tcpdump

What is tcpdump?


tcpdump is a common data packet analizer that runs under the command line. 

It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the device is attached. 
   
tcpdump is absolutely free software so user can download source code from its official web site http://www.tcpdump.org/. User can modify the source as per  requirement and build the modified code to get executable. It is very good news for normal tcpdump user those don't want to go through this long process please avoid it. You can get executable form here. 

How to Install it in device?
   
1. Connect Android device to system.

adb kill-server
adb device
adb root
adb remount

2. Push 'tcpdump' to your device filesystem '/system/xbin/'.

adb push /wherever/you/put/tcpdump /system/xbin/tcpdump

3. Change the permission of tcpdump executable file. 
     
adb shell chmod 777 /system/xbin/tcpdump
        
  
How to run tcpdum on device?
How to capture data packets on device?

adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap 

# "-i any": listen on any network interface 
# "-p": disable promiscuous mode (doesn't work anyway) 
# "-s 0": capture the entire packet 
# "-w": write packets to a file (rather than printing to stdout) ...

do whatever you want to capture,
then Ctrl+C to stop it ...



How to view .pcap or tcpdump?
    
1. Pull capture.pcap to your local file system.
               
adb pull  /sdcard/capture.pcap .

2. Open it through wireshark most popular tool for tcpdump.

wireshark capture.pcap
     
(If wireshark tool is not available in your system install it through following command)
                   
sudo apt-get install wireshark




 Enjoy Thanks .....