Test_android uses tcpdump to capture packets

1. The mobile phone must have the root permission
2. Download tcpdump http://www.strazzere.com/android/tcpdump
3. ADB push c: \ wherever_you_put \ tcpdump/data/local/tcpdump
4. ADB shell chmod 6755/data/local/tcpdump
5. ADB shell and Su get the root permission
6. CD/data/local
7,./tcpdump-I any-p-S 0-W/sdcard/capture. pcap
Command parameters:
# "-I any": Listen on any network interface
# "-P": Disable promiscuous mode (doesn' t work anyway)
# "-S 0": capture the entire packet
# "-W": Write packets to a file (rather than printing to stdout)
... Do whatever you want to capture, then ^ C to stop it...
8, ADB pull/sdcard/capture. pcap D :/
9. Enable capture. pcap with Wireshark on the computer to analyze the log

Execute the following if you wowould like to watch packets go by rather than capturing them to a file (-N skips DNS lookups.-S 0 captures the entire packet rather than just the header ):

ADB shell tcpdump-n-s 0
Typical tcpdump options apply. For example, if you want to see http traffic:
Only listen for HTTP
ADB shell tcpdump-X-n-s 0 port 80
Based on the above information, write a bat for execution (the tcpdump file must be in the current directory ).
Start tcpdump
ADB push tcpdump/data/local/tcpdump
ADB shell chmod 6755/data/local/tcpdump
ADB shell Rm-r/sdcard/capture. pcap
ADB shell/data/local/tcpdump-I any-p-S 0-W/sdcard/capture. pcap
Pause

Download the tcpdump file to your computer
ADB pull/sdcard/capture. pcap capture. pcap
Problem: some machines use the ADB shell after root, which is not the root user by default. You need to enter Su to switch to the root user. This will cause problems when performing batch processing. The solution is as follows:
ADB shell "Su-C 'sleep 1 '"
ADB start-Server
ADB push tcpdump/data/local/tcpdump

//////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// ///////

How to capture packets on Android mobile phones
Packet Capture preparation
1. The Android phone must first obtain the root permission. One way to check whether the root permission is obtained: Install and enable the terminal simulator (which can be obtained through channels such as the Android Market ). On the terminal Simulator Interface, enter Su and press Enter. If an error is reported, it indicates that no root is returned. If the command prompt is changed from $ to #, it is "rooted;
2. If the Android mobile phone is not root, you can use superoneclick or other methods to perform root processing (you need to install Microsoft. NET Framework first ). Superoneclick brush root permissions tutorial :( http://soft.shouji.com.cn/news/501.shtml)
3. Obtain the android SDK first.
4. Need to get tcpdump software, get address (http://www.strazzere.com/android/tcpdump)
Packet Capture procedure
1. Connect the Android phone to USB on the computer and open the Windows Command Prompt window.
2. Copy the tcpdump program to the Android mobile phone. (The directory file in front of this command is the local address, and the directory in the back is the destination mobile address)
C: \ Android-SDK-Windows \ platform-tools> ADB push C:/tcpdump/data/local/tcpdump
3. Modify tcpdump Permissions
C: \ Android-SDK-Windows \ platform-tools> ADB Shell
# Chmod 777/data/local/tcpdump
4. Enter the root permission
C: \ Android-SDK-Windows \ platform-tools> ADB Shell
$ Su
After running the su command, a prompt message is displayed on the desktop of the mobile terminal to confirm your acceptance of the root operation.
5. Run tcpdump and run the following command to start packet capture.
/Data/local/tcpdump-p-VV-S 0-W/sdcard/capture. pcap
6. Execute the operations on the mobile phone end that require packet capture analysis. After the execution is complete, execute Ctrl + C in the Command Prompt window to interrupt the packet capture process.
7. Copy the packet capture result to the local device (the previous directory is the mobile phone address, and the subsequent directory is the local address)
C: \ Android-SDK-Windows \ platform-tools> ADB pull/sdcard/capture. pcap C :/
8. Use Wireshark and other tools to view the captured file capture. pcap