Tcpdump Wireshark network data packet capture on Android platform (Comprehensive)

1 tcpdump Tool

 

Tcpdump can completely intercept the "Header" of the packets transmitted in the network for analysis. It supports filtering network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information.

See: http://baike.baidu.com/view/76504.htm? Fr = ala0_1_1

This tool is easy to use and can be captured through command line execution on Linux, especially on adroid mobile phones. Because most Android phones do not contain the tcpdump tool, you must first copy the tool to your mobile phone. This document does not describe how to copy the tcpdump execution file to the system directory, because the system directory is started by default after RO properties, the login file also involves modifying attributes (the specific Android mobile phone to modify the Mount directory read and write attributes of the method can be found in this blog http://blog.csdn.net/shuzui1985/article/details/7581803)

Let's get down to the truth. First, make sure your mobile phone is already root. If you don't understand it, go online and look for it. I will not explain it.

Ø
ADB push c: \ wherever_you_put \ tcpdump/data/local/tcpdump

Modify file attributes

ADB Shell

Su

Chmod 6755/data/local/tcpdump

Command Line packet capture

/Data/local/tcpdump-p-VV-S 0-W/Sdcard/capture. pcap-Which path do you write by the way?

 

(If tcpdump: no suitable device found appears. Make sure that you are using the root permission)

^ C after the packet capture is complete and exit Android bash

ADB pull/sdcard/capture. pcap

 

Ø use Wireshark to open and view data (users who do not use Wireshark can search directly)

 

2. the android program calls tcpdump internally (reprinted)

See http://blog.csdn.net/Zengyangtech/article/details/5853366

 

 

I recently developed an android network packet capture tool.

I have searched the internet for a long time.

No clue found

So we need to work hard on the Linux layer.

 

Therefore, tcpdump in Linux is used to implement the packet capture function.

To define tcpdump in a simple way, dump the traffic on a network is a packet analysis tool that intercepts packets on the network according to the user's definition.

 

 

As an essential tool for system administrators on the internet, tcpdump, with its powerful functions and flexible interception policies, becomes one of the essential tools for every senior system administrator to analyze the network and troubleshoot problems.

 

For tcpdump detailed can refer to the http://baike.baidu.com/view/76504.htm? Fr = ala0_1_1 introduction to Baidu encyclopedia

 

Here I will mainly introduce how to use tcpdump on Android

 

I use a cracked version of G2 and a simulator.

 

Specifically, run Linux commands in the APK program.

[C-sharp]
View plaincopyprint?

1. Tcpdump-p-VV-S 0-W/sdcard/capture. pcap

In this way, the captured package can be written into a capture. pcap file on the sdcard.

 

This file can be opened on the PC using Wireshark for convenient viewing.

 

 

The specific source code is as follows:

 

Mainhook. Java

[C-sharp]
View plaincopyprint?

1. Package ZY. Hook;
2. Import java. Io. ioexception;
3. Import Android. App. activity;
4. Import Android. OS. Bundle;
5. Import Android. util. log;
6. Public class mainhook extends activity {
7. /** Called when the activity is first created .*/
8. @ Override
9. Public void oncreate (bundle savedinstancestate ){
10. Super. oncreate (savedinstancestate );
11. Setcontentview (R. layout. Main );
12. Try {
13. // Runtime.getruntime(cmd.exe C ("Su ");
14. // Runtime.getruntime(cmd.exe C ("dd If =/sdcard/tcpdump of =/data/local/tcpdump ");
15. // Runtime.getruntime(cmd.exe C ("chmod 6755/data/local/tcpdump ");
16. Runtime.getruntime(cmd.exe C ("tcpdump-p-VV-S 0-W/sdcard/capture. pcap ");
17. Log. I ("run", "Success !!!!!!!!! ");
18. } Catch (ioexception e ){
19. // Todo auto-generated Catch Block
20. E. printstacktrace ();
21. Log. I ("run", E. tostring ());
22. }
23. }
24. }

 

Androidmanifest. xml

[XHTML]
View plaincopyprint?

