Android编译tcpdump,为Android平台编译tcpdump工具

最新推荐文章于 2021-11-08 11:13:13 发布

栗春希夏

最新推荐文章于 2021-11-08 11:13:13 发布

阅读量644

点赞数

文章标签： Android编译tcpdump

转载请注明出处：https://mp.csdn.net/postedit/86597115

1.什么是tcpdump?

Tcpdump可以将网络中传送的数据包完全截获下来提供分析。它支持针对网络层、协议、主机、网络或端口的过滤，并提供and、or、not等逻辑语句来帮助你去掉无用的信息。

2.问题描述

在Android 7.0下，使用tcpdump抓包，出现如下错误：

error: Android 5.0 and later only support position-independent executables (-fPIE).

这是由于PIE安全机制引起的，从Android4.1引入该机制，在Android L 也就是Lollipop之前，并不会去检验可执行文件是否基于PIE编译出来的，因此不会报错，但是Android L已经开始验证，如果电泳的可执行文件不是基于PIE编译的，则无法运行。解决方法很简单，就是重新编译下，加上如下flag就行。

LOCAL_CFLAGS +=-pie -fPIE

LOCAL_LDFLAGS +=-pie -fPIE

3.前期准备

系统环境：Ubuntu

Android NDK

源码：libpcap v1.9.0,tcpdump v4.9.2，下载地址为：libpcap-1.9.0.tar.gz和tcpdump-4.9.2.tar.gz

编译前首先检查有没有lex和yacc工具，没有的话则执行如下命令：

sudo apt-get install flex bison

3.1 NDK环境搭建

3.1.1 下载ndk,命令如下：

wget -c http://dl.google.com.android/ndk/android-ndk64-r10b-linux-86_64.tar.bz2

3.1.2 解压

将下载好的ndk包解压到指定目录(此处的/home/li是我的机器的用户名，此目录根据个人情况随意更换)，命令如下：

sudo tar -C /home/li/ -xvf android-ndk64-r10b-linux-86_64.tar.bz2

3.1.3 配置环境变量

sudo gedit ~/.bashrc

添加如下代码：

export NDK=/home/li/android-ndk-r10b

export PATH=${PATH}:$NDK

执行 source ~/.bashrc命令使其文件生效

检查环境变量有没有配置成功，命令如下：

ndk-build

只要没出现 command not found就证明环境变量配置成功。

3.2编译tcpdump

3.2.1为ubunt编译tcpdunp

首先下载源码libpcap-1.9.0.tar.gz和tcpdump-4.9.2.tar.gz

也可使用命令行下载：

wget -c http://www.tcpdump.org/release/libpcap-1.9.0.tar.gz

wget -c http://www.tcpdump.org/release/tcpdump-4.9.2.tar.gz

分别解压libpcap-1.9.0.tar.gz和tcpdump-4.9.2.tar.gz

进入libpcap-1.9.0目录，执行：./configure,然后执行make

进入tcpdump-4.9.2目录，执行：./configure,然后执行make

此时再执行./tcpdump即可在ubuntu上运行tcpdump

3.2.2为Android平台编译tcpdump

在一个你所熟知的目录下创建一个shell脚本，我暂时命名为build_tcpdump.sh,内容如下：

#!/bin/sh

# --------------------------------------

# Title: build-tcpdump

# Author: Loic Poulain, loic.poulain@gmail.com

# Updated by: muzso (http://muzso.hu/)

# Purpose: download & build tcpdump for arm android platform

# You have to define your android NDK directory before calling this script

# example:

# $ export NDK=/home/Workspace/android-ndk-r10e

# $ sh build-tcpdump

# works with

# tcpdump 4.7.4

# android-ndk-r10e

# You'll need lex and yacc.

# On Debian/Ubuntu based systems run this:

# sudo apt-get install flex bison

# --------------------------------------

# default, edit version

tcpdump_ver=4.7.4

libpcap_ver=1.7.4

# note: libpcap v1.7.2 only required api v9, but libpcap v1.7.3+ requires api v21

# And tcpdump v4.7.4 requires libpcap v1.7.3+ too (tcpdump v4.7.3 could be compiled with libpcap v1.7.2).

# So viable combos are:

# * api=9, libpcap=1.7.2, tcpdump=4.7.3

# * api=21, libpcap=1.7.4, tcpdump=4.7.4

android_api_def=L

ndk_dir_def=android-ndk-r10b

toolname=arm-linux-androideabi-4.9/

#指定平台arm mips aarch64

platform=arm

#-------------------------------------------------------#

tcpdump_dir=tcpdump-${tcpdump_ver}

libpcap_dir=libpcap-${libpcap_ver}

if [ ${NDK} ]

then

ndk_dir=${NDK}

else

ndk_dir=${ndk_dir_def}

ndk_dir=`readlink -f ${ndk_dir}`

if [ ${ANDROID_API} ]

then

android_api=${ANDROID_API}

else

android_api=${android_api_def}

echo "_______________________"

echo ""

echo "NDK - ${ndk_dir}"

echo "Android API: ${android_api}"

echo "_______________________"

exit_error()

{

echo " _______"

echo "| |"

echo "| ERROR |"

echo "|_______|"

exit 1

}

{

if [ $# -ne 0 ]

then

if [ -d $1 ]

then

cd $1

else

echo directory $1 not found

exit_error

else

mkdir tcpdumpbuild

cd tcpdumpbuild

}

# create env

{

echo " ____________________"

echo "| |"

echo "| CREATING TOOLCHAIN |"

echo "|____________________|"

if [ -d toolchain ]

then

echo Toolchain already exist! Nothing to do.

