Wireshark · Wireshark-dev: Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mod

Wireshark-dev: Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7

From: Peter Wu <peter@xxxxxxxxxxxxx>

Date: Thu, 26 Feb 2015 10:41:50 +0100

On Wed, Feb 25, 2015 at 07:52:03AM +0100, Michal Labedzki wrote:
> On 24 February 2015 at 23:03, Peter Wu <peter@xxxxxxxxxxxxx> wrote:
> > Before you attempt to use the output of `adb shell` in a pipe, keep in
> > mind that adb mangles newlines (LF -> CRLF) and is therefore unsuitable
> > for binary data. This does not matter for textual output such as
> > "tcpdump -D", but it affects "tcpdump -w -" (writes pcap to stdout).
> 
> Yes, I know. In real it is not a problem (there is possibility to
> safely replace bytes),  but I decided to use text output because from
> time to time on Google Gerrit someone may found patch to fix these
> newlines...

Not sure if understood your comment, does that refer to patching adb?
You can use ssh or adb with port forwarding (adb forward and netcat) as
alternative transports.

> Peter, what do you think about tcpdump interfaces from Android in
> Wireshark (PC side)? I do not have ready that in my extcap tool (that
> I will contribute soon), but it is trivial to do that (something like
> that I do for old Android for Bluetooth interface "hcidump"). Pros:
> "~realtime sniffing from Android (with tcpdump and permissions...);
> also may add interfaces for USB [Unfortunately I do not see any phone
> that implement that...]", Cons: "add a lot of interfaces... sometimes
> 2 (wlan0, any), somethimes 5, etc."

The kernel on my phone (CyanogenMod 11 with patched 3.0.64 kernel on
i9300) has CONFIG_USB_MON=y and /sys/kernel/debug/usb/usbmon/ exists too
(no /dev/usbmonX). cat'ing that file (or using tcpdump for that matter)
produces no output even if I have a USB cable attached for adb...
strange.

This is the output for tcpdump -D (as root):

    1.wlan0
    2.usbmon1 (USB bus number 1)
    3.p2p0
    4.usbmon2 (USB bus number 2)
    5.any (Pseudo-device that captures on all interfaces)
    6.lo

No bluetooth interfaces even if I enable the interface (this is tcpdump
4.4.0 with libpcap 1.4.0).

If you try to make Android capture interfaces available in Wireshark,
then you are effectively trying to enable remote capturing from a Linux
source right? I suggest to use the 'adb forward' method mentioned above.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl

References:
- [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mode?
  - From: Shashikant Ajegaonkar
- Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mode?
  - From: Michal Labedzki
- Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mode?
  - From: Peter Wu
- Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mode?
  - From: Michal Labedzki

Prev by Date: [Wireshark-dev] R: Re: Protocol Export objects - New Dissector Development
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 52115: /trunk/epan/ /trunk/epan/: addr_resolv.c
Previous by thread: Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mode?
Next by thread: Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mode?
Index(es):
- Date
- Thread