引用：

 

Instructions 

Source Code and Documents 

 

Compiled Binary Download 

数据包分析工具Wireshark 

Installing tcpdump 

Pushing the binary to an existing device 

Download tcpdump from , then execute:

adb root
adb remount
adb push /wherever/you/put/tcpdump /system/xbin/tcpdump
adb shell chmod 6755 /data/local/tmp/tcpdump

Running tcpdump 

You need to have root access on your device. 

Batch mode capture 

The typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:

adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap
# "-i any": listen on any network interface
# "-p": disable promiscuous mode (doesn't work anyway)
# "-s 0": capture the entire packet
# "-w": write packets to a file (rather than printing to stdout)

   ... do whatever you want to capture, then ^C to stop it ...

adb pull /sdcard/capture.pcap .
sudo apt-get install wireshark  # or ethereal, if you're still on dapper
wireshark capture.pcap          # or ethereal

   ... look at your packets and be wise ...

You can run tcpdump in the background from an interactive shell or from Terminal. By default, tcpdump captures all traffic without filtering. If you prefer, add an expression like port 80 to the tcpdump command line.

Real time packet monitoring 

Execute the following if you would like to watch packets go by rather than capturing them to a file (-n skips DNS lookups. -s 0 captures the entire packet rather than just the header):

adb shell tcpdump -n -s 0

Typical tcpdump options apply. For example, if you want to see HTTP traffic: 

               adb shell tcpdump -X -n -s 0 port 80
adb shell tcpdump -X -n -s 0 port 80
-----------------------------------------------------------引用：