The android system uses tcpdump and wireshark to capture network data packets

TcpDump can completely intercept the "header" of the packets transmitted in the network for analysis. It supports filtering network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information. This tool is easy to use and can be captured through command line execution on linux, especially on adroid mobile phones.

TcpDump can completely intercept the "header" of the packets transmitted in the network for analysis. It supports filtering network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information.

This tool is easy to use and can be captured through command line execution on linux, especially on adroid mobile phones. Because most android phones do not haveTcpdumpFirst, you need to copy the tool to your mobile phone. it is different from some methods on the Internet.TcpdumpCopy the execution file to the system directory because the ro attribute is used by default after the system directory is started, the logging file also involves modifying attributes (for details about how to modify the Mount directory read/write attributes in the android mobile phone, see the http://blog.csdn.net/shuzui1985/article/details/7581803 of this blog)

Let's get down to the truth. First, make sure your mobile phone is already root. if you don't understand it, go online and look for it. I will not explain it.

Adb pushc: \ wherever_you_put \ tcpdump/data/local/tcpdump

Modify file attributes

Adb shell

Su

Chmod 6755/data/local/tcpdump

Command line packet capture

/Data/local/tcpdump-p-vv-s 0-w/Sdcard/capture. pcap-Which path do you write by the way?

(If tcpdump: no suitable device found appears. Make sure that you are using the root permission)

After packet capturing, ^ C and exit android bash

Adb pull/sdcard/capture. pcap

Use wireshark to open and view data (users who do not use wireshark can search directly)

I recently developed an Android network packet capture tool.

I have searched the internet for a long time.

No clue found

So we need to work hard on the linux layer.

Therefore, tcpdump in linux is used to implement the packet capture function.

To define tcpdump in a simple way, dump the traffic on anetwork is a packet analysis tool that intercepts packets on the network according to the user's definition.

As an essential tool for system administrators on the Internet, tcpdump, with its powerful functions and flexible interception policies, becomes one of the essential tools for every senior system administrator to analyze the network and troubleshoot problems.

Here I will mainly introduce how to use tcpdump on Android

I use a cracked version of G2 and a simulator.

Specifically, run linux commands in the APK program.

Tcpdump-p-vv-s 0-w/sdcard/capture. pcap

In this way, the captured package can be written into a capture. pcap file on the sdcard.

This file can be opened on the PC using wireshark for convenient viewing.

The specific source code is as follows:

MainHook. java

Package zy. hook;

Import java. io. IOException;

Import android. app. Activity;

Import android. OS. Bundle;

Import android. util. Log;

Public class MainHook extends Activity {

@ Override

Public void onCreate (Bundle savedInstanceState ){

Super. onCreate (savedInstanceState );

SetContentView (R. layout. main );

Try {

Runtime.getruntime(cmd.exe c ("tcpdump-p-vv-s 0-w/sdcard/capture. pcap ");

Log. I ("run", "success !!!!!!!!! ");

} Catch (IOException e ){

E. printStackTrace ();

Log. I ("run", e. toString ());

}

}

}

AndroidManifest. xml

Package = "zy. hook"

Android: versionCode = "1"

Android: versionName = "1.0" type = "codeph" text = "/codeph">

Android: label = "@ string/app_name">

In particular, do not forget the permissions

Statement

Run the program and we can capture packets.

The capture. pcap file is generated on the sdcard.

After capturing the file for a period of time, export the file from the sdcard

Then we use wireshark to open

You can conveniently view the packages we caught.

Hope to be useful to everyone

Packet capture tool TcpDump for Android + wireshark

To capture TCP data packets, we can use the TCPdump tool, similar to the tool used in windows/linux. The specific method is

You need root permission,

Adb pushc: \ wherever_you_put \ tcpdump/data/local/tcpdump

Adb shell chmod 6755/data/local/tcpdump

Packet capture is simple

Adb shell tcpdump-p-vv-s 0-w/sdcard/capture. pcap

# "-P": disable promiscuous mode (doesn' t work anyway)

# "-S 0": capture the entire packet

# "-W": write packets to a file (rather than printing tostdout)

... Do whatever you want to capture, then ^ C to stop it... Export

Adb pull/sdcard/capture. pcap

Download wireshark to view the data packet. The address is http://www.wireshark.org/download.html. open this data packet and you can view the data.