Android利用tcpdump抓包

Instructions

http://source.android.com/porting/tcpdump.html

SourceCodeandDocuments

http://www.tcpdump.org/

CompiledBinaryDownload

http://www.strazzere.com/android/tcpdump

数据包分析工具Wireshark

http://www.wireshark.org/download.html

Installingtcpdump

Pushingthebinarytoanexistingdevice

Downloadtcpdumpfromhttp://www.tcpdump.org/,thenexecute:

adb root
adb remount
adb push /wherever/you/put/tcpdump /system/xbin/tcpdump
adb shell chmod 6755 /data/local/tmp/tcpdump

Runningtcpdump

Youneedtohaverootaccessonyourdevice.

Batchmodecapture

Thetypicalprocedureistocapturepacketstoafileandthenexaminethefileonthedesktop,asillustratedbelow:

adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap
# "-i any": listen on any network interface
# "-p": disable promiscuous mode (doesn't work anyway)
# "-s 0": capture the entire packet
# "-w": write packets to a file (rather than printing to stdout)

   ... do whatever you want to capture, then ^C to stop it ...

adb pull /sdcard/capture.pcap .
sudo apt-get install wireshark  # or ethereal, if you're still on dapper
wireshark capture.pcap          # or ethereal

   ... look at your packets and be wise ...

YoucanruntcpdumpinthebackgroundfromaninteractiveshellorfromTerminal.Bydefault,tcpdumpcapturesalltrafficwithoutfiltering.Ifyouprefer,addanexpressionlikeport80tothetcpdumpcommandline.

Realtimepacketmonitoring

Executethefollowingifyouwouldliketowatchpacketsgobyratherthancapturingthemtoafile(-nskipsDNSlookups.-s0capturestheentirepacketratherthanjusttheheader):

adb shell tcpdump -n -s 0

Typicaltcpdumpoptionsapply.Forexample,ifyouwanttoseeHTTPtraffic:

adb shell tcpdump -X -n -s 0 port 80

相关推荐