Monitor network activity in Android Phones

Question

I would like to monitor network traffic of my Android Phone. I was thinking using tcpdump for Android, but I\'m not sure if I have to cross-compile for the phone.

An

Answer 1

Preconditions: adb and wireshark are installed on your computer and you have a rooted android device.

1. Download tcpdump to ~/Downloads
2. adb push ~/Downloads/tcpdump /sdcard/
3. adb shell
4. su root
5. mv /sdcard/tcpdump /data/local/
6. cd /data/local/
7. chmod +x tcpdump
8. ./tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap
9. Ctrl+C once you've captured enough data.
10. exit
11. exit
12. adb pull /sdcard/dump.pcap ~/Downloads/

Now you can open the pcap file using Wireshark.

As for your question about monitoring specific processes, find the bundle id of your app, let's call it com.android.myapp

1. ps | grep com.android.myapp
2. copy the first number you see from the output. Let's call it 1234. If you see no output, you need to start the app.
3. Download strace to ~/Downloads and put into /data/local using the same way you did for tcpdump above.
4. cd /data/local
5. ./strace -p 1234 -f -e trace=network -o /sdcard/strace.txt

Now you can look at strace.txt for ip addresses, and filter your wireshark log for those IPs.