If you want to analyze the network data interaction of an app on Android, you need to grab a packet on Android phones, the most commonly used grab kit is tcpdump, generate Wireshark pcap files with tcpdump, and then download pcap files to your computer. Use the computer Wireshark load Pcap file, through the Wireshark analysis tcpdump crawl data.
I. Installation of tcpdump
To install tcpdump for Android phones, you must first have the Android phone root, now the most commonly used root tool in the market is very powerful, it is recommended to use the root wizard, after the cell root, we can install tcpdump for the phone.
Download tcpdump file First, download address: Http://xiazai.jb51.net/201502/other/tcpdump.rar
Copy Code code as follows:
ADB push tcpdump/sdcard/
ADB Shell
Su
Cat/sdcard/tcpdump >/system/bin/tcpdump
Previous command if the prompt does not have permission, then execute the following command to try to add write permission to the/system directory
Copy Code code as follows:
The row containing/system is found in the mount result, similar to the following:
Copy Code code as follows:
/dev/block/platform/msm_sdcc.1/by-name/system/system ext4 ro,seclabel,relatime,data=ordered 0 0
Place/system The first half of the line, that is,/dev/block/platform/msm_sdcc.1/by-name/system, execute the following command:
Copy Code code as follows:
Mount-o Remount/dev/block/platform/msm_sdcc.1/by-name/system/system
This time/system has the Write permission, continues to execute:
Copy Code code as follows:
Cat/sdcard/tcpdump >/system/bin/tcpdump
chmod 777/system/bin/tcpdump
So far, Tcpdump successfully installed into the/system/bin/directory, and then use the following command or grab the bag
Second, use tcpdump grab bag
Copy Code code as follows:
Tcpdump-i wlan0-s 0-w/sdcard/1.pcap
Can end with CTRL + C shortcut keys to let tcpdump end grab bag, caught data will be stored in the/sdcard/1.pcap file
Reopen a terminal (Terminal) and execute the following command
Copy Code code as follows:
1.pcap files are downloaded to the current directory on the terminal
Third, install Wireshark and analyze pcap files
From Wireshark official website https://www.wireshark.org/download for your system Wireshark, then click on your download Wireshark installation package installed Wireshark, find just download good 1.pcap files, double-click 1.pcap files, 1.pcap files will automatically be opened by Wireshark. The following filter conditions are entered in the Wireshark filter, which makes it easier to analyze the data sources.
Copy Code code as follows:
Tcp.port = = 80//filter TCP data from 80 ports
Udp.port = = 12345//filter UDP data from 12345 ports
IP.SRC = = 192.168.0.1//filter source IP for 192.168.0.1 data
IP.DST = = 192.168.0.1//Look over the IP for 192.168.0.1 data
The above filter conditions can be combined with and OR, for example
Copy Code code as follows:
Tcp.port = = IP.SRC = = 192.168.0.1//filter from port 80, TCP number from source IP to 192.168.0.1
Udp.port = = 12345 or IP.DST = = 192.168.0.1//filter UDP data from port 12345 or destination IP 192.168.0.1 data