Archive

Posts Tagged ‘tcpdump’

tcpdump on Android

September 11, 2011 2 comments

I’m interested in intercepting the data my Android device is sending – I use Wireshark under windows, using winPcap to capture packets.

WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers.

http://www.winpcap.org

WinPcap is based on libpcap, a linux tool that’s been ported to Windows.

porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed

http://en.wikipedia.org/wiki/Porting

Linux Kernel, Linux tools?

Android has a linux kernel, so surely there must be a libpcab based tool out there to capture packets?

tcpdump is a command line tool for linux that can capture and analyse packets from the console, or write them to a file. Luckily, the files generated are compatible with Wireshark, being based on the same packet capture software.
The only issue now is to find a version made for Android.. I know some basic shell command like cat, grep, ls, but not enough to do my own Android cross compile..

Strazzere.com

So I was searching around for a tool and came across Strazzere.com – A site about Android and software engineering, and very kindly they host an Android version of tcpdump. It’s based on

tcpdump version 3.9.8 libpcap version 0.9.8

and the latest versions are 4.1.1 and 1.1.1 respectively, so it’s a little out of date, but fully functional.

Installation

So this probably only works if you have root – I have root, and I’m afraid I’m not going back to stock to test it. I have VillainRom 2.4.2 and these instructions are based on the steps I’ve taken to get packet capture working.

You need the Terminal Emulator installed, or you can run the same commands from the ADB shell on your computer, but this post is specifically about the terminal.

Download the file from your phone, so now the tcpdump file is on the handset. In this example, the file is stored in /sdcard/data/

The commands, file and directory names are all case sensitive, so tcpdump is NOT the same as TCPdump.

Terminal

Just cp file to bin and chmod

Now, in the terminal type;

  1. su
  2. mount -o remount,rw /system
  3. cp /sdcard/data/tcpdump system/bin
  4. cd system/bin
  5. chmod 777 tcpdump
  6. mount -o remount,ro /system

To explain the commands; you need to request root, set /system as read-write, copy tcpdump to /system, give it read/write/exec permissions and finally remount /system as read-only.

Packet Capture

Finally, you’re ready to capture some packets. In terminal window, type;

tcpdump -vv -s 0 -w /sdcard/tcp.cap

-vv puts tcpdump into verbose mode – to give us some extra information
-s 0 sets the size of sender to look for to zero, telling the program to grab all packets
-w /sdcard/output.cap will let us set the packets grabbed to be written to the sdcard for analysis later.

http://strazzere.com/blog/?p=286

and all packets will be logged to tcp.cap – Ctrl+C ends capture. This can be done with volume down and C in the emulator.

tcpdump in the Terminal window

Advertisements
Categories: Android, Software Tags: , ,