2010
01.17

Android debugging: Capturing network traffic with tcpdump

Category: Android / Tag:  / 1 comment

When writing Android applications that heavily rely on networking it can sometimes be useful to inspect the network traffic going out and coming into your device. Especially when writing applications that implement networking protocols (like ftp, smtp, ssh, xmpp,..) the ability to inspect packets at TCP-level is invaluable. The following guide will show you how to do this on your Android device.

Prerequisites

What you’ll need in order to do this:

Procedure

First you have to get the tcpdump binary on the device. Execute the following adb push command in a terminal from your SDK/tools directory.

$ ./adb push /home/steven/tcpdump-arm /data/local/

Next login to your device by executing the following adb shell command

$ ./adb shell

Once logged in to your device, navigate to the directory where you stored the tcpdump binary and gain root privileges.

$ cd data/local
$ su

Start the tcpdump binary and save the captured packets to file.

$ tcpdump-arm -s 0 -w out.txt

The -s 0 argument is necessary to capture the whole packets instead of only the first x bytes. The -w out.txt writes the captured packets to file.

Every network packet that passes your network connection will be recorded in the file out.txt. Now you can launch the app you’re debugging (if it isn’t already running) and use the functionality of which you want to inspect the network traffic.

When you think you have captured enough network traffic for analysis, press Ctrl+C in your terminal to stop the tcp-dump process.

Copy the resulting file out.txt back to your computer by exiting the device shell and executing the adb pull command.

$ exit
$ ./adb pull /data/local/out.txt /home/steven/out.txt

That’s it, you’re done. Now you can either analyse the network traffic by hand by reading the file with your favorite text editor or you can load it into a network analysis tool like Wireshark.

Happy debugging!