Use network traffic analysis tools to better debug Android applications

BKJIA exclusive translation] as developers, we all know that network-related programs we develop generally send related request information through the HTTP protocol. At the beginning of the application, the information transmitted on these networks is very smooth, and the information we get is what we expect.

However, developers will often find that there is no such situation, especially when applications are connected to the network, especially when high-concurrency traffic occurs, if data is lost or wrong, no one knows exactly what the currently sent and accepted data is, which is very unfavorable for program debugging. This requires that we must be able to capture the relevant packet data in the network and analyze and verify the data.

Preface

It is very useful to capture packets in the network for later analysis, but if we can carry out this analysis while capturing packets, it will get better results. In this way, developers can clearly understand the data of requests and responses in each test case. In this article, we will show you how to capture data packets in the Android Application Networking Program in real time, and use the famous network data analysis tool Wireshark for analysis.

Tutorial details

• Technology: Android + Wireshark
• Difficulty: Moderate
• Completion Time: 30-45 minutes

Step 1 install tcpdump

First, you must install tcpdump on the device. Tcpdump is a command line network data capture tool, and can capture the data stored in the file system, you can download at this address: http://www.tcpdump.org/

After downloading the tcpdump file, you only need to run the adb command to put it in the device. First of all, you must connect your phone to your computer by using the following command:

Adbdevices

This will list the devices that are currently connected to your computer. Run the following command to push the tcpdump file to the device:

Adb push/home/tcpdump/data/local

In the next several steps, you must use the root permission for the operation, and make tcpdump executable, as shown below:

Adb shell Cd data/local Su Chmod 777 tcpdump

Step 2 Save the captured data to the file

We can start tcpdmup in adbshell. The command is as follows:

Tcpdump-s0-v-wout.pcap

For the complete tcpdump command parameters, see this address: http://www.tcpdump.org/tcpdump_man.html

As shown in figure:

As you can see, tcpdump monitors the data packets of the current Nic. To stop monitoring, you only need to CTRL + C to stop monitoring, use pull to save it to the file system to facilitate Wireshark analysis. The command is as follows:

Adb pull/data/local/out. pcap/home/out. pcap

Data stored in the local file system will be analyzed using Wireshark later.

Step 3 capture data on the specified port

Next, we will change the output format of tcpdump and output it to a specified output port instead of a file to facilitate the use of netcat to filter data, this tool will be explained later. The command is as follows:

Adb shell "./data/local/tcpdump-n-s 0-w-| nc-l-p 12345"

In this way, all network traffic data packets will pass through port 12345.

Step 4 install netcat

First.

Step 5 Use Wireshark to analyze network data packets

Next, we will use Wireshark to analyze network data packets. First, use the forward Command of adb to redirect data packets from port 12345 of the mobile phone device to port 54321 of the PC computer, and then use the netstat tool to capture data entering port 54321, finally, use the pipeline operation to hand it over to wireshark for analysis. The command is as follows:

Adb forward tcp: 12345 tcp: 54321 & nc 127.0.0.1 54321 | wireshark-k-S-I-

Note that the port selection in this example is random. The reason for selecting different ports is to display the mutual calls between different commands. The same command can call the same port as long as these ports are not occupied.

After running, you can see the running situation of wireshark:

Comprehensive Operations

Now, after building different tools, we can use two different commands on two different terminals to complete the process from capturing data packets to analyzing data packets, the command is as follows:

Adb shell "./data/local/tcpdump-n-s 0-w-| nc-l-p 12345" Adb forward tcp: 12345 tcp: 54321 & nc 127.0.0.1 54321 | wireshark-k-S-I-

However, this operation is a little troublesome and requires you to open two terminals for operations. Therefore, in windows, you can use the following script in the attachment of this article to run a statement:

Start adb shell "./data/local/tcpdump-n-s 0-w-| nc-l-p 12345" Adb forward tcp: 12345 tcp: 54321 & nc 127.0.0.1 54321 | wireshark-k-S-I-

For example, you can see that only one terminal window is opened.

Note for Mac users

If you are a MAC user, pay attention to the following points:

Use the complete path for calling, such as "/Applications/Wireshark. app/Contents/Resources/bin/wireshark ".

2) In addition, when downgrading the command line, you must call it in the following format:

Adb forward tcp: 12345 tcp: 54321 & nc 127.0.0.1 54321 | sudo wireshark-k-S-I 2

Use sudo to grant wireshark administrator permissions. Note that the final parameter is 2 and a perl script is provided. You can download the script from the attachment in this article, the process of capturing data packets on a MAC machine and handing them over to wireshark for analysis:

 
 

  
  
#!/usr/bin/perl 
  
  
# Perform adb command on shell 
  
  
# to check if the device is attached 
  
  
$netstat = `adb shell 'netstat' 2>&1`; 
  
  
if($netstat =~ m/error: device not found/) 
  
  
{ 
  
  
die("Plug in your phone!\n"); 
  
  
} 
  
  
# Gain root priviledges 
  
  
open(SUDO, "|sudo echo ''"); 
  
  
close(SUDO); 
  
  
# Redirect STDERR output to STDOUT 
  
  
open STDERR, '>&STDOUT'; 
  
  
# Perform tcpdump and nc in background 
  
  
open(COMMAND1, "(adb shell \"data/local/tcpdump -n -s 0 -w - | nc -l -p 12345\") |"); 
  
  
# Perform piping to wireshark 
  
  
open(COMMAND2, "((adb forward tcp:12345 tcp:54321 && nc 127.0.0.1 54321 | sudo wireshark -k -S -i 2) &) 2>&1 > /dev/null |"); 
  
  
# Make sure the exit message appears after wireshark has been launched (hacky) 
  
  
sleep(5); 
  
  
print("Press ctrl-c to exit..."); 
  
  
<STDIN>; 
 
 

The attachment of this article can be downloaded here: https://mobiletuts.s3.amazonaws.com/Android-SDK_Wireshark_Traffic-Analysis/tcpdump_scripts.zip

BKJIA translations are not permitted to be reprinted. For reposted by the media partners, please indicate the source, author, and BKJIA translator !]