Android利用tcpdump抓包
Instructions
http://source.android.com/porting/tcpdump.html
SourceCodeandDocuments
http://www.tcpdump.org/
CompiledBinaryDownload
http://www.strazzere.com/android/tcpdump
数据包分析工具Wireshark
http://www.wireshark.org/download.html
Installingtcpdump
Pushingthebinarytoanexistingdevice
Downloadtcpdumpfromhttp://www.tcpdump.org/,thenexecute:
Cmd代码
adbroot
adbremount
adbpush/wherever/you/put/tcpdump/system/xbin/tcpdump
adbshellchmod6755/data/local/tmp/tcpdump
adbroot
adbremount
adbpush/wherever/you/put/tcpdump/system/xbin/tcpdump
adbshellchmod6755/data/local/tmp/tcpdump
Runningtcpdump
Youneedtohaverootaccessonyourdevice.
Batchmodecapture
Thetypicalprocedureistocapturepacketstoafileandthenexaminethefileonthedesktop,asillustratedbelow:
Cmd代码
adbshelltcpdump-iany-p-s0-w/sdcard/capture.pcap
#"-iany":listenonanynetworkinterface
#"-p":disablepromiscuousmode(doesn'tworkanyway)
#"-s0":capturetheentirepacket
#"-w":writepacketstoafile(ratherthanprintingtostdout)
...dowhateveryouwanttocapture,then^Ctostopit...
adbpull/sdcard/capture.pcap.
sudoapt-getinstallwireshark#orethereal,ifyou'restillondapper
wiresharkcapture.pcap#orethereal
...lookatyourpacketsandbewise...
adbshelltcpdump-iany-p-s0-w/sdcard/capture.pcap
#"-iany":listenonanynetworkinterface
#"-p":disablepromiscuousmode(doesn'tworkanyway)
#"-s0":capturetheentirepacket
#"-w":writepacketstoafile(ratherthanprintingtostdout)
...dowhateveryouwanttocapture,then^Ctostopit...
adbpull/sdcard/capture.pcap.
sudoapt-getinstallwireshark#orethereal,ifyou'restillondapper
wiresharkcapture.pcap#orethereal
...lookatyourpacketsandbewise...
YoucanruntcpdumpinthebackgroundfromaninteractiveshellorfromTerminal.Bydefault,tcpdumpcapturesalltrafficwithoutfiltering.Ifyouprefer,addanexpressionlikeport80tothetcpdumpcommandline.
Realtimepacketmonitoring
Executethefollowingifyouwouldliketowatchpacketsgobyratherthancapturingthemtoafile(-nskipsDNSlookups.-s0capturestheentirepacketratherthanjusttheheader):
Cmd代码
adbshelltcpdump-n-s0
adbshelltcpdump-n-s0
Typicaltcpdumpoptionsapply.Forexample,ifyouwanttoseeHTTPtraffic:
Cmd代码
adbshelltcpdump-X-n-s0port80