and the client may behave differently during deep sleep (wake lock, Alarm, WiFi switch). )
Also recommended Betterbatterystat http://forum.xda-developers.com/showthread.php?t=1179809
-Take out the bag
after the capture, because the file is written through the root account, Windows can not see, the MAC itself is not supported, so stop back to the system shell
ADB pull/sdcard/tmp.pcap.
four, real-time view grab bag
Share the heat, 360 mobile WiFi can do, but there are problems:
1. WiFi Internet Only
2. Because it is an intermediate node, the timing of the captured packet is not necessarily the timing of the client package
2G/3G network can also be done, the principle will tcpdump standard output to NC, ADB is only port mapping, the native NC connection adb map port, will flow to create Pipe,wireshark support pipe flow
Script:
1. adb_tcpdump.sh
Sutcpdump-s 0-w-| BusyBox nc-l-P 11233
2. adb_wireshark.sh
ADB Shell < adb_tcpdump.sh &sleep 1adb forward tcp:11233 tcp:11233sleep 1mkfifo/tmp/sharkfinwireshark-k-i/tmp/s Harkfin &nc 127.0.0.1 11233 >/tmp/sharkfin
Execute under Mac./adb_wireshark.sh can pop Wireshark real-time look at the phone traffic
Real-time capture of Android mobile network under Mac