What is TCP dump?

What is TCP dump?

TCP dump is a common data packet analizer that runs under the command line. 

It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the device is attached. 

   

tcpdump is absolutely free software so user can download source code from its official web site http://www.tcpdump.org/. User can modify the source as per  requirement and build the modified code to get executable. It is very good news for normal tcpdump user those don't want to go through this long process please avoid it. You can get executable form here. 

How to Install it in device?

   

1. Connect Android device to system.

adb kill-server

adb device

adb root

adb remount

2. Push 'tcpdump' to your device filesystem '/system/xbin/'.

adb push /wherever/you/put/tcpdump /system/xbin/tcpdump

3. Change the permission of tcpdump executable file. 

     

adb shell chmod 777 /system/xbin/tcpdump

        

  

How to run tcpdum on device?

How to capture data packets on device?

adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap 

# "-i any": listen on any network interface 

# "-p": disable promiscuous mode (doesn't work anyway) 

# "-s 0": capture the entire packet 

# "-w": write packets to a file (rather than printing to stdout) ...

do whatever you want to capture,

then Ctrl+C to stop it ...

How to view .pcap or tcpdump?

    

1. Pull capture.pcap to your local file system.

               

adb pull  /sdcard/capture.pcap .

2. Open it through wireshark most popular tool for tcpdump.

wireshark capture.pcap