发表新帖
发表新帖

Monitor network activity in Android Phones

前端 未结
关注
11 1683
庸人自扰
庸人自扰 2020-11-28 02:47

I would like to monitor network traffic of my Android Phone. I was thinking using tcpdump for Android, but I\'m not sure if I have to cross-compile for the phone.

An

相关标签:
11条回答
  • 不知归路
    2020-11-28 03:17

    You would need to root the phone and cross compile tcpdump or use someone else's already compiled version.

    You might find it easier to do these experiments with the emulator, in which case you could do the monitoring from the hosting pc. If you must use a real device, another option would be to put it on a wifi network hanging off of a secondary interface on a linux box running tcpdump.

    I don't know off the top of my head how you would go about filtering by a specific process. One suggestion I found in some quick googling is to use strace on the subject process instead of tcpdump on the system.

    0 讨论(0)
  • 情书的邮戳
    2020-11-28 03:27

    Preconditions: adb and wireshark are installed on your computer and you have a rooted android device.

    1. Download tcpdump to ~/Downloads
    2. adb push ~/Downloads/tcpdump /sdcard/
    3. adb shell
    4. su root
    5. mv /sdcard/tcpdump /data/local/
    6. cd /data/local/
    7. chmod +x tcpdump
    8. ./tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap
    9. Ctrl+C once you've captured enough data.
    10. exit
    11. exit
    12. adb pull /sdcard/dump.pcap ~/Downloads/

    Now you can open the pcap file using Wireshark.

    As for your question about monitoring specific processes, find the bundle id of your app, let's call it com.android.myapp

    1. ps | grep com.android.myapp
    2. copy the first number you see from the output. Let's call it 1234. If you see no output, you need to start the app.
    3. Download strace to ~/Downloads and put into /data/local using the same way you did for tcpdump above.
    4. cd /data/local
    5. ./strace -p 1234 -f -e trace=network -o /sdcard/strace.txt

    Now you can look at strace.txt for ip addresses, and filter your wireshark log for those IPs.

    0 讨论(0)
  • 萌比男神i
    2020-11-28 03:28

    TCPDUMP is one of my favourite tools for analyzing network, but if you find difficult to cross-compile tcpdump for android, I'd recomend you to use some applications from the market.

    These are the applications I was talking about:

    • Shark: Is small version of wireshark for Android phones). This program will create a *.pcap and you can read the file on PC with wireshark.
    • Shark Reader : This program allows you to read the *.pcap directly in your Android phone.

    Shark app works with rooted devices, so if you want to install it, be sure that you have your device already rooted.

    Good luck ;)

    0 讨论(0)
  • 温柔的废话
    2020-11-28 03:36

    Try this application https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture

    We can view all networking communications .. even SSL encrypted communications.

    0 讨论(0)
  • 暗喜
    2020-11-28 03:38

    For Android Phones(Without Root):- you can use this application tPacketCapture this will capture the network trafic for your device when you enable the capture. See this url for more details about network sniffing without rooting your device.

    Once you have the file which is in .pcap format you can use this file and analyze the traffic using any traffic analyzer like Wireshark.

    Also see this post for further ideas on Capturing mobile phone traffic on wireshark

    0 讨论(0)
  • 孤街浪徒
    2020-11-28 03:38

    The common approach is to call "cat /proc/net/netstat" as described here:

    Android network stats

    0 讨论(0)
 看不清?
提交回复
热议问题