Using tcpdump to implement data capture tutorial under Android _android

If you want to analyze the network data interaction of an app on Android, you need to grab a packet on Android phones, the most commonly used grab kit is tcpdump, generate Wireshark pcap files with tcpdump, and then download pcap files to your computer. Use the computer Wireshark load Pcap file, through the Wireshark analysis tcpdump crawl data.

I. Installation of tcpdump

To install tcpdump for Android phones, you must first have the Android phone root, now the most commonly used root tool in the market is very powerful, it is recommended to use the root wizard, after the cell root, we can install tcpdump for the phone.

Download tcpdump file First, download address: Http://xiazai.jb51.net/201502/other/tcpdump.rar

Copy Code code as follows:

ADB push tcpdump/sdcard/
ADB Shell
Su
Cat/sdcard/tcpdump >/system/bin/tcpdump

Previous command if the prompt does not have permission, then execute the following command to try to add write permission to the/system directory

Copy Code code as follows:

Su
Mount

The row containing/system is found in the mount result, similar to the following:

Copy Code code as follows:

/dev/block/platform/msm_sdcc.1/by-name/system/system ext4 ro,seclabel,relatime,data=ordered 0 0

Place/system The first half of the line, that is,/dev/block/platform/msm_sdcc.1/by-name/system, execute the following command:

Copy Code code as follows:

Mount-o Remount/dev/block/platform/msm_sdcc.1/by-name/system/system

This time/system has the Write permission, continues to execute:

Copy Code code as follows:

Cat/sdcard/tcpdump >/system/bin/tcpdump
chmod 777/system/bin/tcpdump

So far, Tcpdump successfully installed into the/system/bin/directory, and then use the following command or grab the bag

Second, use tcpdump grab bag

Copy Code code as follows:

Tcpdump-i wlan0-s 0-w/sdcard/1.pcap

Can end with CTRL + C shortcut keys to let tcpdump end grab bag, caught data will be stored in the/sdcard/1.pcap file

Reopen a terminal (Terminal) and execute the following command

Copy Code code as follows:

ADB pull/sdcard/1.pcap.

1.pcap files are downloaded to the current directory on the terminal

Third, install Wireshark and analyze pcap files

From Wireshark official website https://www.wireshark.org/download for your system Wireshark, then click on your download Wireshark installation package installed Wireshark, find just download good 1.pcap files, double-click 1.pcap files, 1.pcap files will automatically be opened by Wireshark. The following filter conditions are entered in the Wireshark filter, which makes it easier to analyze the data sources.

Copy Code code as follows:

Tcp.port = = 80//filter TCP data from 80 ports
Udp.port = = 12345//filter UDP data from 12345 ports
IP.SRC = = 192.168.0.1//filter source IP for 192.168.0.1 data
IP.DST = = 192.168.0.1//Look over the IP for 192.168.0.1 data

The above filter conditions can be combined with and OR, for example

Copy Code code as follows:

Tcp.port = = IP.SRC = = 192.168.0.1//filter from port 80, TCP number from source IP to 192.168.0.1
Udp.port = = 12345 or IP.DST = = 192.168.0.1//filter UDP data from port 12345 or destination IP 192.168.0.1 data