| Dan Morrill | 3cd199f | 2009-11-06 14:04:16 -0800 | [diff] [blame] | 1 | page.title=Debugging with tcpdump and other tools |
| 2 | pdk.version=1.0 |
| 3 | doc.type=porting |
| 4 | @jd:body |
| 5 | |
| 6 | |
| 7 | <a name="toc"/> |
| 8 | <div style="padding:10px"> |
| 9 | <a href="#installing">Installing tcpdump</a><BR> |
| 10 | <a href="#running">Running tcpdump</a><br/> |
| 11 | <a href="#other">Other network debugging commands</a><br/> |
| 12 | </div> |
| 13 | |
| 14 | <a name="installing"></a> |
| 15 | <h3>Installing tcpdump</h3> |
| 16 | <h4>Pushing the binary to an existing device</h4> |
| 17 | <p>Download tcpdump from <a href="http://www.tcpdump.org/">http://www.tcpdump.org/</a>, then execute:</p> |
| 18 | <pre> |
| 19 | adb root |
| 20 | adb remount |
| 21 | adb push /wherever/you/put/tcpdump /system/xbin/tcpdump |
| 22 | adb shell chmod 6755 /data/local/tmp/tcpdump |
| 23 | </pre> |
| 24 | <h4>Including tcpdump in the build image</h4> |
| 25 | <p>If you are running your own build, execute:</p> |
| 26 | <pre> |
| 27 | mmm external/tcpdump # install the binary in out/.../system/xbin |
| 28 | make snod # build a new system.img that includes it |
| 29 | </pre> |
| 30 | <p>Flash the device as usual, for example, <code>fastboot flashball</code>.</p> |
| 31 | <p>If you want to build tcpdump by default, add <code>CUSTOM_TARGETS += tcpdump</code> to your <code>buildspec.mk</code>.</p> |
| 32 | <h3><a name="running"></a>Running tcpdump</h3> |
| 33 | <p>You need to have root access on your device. </p> |
| 34 | <h4>Batch mode capture</h4> |
| 35 | <p>The typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:</p> |
| 36 | <pre> |
| 37 | adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap |
| 38 | # "-i any": listen on any network interface |
| 39 | # "-p": disable promiscuous mode (doesn't work anyway) |
| 40 | # "-s 0": capture the entire packet |
| 41 | # "-w": write packets to a file (rather than printing to stdout) |
| 42 | |
| 43 | ... do whatever you want to capture, then ^C to stop it ... |
| 44 | |
| 45 | adb pull /sdcard/capture.pcap . |
| 46 | sudo apt-get install wireshark # or ethereal, if you're still on dapper |
| 47 | wireshark capture.pcap # or ethereal |
| 48 | |
| 49 | ... look at your packets and be wise ... |
| 50 | </pre> |
| 51 | <p>You can run <code>tcpdump</code> in the background from an interactive shell or from Terminal. By default, <code>tcpdump</code> captures all traffic without filtering. If you prefer, add an expression like port 80 to the <code>tcpdump</code> command line.</p> |
| 52 | <h4>Real time packet monitoring</h4> |
| 53 | <p>Execute the following if you would like to watch packets go by rather than capturing them to a file (<code>-n</code> skips DNS lookups. <code>-s 0</code> captures the entire packet rather than just the header):</p> |
| 54 | <pre> |
| 55 | adb shell tcpdump -n -s 0 |
| 56 | </pre> |
| 57 | <p>Typical <code>tcpdump</code> options apply. For example, if you want to see HTTP traffic:</p> |
| 58 | <pre> |
| 59 | adb shell tcpdump -X -n -s 0 port 80 |
| 60 | </pre> |
| 61 | <p>You can also monitor packets with <code>wireshark</code> or <code>ethereal</code>, as shown below:</p> |
| 62 | <pre> |
| 63 | # In one shell, start tcpdump. |
| 64 | adb shell "tcpdump -n -s 0 -w - | nc -l -p 11233" |
| 65 | |
| 66 | # In a separate shell, forward data and run ethereal. |
| 67 | adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | ethereal -k -S -i - |
| 68 | </pre> |
| 69 | <p>Note that you can't restart capture via <code>ethereal</code>. If anything goes wrong, you will need to rerun both commands.</p> |
| 70 | <p>For more immediate output, add <code>-l</code> to the <code>tcpdump</code> command line, but this can cause <code>adb</code> to choke (it helps to use a nonzero argument for <code>-s</code> to limit the amount of data captured per packet; <code>-s 100</code> is sufficient if you just want to see headers).</p> |
| 71 | <h4>Disabling encryption</h4> |
| 72 | <p>If your service runs over <code>https</code>, <code>tcpdump</code> is of limited use. In this case, you can rewrite some service URLs to use <code>http</code>, for example:</p> |
| 73 | <pre> |
| 74 | vendor/google/tools/override-gservices url:calendar_sync_https_proxy \ |
| 75 | https://www.google.com/calendar rewrite http://android.clients.google.com/proxy/calendar |
| 76 | </pre> |
| 77 | <h3><a name="other"></a>Other network debugging commands</h3> |
| 78 | <h4>On the device:</h4> |
| 79 | <ul> |
| 80 | <li><code>ifconfig interface</code>: note that unlike Linux, you need to give <code>ifconfig</code> an argument</li> |
| 81 | <li><code>netcfg</code>: lists interfaces and IP addresses</li> |
| 82 | <li><code>iftop</code>: like top for network</li> |
| 83 | <li><code>route</code>: examine the routing table</li> |
| 84 | <li><code>netstat</code>: see active network connections</li> |
| 85 | <li><code>nc</code>: <code>netcat</code> connection utility</li> |
| 86 | </ul> |
| 87 | <h4>On the desktop:</h4> |
| 88 | <ul> |
| 89 | <li> <code>curl</code>: fetch URLs directly to emulate device requests</li> |
| 90 | </ul> |