Thank you, for all the great info ! While I don't intend to capture on my phone but I do need to examine a capture from time to time.
Glenn
On Sep 2, 2011 2:59 PM, "Guy Harris" <
guy@xxxxxxxxxxxx> wrote:
>
> On Sep 2, 2011, at 11:39 AM, Tony Trinh wrote:
>
>> While there isn't a mobile edition of Wireshark [yet], there are other packet-capture tools, based on tcpdump (which runs on most Android devices). However, tcpdump requires root privileges, so you would have to root your phone in order to use it (assuming a rootkit is available for your device).
>
> And if anybody's about to use one of the iOSBasedMachineNames in a question, the same applies there - no jailbreak, no capture.
>
> In iOS, the only privilege you need to capture traffic is sufficient privilege to open a BPF device, but, by default, they're owned by root, permissions rw-------, in Darwin; we can (and do) override that in Mac OS X (by installing a startup item), but no way are Apple going to let us get away with that (or installing a launchd LaunchDaemon to do the same thing) in either an iOS App Store or Mac App Store application.
>
> I don't know what kernel versions Google are using, but it appears that Linux can give executable images additional privileges - see the Linux information in
>
>
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
>
> Of course, you probably need root privileges to do so, unless you can request that in an Android app.
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <
wireshark-users@xxxxxxxxxxxxx>
> Archives:
http://www.wireshark.org/lists/wireshark-users> Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
> mailto:
wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe