On Sep 2, 2011, at 11:39 AM, Tony Trinh wrote:
> While there isn't a mobile edition of Wireshark [yet], there are other packet-capture tools, based on tcpdump (which runs on most Android devices). However, tcpdump requires root privileges, so you would have to root your phone in order to use it (assuming a rootkit is available for your device).
And if anybody's about to use one of the iOSBasedMachineNames in a question, the same applies there - no jailbreak, no capture.
In iOS, the only privilege you need to capture traffic is sufficient privilege to open a BPF device, but, by default, they're owned by root, permissions rw-------, in Darwin; we can (and do) override that in Mac OS X (by installing a startup item), but no way are Apple going to let us get away with that (or installing a launchd LaunchDaemon to do the same thing) in either an iOS App Store or Mac App Store application.
I don't know what kernel versions Google are using, but it appears that Linux can give executable images additional privileges - see the Linux information in
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
Of course, you probably need root privileges to do so, unless you can request that in an Android app.