I would like to get packet level data traffic captures (.pcap) in Android during a week (in several files if possible).
I thought that I could use tcpdump via Shark, however I find that the capture stops after some time. The biggest packet capture I got is around 40MB. I found out that tcpdump stops/crashes when changing the network interface. For example, when the phone is connected to 3G, when I run tcpdump from Shark I can see the process of tcpdump running until I switch on WiFi.
In the Galaxy S2, when connected via WiFi I have the following interfaces (got by using netcfg in adb shell): lo, svnet0, usb0, sit0, eth0. When I connect via 3G, I get pdp0 instead of eth0.
Is there any way that I can run tcpdump 24/7? Or any way to check when it is running and if it stops make it run again from a Java app? Checking the process of tcpdump or something like this maybe? Or monitoring the status of the network and running tcpdump every time the network is changed?
I had a look to: ReadLine on TCPDump-Buffer sometimes blocks until kill tcpdump , but it does not completely solve my problem.
I am using rooted devices.
Since tcpdump is a command line tool, you will require terminal access on your device. There are plenty of terminal access programs for the Android. Just go to the Play Store on your device, and search for Terminal Emulator, or Shell Terminal, or Command Prompt, and this will bring you to a suitable shell prompt.
Capture Only N Number of Packets When you run the tcpdump command it will capture all the packets for the specified interface, until you hit the cancel button. But using -c option, you can capture a specified number of packets. The below example will only capture 6 packets.
Using tPacketCapture is very easy, captured packet save into a PCAP file that can be easily analyzed by using a network protocol analyzer application such as Wireshark. You can route your android mobile traffic to PC and capture the traffic in the desktop using any network sniffing tool.
How about trying tPacketCapture application ( works with non-rooted devices)
Android OS 4.0
Free
https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture
If you have rooted device then use SimplePacketCapture instead of tPacketCapture. tPacketCapture creates a vpn that can break your voip application.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With