Installing tcpdump
Pushing the binary to an existing device
Download tcpdump from http://www.tcpdump.org/, then execute:
adb root adb remount adb push /wherever/you/put/tcpdump /system/xbin/tcpdump adb shell chmod 6755 /data/local/tmp/tcpdump
Including tcpdump in the build image
If you are running your own build, execute:
mmm external/tcpdump # install the binary in out/.../system/xbin make snod # build a new system.img that includes it
Flash the device as usual, for example, fastboot flashball.
If you want to build tcpdump by default, add CUSTOM_TARGETS += tcpdump to your buildspec.mk.
Running tcpdump
You need to have root access on your device.
Batch mode capture
The typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:
adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap # "-i any": listen on any network interface # "-p": disable promiscuous mode (doesn't work anyway) # "-s 0": capture the entire packet # "-w": write packets to a file (rather than printing to stdout) ... do whatever you want to capture, then ^C to stop it ... adb pull /sdcard/capture.pcap . sudo apt-get install wireshark # or ethereal, if you're still on dapper wireshark capture.pcap # or ethereal ... look at your packets and be wise ...
You can run tcpdump in the background from an interactive shell or from Terminal. By default, tcpdump captures all traffic without filtering. If you prefer, add an expression like port 80 to the tcpdump command line.
Real time packet monitoring
Execute the following if you would like to watch packets go by rather than capturing them to a file (-n skips DNS lookups. -s 0 captures the entire packet rather than just the header):
adb shell tcpdump -n -s 0
Typical tcpdump options apply. For example, if you want to see HTTP traffic:
adb shell tcpdump -X -n -s 0 port 80
You can also monitor packets with wireshark or ethereal, as shown below:
# In one shell, start tcpdump. adb shell "tcpdump -n -s 0 -w - | nc -l -p 11233" # In a separate shell, forward data and run ethereal. adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | ethereal -k -S -i -
Note that you can't restart capture via ethereal. If anything goes wrong, you will need to rerun both commands.
For more immediate output, add -l to the tcpdump command line, but this can cause adb to choke (it helps to use a nonzero argument for -s to limit the amount of data captured per packet; -s 100 is sufficient if you just want to see headers).
Disabling encryption
If your service runs over https, tcpdump is of limited use. In this case, you can rewrite some service URLs to use http, for example:
vendor/google/tools/override-gservices url:calendar_sync_https_proxy \ https://www.google.com/calendar rewrite http://android.clients.google.com/proxy/calendar
Other network debugging commands
On the device:
ifconfig interface: note that unlike Linux, you need to giveifconfigan argumentnetcfg: lists interfaces and IP addressesiftop: like top for networkroute: examine the routing tablenetstat: see active network connectionsnc:netcatconnection utility
On the desktop:
-
curl: fetch URLs directly to emulate device requests