Best IT Recipes

Monitoring network activity on Android phones

I would like to monitor the network traffic of my Android phone. I was thinking of using tcpdump for Android, but I'm not sure what I need to cross compile for the phone.

Another question is this: if I want to track traffic data for a specific application, is there any command for this?

+56
android monitoring wireshark tcpdump
Feb 25 2018-11-21T00:
source share
11 answers

TCPDUMP is one of my favorite network analysis tools, but if you find it difficult to compile tcpdump for android, I recommend that you use some applications from the market.

These are the applications I talked about:

  • Shark: A small version of the wires for Android phones). This program will create * .pcap, and you can read with the file on the PC using wirehark.
  • Shark Reader: This program allows you to read * .pcap directly on your Android phone.

The Shark application works with root devices, so if you want to install it, make sure that you already have your device installed.

Good luck;)

+23
Feb 28 2018-11-21T00:
source share

If you are doing this from an emulator, you can do it like this:

Run emulator -tcpdump emulator.cap -avd my_avd to write all the emulator traffic to a local file on your PC and then open it in wirehark

There is a similar entry that can help HERE

+16
Feb 25 2018-11-11T00:
source share

Note. tcpdump requires root privileges, so you will need a root phone, if not already done. Here's ARM binary tcpdump (this works for my Samsung Captivate). If you prefer to create your own binary, the instructions are here (yes, you may have to cross-compile).

Also check out Shark For Root (tcpdump-based Android packet capture tool).

I do not believe that tcpdump can track traffic by a specific process identifier. The strace method referenced by Chris Stratton seems to be more of an effort than its value. It would be easier to control the specific IP addresses and ports used by the target process. If this information is unknown, record all traffic during the period of activity of the process, and then sift the resulting pcap using Wireshark.

+7
Feb 28
source share

The DDMS tool included in the Android SDK includes a tool for monitoring network traffic. It does not provide the details that you get from tcpdump and similar low-level tools, but it is still very useful.

Official documentation: http://developer.android.com/tools/debugging/ddms.html#network

+3
Jul 04 '13 at 8:26
source share

You will need to root the phone and compile tcpdump or use compilation with someone else.

It may seem easier for you to perform these experiments with the emulator, in which case you can do monitoring from the PC host. If you have to use a real device, another option is to put it on a Wi-Fi network, hanging on an additional interface in the linux box running tcpdump.

I do not know from what point of view you will be filtering by a specific process. One suggestion I found in some quick search mailing is to use strace on the subject process instead of tcpdump on the system.

+2
Feb 25 2018-11-29T00:
source share

For Android phones (without Root): - you can use this tPacketCapture application, it will capture network traffic for your device when you turn on capture. See this URL for more information on network sniffing without shortening your device.

Once you have a file in .pcap format, you can use this file and analyze traffic using any traffic analyzer such as Wireshark.

Also see this post for further ideas. Capturing mobile phone traffic on wirehark

+2
Apr 23 '15 at 21:28
source share

Without root, you can use debugging proxies like Charlesproxy & Co.

+2
Nov 10 '15 at 13:37
source share

Packet Capture is the best tool for tracking network data on Android. There is no need for root access for this and it is easy to read and save application-based calls. Check this out

+1
Feb 10 '16 at 9:35
source share

Try this app https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture

We can view all network communications .. even encrypted SSL messages.

+1
Apr 08 '17 at 17:46 on
source share

Prerequisites: adb and wireshark are installed on your computer and you have a rooted Android device.

  1. Download tcpdump to ~ / Downloads
  2. adb push ~/Downloads/tcpdump/sdcard/
  3. adb shell
  4. su root
  5. mv/sdcard/tcpdump/data/local/
  6. cd/data/local/
  7. chmod +x tcpdump
  8. ./tcpdump -vv -i any -s 0 -w/sdcard/dump.pcap
  9. exit
  10. exit
  11. adb pull/sdcard/dump.pcap ~/Downloads/

Now you can open the pcap file with Wireshark.

As for your question about monitoring specific processes, find the package ID of your application, let it be called com.android.myapp

  1. ps | grep com.android.myapp
  2. copy the first number you see from the output. Let's call it 1234. If you do not see the output, you need to run the application.
  3. Download strace to ~ / Downloads and put in /data/local same way you did for tcpdump above.
  4. cd/data/local
  5. ./strace -p 1234 -f -e trace=network -o/sdcard/strace.txt

Now you can look at strace.txt for ip addresses and filter your wireshark log for these IP addresses.

+1
Jan 18 '19 at 17:57
source share

A general approach is to call cat / proc / net / netstat, as described here:

Android Network Statistics

0
Feb 25 '11 at 20:28
source share


More articles:


All Articles