Home | History | Annotate | Download | only in porting 
      1 page.title=Debugging with tcpdump and other tools
      2 pdk.version=1.0
      3 doc.type=porting
      4 @jd:body
      5 
      6 
      7 <a name="toc"/>
      8 <div style="padding:10px">
      9   <a href="#installing">Installing tcpdump</a><BR>
     10   <a href="#running">Running tcpdump</a><br/>
     11   <a href="#other">Other network debugging commands</a><br/>
     12 </div>
     13 
     14 <a name="installing"></a>
     15 <h3>Installing tcpdump</h3>
     16 <h4>Pushing the binary to an existing device</h4>
     17 <p>Download tcpdump from <a href="http://www.tcpdump.org/">http://www.tcpdump.org/</a>, then execute:</p>
     18 <pre>
     19 adb root
     20 adb remount
     21 adb push /wherever/you/put/tcpdump /system/xbin/tcpdump
     22 adb shell chmod 6755 /data/local/tmp/tcpdump
     23 </pre>
     24 <h4>Including tcpdump in the build image</h4>
     25 <p>If you are running your own build, execute:</p>
     26 <pre>
     27 mmm external/tcpdump  # install the binary in out/.../system/xbin
     28 make snod             # build a new system.img that includes it
     29 </pre>
     30 <p>Flash the device as usual, for example, <code>fastboot flashball</code>.</p>
     31 <p>If you want to build tcpdump by default, add <code>CUSTOM_TARGETS += tcpdump</code> to your <code>buildspec.mk</code>.</p>
     32 <h3><a name="running"></a>Running tcpdump</h3>
     33 <p>You need to have root access on your device. </p>
     34 <h4>Batch mode capture</h4>
     35 <p>The typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:</p>
     36 <pre>
     37 adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap
     38 # "-i any": listen on any network interface
     39 # "-p": disable promiscuous mode (doesn't work anyway)
     40 # "-s 0": capture the entire packet
     41 # "-w": write packets to a file (rather than printing to stdout)
     42 
     43    ... do whatever you want to capture, then ^C to stop it ...
     44 
     45 adb pull /sdcard/capture.pcap .
     46 sudo apt-get install wireshark  # or ethereal, if you're still on dapper
     47 wireshark capture.pcap          # or ethereal
     48 
     49    ... look at your packets and be wise ...
     50 </pre>
     51 <p>You can run <code>tcpdump</code> in the background from an interactive shell or from Terminal. By default, <code>tcpdump</code> captures all traffic without filtering. If you prefer, add an expression like port 80 to the <code>tcpdump</code> command line.</p>
     52 <h4>Real time packet monitoring</h4>
     53 <p>Execute the following if you would like to watch packets go by rather than capturing them to a file (<code>-n</code> skips DNS lookups. <code>-s 0</code> captures the entire packet rather than just the header):</p>
     54 <pre>
     55 adb shell tcpdump -n -s 0
     56 </pre>
     57 <p>Typical <code>tcpdump</code> options apply. For example, if you want to see HTTP traffic:</p>
     58 <pre>
     59 adb shell tcpdump -X -n -s 0 port 80
     60 </pre>
     61 <p>You can also monitor packets with <code>wireshark</code> or <code>ethereal</code>, as shown below:</p>
     62 <pre>
     63 # In one shell, start tcpdump.
     64 adb shell "tcpdump -n -s 0 -w - | nc -l -p 11233"
     65 
     66 # In a separate shell, forward data and run ethereal.
     67 adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | ethereal -k -S -i -
     68 </pre>
     69 <p>Note that you can't restart capture via <code>ethereal</code>. If anything goes wrong, you will need to rerun both commands.</p>
     70 <p>For more immediate output, add <code>-l</code> to the <code>tcpdump</code> command line, but this can cause <code>adb</code> to choke (it helps to use a nonzero argument for <code>-s</code> to limit the amount of data captured per packet; <code>-s 100</code> is sufficient if you just want to see headers).</p>
     71 <h4>Disabling encryption</h4>
     72 <p>If your service runs over <code>https</code>, <code>tcpdump</code> is of limited use. In this case, you can rewrite some service URLs to use <code>http</code>, for example:</p>
     73 <pre>
     74 vendor/google/tools/override-gservices url:calendar_sync_https_proxy \
     75   https://www.google.com/calendar rewrite http://android.clients.google.com/proxy/calendar
     76 </pre>
     77 <h3><a name="other"></a>Other network debugging commands</h3>
     78 <h4>On the device:</h4>
     79 <ul>
     80   <li><code>ifconfig interface</code>: note that unlike Linux, you need to give <code>ifconfig</code> an argument</li>
     81   <li><code>netcfg</code>: lists interfaces and IP addresses</li>
     82   <li><code>iftop</code>: like top for network</li>
     83   <li><code>route</code>: examine the routing table</li>
     84   <li><code>netstat</code>: see active network connections</li>
     85   <li><code>nc</code>: <code>netcat</code> connection utility</li>
     86 </ul>
     87 <h4>On the desktop:</h4>
     88 <ul>
     89   <li> <code>curl</code>: fetch URLs directly to emulate device requests</li>
     90 </ul>
     91