1. root 手机
2. 下载tcpdump 地址: http://www.strazzere.com/android/tcpdump
3. adb shell 进入手机修改/data/local权限
1. adb shell #登入手机
2. su #切换Root用户 (需要SuperSu Free 授权)
3. chmod 777 /data/local/ #修改目录权限,
4. 修改后Ctrl+C / Ctrl + D 退出adb shell
4. 将tcpdump程序copy到android手机
1. adb push ./tcpdump /data/local # 若提示Permission denied 则使用方法2
2. 先传到sdcard中再移动
adb push ./tcpdump /sdcard
adb shell
cd /data/local
su
mv /sdcard/tcpdump .
5. adb进入手机修改tcpdump的权限,修改为可执行权限
su #切换Root用户
chmod 777 /data/local/tcpdump #增加可执行权限
# 常用抓取命令
adb shell rm /sdcard/capture.pcap
adb shell /data/local/tcpdump -i any -p -s 0 -w /sdcard/capture.pcap
adb pull /sdcard/capture.pcap capture.pcap
用wireshark 打开capture.pcap即可查看数据包
# tcpdump 参数说明
"-i any": listen on any network interface
"-p": disable promiscuous mode (doesn't work anyway)
"-s 0": capture the entire packet
"-w": write packets to a file (rather than printing to stdout)
... do whatever you want to capture, then ^C to stop it ...
# 错误处理
1."./tcpdump": error: only position independent executables (PIE) are supported.
PIE这个安全机制从4.1引入,但是Android L之前的系统版本并不会去检验可执行文件是否基于PIE编译出的。因此不会报错。但是Android L已经开启验证,如果调用的可执行文件不是基于PIE方式编译的,则无法运行。解决办法非常简单,在Android.mk中加入如下flag就行。
LOCAL_CFLAGS += -pie -fPIE
LOCAL_LDFLAGS += -pie -fPIE
已编译好的tcpdump下载[tcpdump](https://leanote.com/api/file/getAttach?fileId=5cfde981ab6441607d005901)
2.CANNOT LINK EXECUTABLE "./tcpdump": cannot locate symbol "OPENSSL_add_all_algorithms_noconf" referenced by "/data/local/tcpdump"...
下载最新的tcpdump https://www.androidtcpdump.com/android-tcpdump/downloads
# 参考:
https://www.jianshu.com/p/ca6cdc825ad3
http://www.yinqisen.cn/blog-543.html