Instructionshttp://source.android.com/porting/tcpdump.htmlSource Code and Documentshttp://www.tcpdump.org/Compiled Binary Downloadhttp://www.strazzere.com/android/tcpdump数据包分析工具Wiresharkhttp://www.wireshark.org/download.html
Installing tcpdumpPushing the binary to an existing deviceDownload tcpdump from
http://www.tcpdump.org/, then execute:
- adb root
- adb remount
- adb push /wherever/you/put/tcpdump /system/xbin/tcpdump
- adb shell chmod 6755 /data/local/tmp/tcpdump
Running tcpdumpYou need to have root access on your device.
Batch mode captureThe typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:
- adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap
- # "-i any": listen on any network interface
- # "-p": disable promiscuous mode (doesn't work anyway)
- # "-s 0": capture the entire packet
- # "-w": write packets to a file (rather than printing to stdout)
-
- ... do whatever you want to capture, then ^C to stop it ...
-
- adb pull /sdcard/capture.pcap .
- sudo apt-get install wireshark # or ethereal, if you're still on dapper
- wireshark capture.pcap # or ethereal
-
- ... look at your packets and be wise ...
You can run tcpdump in the background from an interactive shell or from Terminal. By default, tcpdump captures all traffic without filtering. If you prefer, add an expression like port 80 to the tcpdump command line.
Real time packet monitoringExecute the following if you would like to watch packets go by rather than capturing them to a file (-n skips DNS lookups. -s 0 captures the entire packet rather than just the header):
- adb shell tcpdump -n -s 0
Typical tcpdump options apply. For example, if you want to see HTTP traffic:
- adb shell tcpdump -X -n -s 0 port 80