안드로이드 개발자 사이트에 보면 tcpdump 를 이용하는 방법이 있다.
Linux나 Windows에서 tcpdump를 사용해본 경험이 있는 분들은 간단하게 아래 설명을 보면된다.
arm용으로 빌드된 tcpdump-arm (첨부파일을 받아 확장자 변경) 바이너리를 단말기나 Emulator에 push한다.
$adb remount$adb push ./tcpdump-arm /data/local
$adb
#cd /data/local
#chmod 777 tcpdump-arm
#./tcpdump-arm -X -n -s 0 port 80 -w /sdcard/capture.pcap //만일 80 포트에서 I/O되는 패킷을 저장할 경우
...
... 인터넷 작업...
...
#^c
sdcard에서 저장된 capture.pcap파일을 꺼내어 wireshark(http://www.wireshark.org/download.html) 를 이용하여 TCP Stream을 확인하면 된다. tcpdump는 서버로부터 아무 응답이 없는 경우 단말기의 Socket에서 SYN (TCP 연결) 패킷이 보내졌는지, 서버가 응답안하는지, 전송, 응답 패킷을 확인하는 경우 유용하다.
[펌] Debugging with tcpdump and other tools
Installing tcpdump
Pushing the binary to an existing device
Download tcpdump from http://www.tcpdump.org/, then execute:
adb rootadb shell
adb remount
adb push /wherever/you/put/tcpdump /system/xbin/tcpdump
adb shell chmod 6755 /data/local/tmp/tcpdump
#./tcpdump-arm
If you are running your own build, execute:
mmm external/tcpdump # install the binary in out/.../system/xbin
make snod # build a new system.img that includes it
Flash the device as usual, for example, fastboot flashball.
If you want to build tcpdump by default, add CUSTOM_TARGETS += tcpdump to your buildspec.mk.
Running tcpdump
You need to have root access on your device.
Batch mode capture
The typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:
adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap
# "-i any": listen on any network interface
# "-p": disable promiscuous mode (doesn't work anyway)
# "-s 0": capture the entire packet
# "-w": write packets to a file (rather than printing to stdout)
... do whatever you want to capture, then ^C to stop it ...
adb pull /sdcard/capture.pcap .
sudo apt-get install wireshark # or ethereal, if you're still on dapper
wireshark capture.pcap # or ethereal
... look at your packets and be wise ...
You can run tcpdump in the background from an interactive shell or from Terminal. By default,tcpdump captures all traffic without filtering. If you prefer, add an expression like port 80 to thetcpdump command line.
Real time packet monitoring
Execute the following if you would like to watch packets go by rather than capturing them to a file (-n skips DNS lookups. -s 0 captures the entire packet rather than just the header):
adb shell tcpdump -n -s 0
Typical tcpdump options apply. For example, if you want to see HTTP traffic:
adb shell tcpdump -X -n -s 0 port 80
You can also monitor packets with wireshark or ethereal, as shown below:
# In one shell, start tcpdump.
adb shell "tcpdump -n -s 0 -w - | nc -l -p 11233"
# In a separate shell, forward data and run ethereal.
adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | ethereal -k -S -i -
Note that you can't restart capture via ethereal. If anything goes wrong, you will need to rerun both commands.
For more immediate output, add -l to the tcpdump command line, but this can cause adb to choke (it helps to use a nonzero argument for -s to limit the amount of data captured per packet; -s 100is sufficient if you just want to see headers).
Disabling encryption
If your service runs over https, tcpdump is of limited use. In this case, you can rewrite some service URLs to use http, for example:
vendor/google/tools/override-gservices url:calendar_sync_https_proxy \
https://www.google.com/calendar rewrite http://android.clients.google.com/proxy/calendar
Other network debugging commands
On the device:
ifconfig interface: note that unlike Linux, you need to giveifconfigan argumentnetcfg: lists interfaces and IP addressesiftop: like top for networkroute: examine the routing tablenetstat: see active network connectionsnc:netcatconnection utility
On the desktop:
curl: fetch URLs directly to emulate device requests
Dumping packets..
So a while back I had written about gathering packets from the android phone - often using simple ARP spoofing and Wireshark to grab all the traffic. Sadly I kept postponing this post and then just forgot to put it up, showing how to grab the packets in a much easier way, which doesn’t even require you to put your android phone on a WIFI network.
I’m not sure why this method never seemed to dawn on me in the beginning - since it’s so simple basically and has come in hand numerous times since :)
On your computers shell/cmd;
adb shell tcpdump -vv -s 0 -w /sdcard/output.cap
A quick run down of the switches we are using are the following;
-vv puts tcpdump into verbose mode - to give us some extra information
-s 0 sets the size of sender to look for to zero, telling the program to grab all packets
-w /sdcard/output.cap will let us set the packets grabbed to be written to the sdcard for analysis later.
Once your done just break the command (control-c) and go open up the .cap file with your favorite analyzer like wireshark.
You can also just run this command from your favorite terminal on the phone — allowing you to grab packets on the go. This should be pretty obvious, though I feel I must say it since people seem to think adb is something unlike a terminal? I’m not sure why this comes up, but people end up pasting the same thing I’ve done often, and then saying “You can just do it in a terminal on the phone, and it’s easiierr!”. Well yes, yes you can… Though copy-pasta-ing someones ideadoesn’t make your much brighter ;)
Directly on the phone, or already adb’ed into it;
tcpdump -vv -s 0 -w /sdcard/output.cap
Update: 8/31/09 I’ve pulled the tcpdump from my rom and uploaded it to my server, you can download it here: tcpdump. It is tcpdump version 3.9.8 libpcap version 0.9.8 - for anyone wondering. Push this file to you /system/bin or /system/xbin and then chmod’ing it to be executable should make this work. Enjoy!
출처 : http://blog.naver.com/PostView.nhn?blogId=vicfaith&logNo=150086174382
'안드로이드' 카테고리의 다른 글
| Manifest에서의 exported="false"에 대한 주의점. (0) | 2012.07.13 |
|---|---|
| WebViewClient (0) | 2012.07.12 |
| [WiFi Direct] WiFi Direct in Android 4.0 API Overview (번역) (0) | 2012.05.07 |
| Android 빌드하기 (0) | 2012.03.03 |
| Framework에서 Attrs.xml에 추가하기 (0) | 2012.02.03 |