Android利用tcpdump抓包

Instructions
http://source.android.com/porting/tcpdump.html
Source Code and Documents
http://www.tcpdump.org/
Compiled Binary Download
http://www.strazzere.com/android/tcpdump
数据包分析工具Wireshark
http://www.wireshark.org/download.html


Installing tcpdump
Pushing the binary to an existing device
Download tcpdump from http://www.tcpdump.org/, then execute:
Cmd代码

1. adbroot
2. adbremount
3. adbpush/wherever/you/put/tcpdump/system/xbin/tcpdump
4. adbshellchmod6755/data/local/tmp/tcpdump

adb rootadb remountadb push /wherever/you/put/tcpdump /system/xbin/tcpdumpadb shell chmod 6755 /data/local/tmp/tcpdump

Running tcpdump
You need to have root access on your device.
Batch mode capture
The typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:
Cmd代码

1. adbshelltcpdump-iany-p-s0-w/sdcard/capture.pcap
2. #"-iany":listenonanynetworkinterface
3. #"-p":disablepromiscuousmode(doesn'tworkanyway)
4. #"-s0":capturetheentirepacket
5. #"-w":writepacketstoafile(ratherthanprintingtostdout)
7. ...dowhateveryouwanttocapture,then^Ctostopit...
9. adbpull/sdcard/capture.pcap.
10. sudoapt-getinstallwireshark#orethereal,ifyou'restillondapper
11. wiresharkcapture.pcap#orethereal
13. ...lookatyourpacketsandbewise...

adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap# "-i any": listen on any network interface# "-p": disable promiscuous mode (doesn't work anyway)# "-s 0": capture the entire packet# "-w": write packets to a file (rather than printing to stdout)   ... do whatever you want to capture, then ^C to stop it ...adb pull /sdcard/capture.pcap .sudo apt-get install wireshark  # or ethereal, if you're still on dapperwireshark capture.pcap          # or ethereal   ... look at your packets and be wise ...

You can run tcpdump in the background from an interactive shell or from Terminal. By default, tcpdump captures all traffic without filtering. If you prefer, add an expression like port 80 to the tcpdump command line.

Real time packet monitoring
Execute the following if you would like to watch packets go by rather than capturing them to a file (-n skips DNS lookups. -s 0 captures the entire packet rather than just the header):
Cmd代码

1. adbshelltcpdump-n-s0

adb shell tcpdump -n -s 0

Typical tcpdump options apply. For example, if you want to see HTTP traffic:
Cmd代码

1. adbshelltcpdump-X-n-s0port80

adb shell tcpdump -X -n -s 0 port 80

更多相关文章

1. Android(安卓)Camera子系统代码流程1
2. Android图片圆角 用简单的方法实现
3. Android(安卓)全屏
4. android开机启动一个Service实例
5. android开机启动一个Service实例
6. android全屏设置代码
7. Android工具库
8. android framework 低电量关机处理流程 浅析
9. Android中一些比较好的开源代码项目

随机推荐

1. ***欺骗技术在护网行动的应用
2. Redis和MongoDB优缺点介绍！Python学习
3. java中的IO整理
4. 【MySql】sql_slave_skip_counter 参数的
5. 利用zimbra clientuploader实现文件上传
6. 使用shell脚本实现自动备份MySQL数据库
7. java堆栈
8. Python中tuple和list有什么区别?Python入
9. PHP类报错怎么办？
10. Linux高阶命令使用