else

echo Creating toolchain...

mkdir toolchain

bash ${ndk_dir}/build/tools/make-standalone-toolchain.sh --arch=$platform --platform=android-${android_api} --toolchain=${toolname} --install-dir=toolchain

if [ $? -ne 0 ]

then

rm -fr toolchain

exit_error

export CC=arm-linux-androideabi-gcc

export RANLIB=arm-linux-androideabi-ranlib

export AR=arm-linux-androideabi-ar

export LD=arm-linux-androideabi-ld

export PATH=`pwd`/toolchain/bin:$PATH

}

# download & untar libpcap + tcpdump

{

echo " _______________________________"

echo "| |"

echo "| DOWNLOADING LIBPCAP & TCPDUMP |"

echo "|_______________________________|"

tcpdump_file=${tcpdump_dir}.tar.gz

libpcap_file=${libpcap_dir}.tar.gz

tcpdump_link=http://www.tcpdump.org/release/${tcpdump_file}

libpcap_link=http://www.tcpdump.org/release/${libpcap_file}

if [ -f ${tcpdump_file} ]

then

echo ${tcpdump_file} already downloaded! Nothing to do.

else

echo Download ${tcpdump_file}...

wget ${tcpdump_link}

if [ ! -f ${tcpdump_file} ]

then

exit_error

if [ -f ${libpcap_file} ]

then

echo ${libpcap_file} already downloaded! Nothing to do.

else

echo Download ${libpcap_file}...

wget ${libpcap_link}

if [ ! -f ${libpcap_file} ]

then

exit_error

if [ -d ${tcpdump_dir} ]

then

echo ${tcpdump_dir} directory already exist! Nothing to do.

else

echo untar ${tcpdump_file}

tar -zxf ${tcpdump_file}

if [ -d ${libpcap_dir} ]

then

echo ${libpcap_dir} directory already exist! Nothing to do.

else

echo untar ${libpcap_file}

tar -zxf ${libpcap_file}

}

# build libpcap

{

cd ${libpcap_dir}

echo " _____________________"

echo "| |"

echo "| CONFIGURING LIBPCAP |"

echo "|_____________________|"

chmod +x configure

./configure --host=$platform-linux --with-pcap=linux ac_cv_linux_vers=2

if [ $? -ne 0 ]

then

exit_error

echo " __________________"

echo "| |"

echo "| BUILDING LIBPCAP |"

echo "|__________________|"

chmod +x runlex.sh

make

if [ $? -ne 0 ]

then

exit_error

cd ..

}

# build tcpdump

{

cd ${tcpdump_dir}

echo " _____________________"

echo "| |"

echo "| CONFIGURING TCPDUMP |"

echo "|_____________________|"

chmod +x configure

# Compile PIE (position independent executable) for Lollipop compatibility.

./configure --host=$platform-linux ac_cv_linux_vers=2 --with-crypto=no CFLAGS='-fPIE' LDFLAGS='-fPIE -pie'

if [ $? -ne 0 ]

then

exit_error

echo " __________________"

echo "| |"

echo "| BUILDING TCPDUMP |"

echo "|__________________|"

#setprotoent endprotoen not supported on android

sed -i".bak" "s/setprotoent/\/\/setprotoent/g" print-isakmp.c

sed -i".bak" "s/endprotoent/\/\/endprotoent/g" print-isakmp.c

# NBBY is not defined => FORCE definition

make CFLAGS='-DNBBY=8' # for tcpdump < 4.2.1 (CFLAGS redefined in Makefile) => just make

if [ $? -ne 0 ]

then

exit_error

cd ..

}

cp ${tcpdump_dir}/tcpdump .

chmod +x tcpdump

echo " __________________"

echo "| |"

echo "| TCPDUMP IS READY |"

echo "|__________________|"

echo `pwd`/tcpdump

在NDK的目录下执行如下命令：

export ：NDK=/home/li/android-ndk64-r10b

bash build_tcpdump.sh

tcpdump编译成功后

此时可以看到，在/home/li/android-ndk64-r10b/tcpdumpbuild/目录下有编译好的tcpdump

4.Push到Android设备上

adb push /home/li/android-ndk64-r10b/tcpdumpbuild/tcpdump /sdcard/

切换root用户命令：su

将tcpdump移动至/data/local/目录下

mv /sdcard/tcpdump /data/local/

修改其权限：

chmod 6755 tcpdump

再执行 ./tcpdump

发现原来的错误不见了，大功告成。

参考链接：

https://www.jianshu.com/p/aca8345dc7fb

http://vjson.com/wordpress/compile-tcpdump-for-android-lollipop.html

本人技术小白一枚，主要参考以上两篇博客，但是在自己的执行过程中发现了shell脚本中的一些错误(可能是NDK版本与tcpdump版本不相符)，并进行了相对应的修改。

如有错误欢迎指出，谢谢大家！

栗春希夏

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Android编译tcpdump,为Android平台编译tcpdump工具

转载请注明出处：https://mp.csdn.net/postedit/865971151.什么是tcpdump?Tcpdump可以将网络中传送的数据包完全截获下来提供分析。它支持针对网络层、协议、主机、网络或端口的过滤，并提供and、or、not等逻辑语句来帮助你去掉无用的信息。2.问题描述在Android 7.0下，使用tcpdump抓包，出现如下错误：error: Android 5.0 ...
复制链接

扫一扫