1. <? XML version = "1.0" encoding = "UTF-8"?>
2. <Manifest xmlns: Android = "http://schemas.android.com/apk/res/android"
3. Package = "ZY. Hook"
4. Android: versioncode = "1"
5. Android: versionname = "1.0" type = "codeph" text = "/codeph">
6. <Application Android: icon = "@ drawable/icon" Android: Label = "@ string/app_name">
7. <Activity Android: Name = ". mainhook"
8. Android: Label = "@ string/app_name">
9. <Intent-filter>
10. <Action Android: Name = "android. Intent. Action. Main"/>
11. <Category Android: Name = "android. Intent. Category. launcher"/>
12. </Intent-filter>
13. </Activity>
14. </Application>
15. <Uses-SDK Android: minsdkversion = "7"/>
16. <Uses-Permission Android: Name = "android. Permission. write_external_storage"/>
17. </Manifest>

In particular, do not forget the permission <uses-Permission Android: Name = "android. Permission. write_external_storage"/>

Statement

 

Run the program and we can capture packets.

 

 

The capture. pcap file is generated on the sdcard.

 

 

After capturing the file for a period of time, export the file from the sdcard

 

Then we use Wireshark to open

 

You can conveniently view the packages we caught.

 

Hope to be useful to everyone

3. Use tcpdump/Wireshark to analyze the existing live video technology on the Android platform (reprinted)

See http://blog.csdn.net/moruite/article/details/6095465

 

Packet capture tool tcpdump for Android + Wireshark

To capture TCP data packets, we can use the tcpdump tool, similar to the tool used in Windows/Linux. The specific method is

Download tcpdump at http://www.strazzere.com/android/tcpdump.

For more information, see the document in http://www.tcpdump.org/

You need root permission,

ADB push c: \ wherever_you_put \ tcpdump/data/local/tcpdump

ADB shell chmod 6755/data/local/tcpdump

Packet Capture is simple

ADB shell tcpdump-p-VV-S 0-W/sdcard/capture. pcap

# "-P": Disable promiscuous mode (doesn' t work anyway)

# "-S 0": capture the entire packet

# "-W": Write packets to a file (rather than printing to stdout)

... Do whatever you want to capture, then ^ C to stop it... Export

ADB pull/sdcard/capture. pcap

Download Wireshark to view the data packet. The address is http://www.wireshark.org/download.html. Open this data packet and you can view the data.

Transferred from http://vcommon.growprogress.com /? P = 1293 use tcpdump/Wireshark to analyze the existing live broadcast technology on the Android platform

To resolve the live video protocol on Android phones, you can capture packets to view existing live video applications, such as Phoenix TV and mobile TV. The main methods are as follows:

1. Install the live video application on the android simulation and capture packets using Wireshark to view what protocols are based on, such as RTSP/HTTP

Advantage: in Windows, it is easier to use the wireshark packet capture tool with an interface.

Disadvantage: the android simulator has limited resources and the TV cannot be played normally.

Wireshark has many functions. The common function is to select the NIC name to capture packets and set the data filter, as shown in 1. Click options under the capture menu to select the built-in filter, for example, capture only HTTP/TCP/UDP packets and click Start to record data:

 

 

Figure 1 Wireshark packet capture tool

 

 

2. Install tcpdump on the Android mobile phone and save the log information to the sdcard. For example, capture the data packets of the mobile TV dopool application:

./Tcpdump-n-s 0-W/sdcard/dopool. pcap (-N indicates ignoring the DNS protocol, and-S 0 indicates capturing the protocol header and specific protocol information)

Below are some common TV live video protocol analysis on Android platforms

2.1 W. TV

 

 

2.2 Phoenix mobile

 

 

2.3 dopool mobile TV

 

 

 

Conclusion: W. TV and Phoenix TV are live broadcast functions based on RTSP/RTP protocol, while dopool is live broadcast based on TS stream.