So, let’s start to say that there is a really good set of articles, written a year ago by Vincent Kornacky, that explains in details what you need(ed) to do in order to get tcpdump on your android phone:
- Monitoring Android Network Traffic Part I: Installing The Toolchain
- Monitoring Android Network Traffic Part II: Cross Compiling TCPDUMP
- Monitoring Android Network Traffic Part III: Installing & Executing TCPDUMP
- Monitoring Android Network Traffic Part IV: Forwarding To Wireshark
Unfortunately, things are changed since then (updates to the Emdebian distributions ceased, Debian Jessie evolved), so when I tried to follow the path outlined in the articles, I run into some problems, ending up that I had to do the same things (what) in a different way (how).
I strongly suggest you to read Vincent’s blog before continuing, because here you will find only a quick and dirty how-to, largely taken from the history of the commands that I had to issue on my brand new DebianJessie64 VM. And remember: if you follow these instructions, you are using them at your own risk:
Part I: Installing the toolchain
[…] Create /etc/apt/sources.list.d/crosstools.list containing:
deb http://emdebian.org/tools/debian/ jessie main[…]
If you just downloaded and installed Debian Jessie like me, you may need to:
su(instead of setup
wget(instead of install curl)
apt-key add emdebian-toolchain-archive.key
dpkg --add-architecture armhf
apt-get install crossbuild-essential-armhf
Please note that we specify armhf here. I did not investigate further, but since there are also armle and arm64 cross-compilers (and devices?) be aware of this detail (ie: your device will work?
uname -m may help). And, of course, you need to issue this command at the end to check if everything is ok:
Part II: Cross compiling libpcap and tcpdump
You can do it quite easely if you follow Vincent Kornacky steps, with this caveats:
- use libpcap-1.6.2 and tcpdump-4.6.2 (I’ll try again, but I didn’t get the latest tcpdump cross-compiled with the latest libpcap)
- use arm-linux-gnueabihf-gcc instead of arm-linux-gnueabi-gcc
here you are the commands:
tar zxvf libpcap-1.6.2.tar.gz
./configure --host=arm-linux --with-pcap=linux
tar zxvf tcpdump-4.6.2.tar.gz
./configure --host=arm-linux --disable-ipv6
Please note that if you have to go back and recompile libpcap (like me) you must unset CFLAGS, CPPFLAGS, LDFLAGS (and then, of course, set them again).
Part III: Installing & Executing TCPDUMP
Just follow Vincent’s steps.
Part IV: Forwarding To Wireshark
Uh, we have to cross-compile netcat… Remember to use hf, set the flags (or unset if you are doing everything in a hurry) and everything should work fine:
tar zxvf netcat-0.7.1.tar.gz
again, for any further detail please read Vincent’s article.
Just a few more words at the end of this quick and dirty how-to:
- I tested tcpdump on an Samsung Galaxy S2 with Cyanogenmod 11
- remember that you will not probabily be able to put the wifi in promiscuous mode