在 Wireshark 上捕获手机流量
[英]Capturing mobile phone traffic on Wireshark
问题描述
如何在 Wireshark 上捕获手机流量?
14 个解决方案
解决方案1
369 已采纳 2012-03-05 16:19:37
Here are some suggestions:
以下是一些建议:
For Android phones, any network : Root your phone, then install tcpdump on it.
对于 Android 手机,任何网络:根您的手机,然后在其上安装 tcpdump。 This app is a tcpdump wrapper that will install tcpdump and enable you to start captures using a GUI.这个应用程序是一个 tcpdump 包装器,它将安装 tcpdump 并使您能够使用 GUI 开始捕获。 Tip: You will need to make sure you supply the right interface name for the capture and this varies from one device to another, eg -i eth0 or -i tiwlan0 - or use -i any to log all interfaces提示:您需要确保为捕获提供正确的接口名称,这会因设备而异,例如-i eth0或-i tiwlan0 - 或使用-i any记录所有接口For Android 4.0+ phones : Android PCAP from Kismet uses the USB OTG interface to support packet capture without requiring root.
对于 Android 4.0+ 手机: Kismet 的 Android PCAP使用 USB OTG 接口支持数据包捕获,无需 root。 I haven't tried this app, and there are some restrictions on the type of devices supported (see their page)我还没有尝试过这个应用程序,并且对支持的设备类型有一些限制(参见他们的页面)For Android phones : tPacketCapture uses the Android VPN service to intercept packets and capture them.
对于 Android 手机: tPacketCapture使用 Android VPN 服务来拦截数据包并捕获它们。 I have used this app successfully, but it also seems to affect the performance with large traffic volumes (eg video streaming)我已经成功使用了这个应用程序,但它似乎也影响了大流量(例如视频流)的性能For IOS 5+ devices, any network : iOS 5 added a remote virtual interface (RVI) facility that lets you use Mac OS X packet trace programs to capture traces from an iOS device.
对于 IOS 5+ 设备,任何网络:iOS 5 添加了一个远程虚拟接口 (RVI)工具,允许您使用 Mac OS X 数据包跟踪程序从 iOS 设备捕获跟踪。 See here for more details请参阅 此处了解更多详细信息For all phones, wi-fi only: Set up your Mac or PC as a wireless access point, then run wireshark on the computer.
对于所有手机,仅限 wi-fi:将您的Mac或PC设置为无线接入点,然后在计算机上运行 wireshark。For all phones, wi-fi only: Get a capture device that can sniff wi-fi.
对于所有手机,仅限 Wi-Fi:获取可以嗅探 Wi-Fi 的捕获设备。 This has the advantage of giving you 802.11x headers as well, but you may miss some of the packets这也有为您提供 802.11x 标头的优势,但您可能会错过一些数据包Capture using a VPN server : Its fairly easy to set-up your own VPN server using OpenVPN.
使用 VPN 服务器捕获:使用 OpenVPN设置您自己的 VPN 服务器相当容易。 You can then route your traffic through your server by setting up the mobile device asa VPN client and capture the traffic on the server end.然后,您可以通过将移动设备设置为VPN 客户端并在服务器端捕获流量来路由您的流量。
解决方案2
45 2013-04-08 17:45:33
In addition to rupello's excellent answer, a "dirty" but very effective trick:除了 rupello 的出色回答之外,还有一个“肮脏”但非常有效的技巧:
For all phones, any (local) network : Set up your PC to Man-In-The-Middle your mobile device.对于所有手机,任何(本地)网络:将您的 PC 设置为移动设备的中间人。
Use Ettercap to do ARP spoofing between your mobile device and your router, and all your mobile's traffic will appear in Wireshark.使用Ettercap在您的移动设备和路由器之间进行ARP 欺骗,您的移动设备的所有流量都会出现在 Wireshark 中。 See this tutorial for set-up details有关设置详细信息,请参阅本教程
解决方案3
38 2015-01-20 10:31:56
Another option which has not been suggested here is to run the app you want to monitor in the Android emulator from the Android SDK.此处未建议的另一个选项是从 Android SDK 在 Android 模拟器中运行您要监控的应用程序。 You can then easily capture the traffic with wireshark on the same machine.然后,您可以在同一台机器上使用wireshark 轻松捕获流量。
This was the easiest option for me.这对我来说是最简单的选择。
解决方案4
29 2015-10-16 17:02:08
Wireshark + OSX + iOS: Wireshark + OSX + iOS:
Great overview so far, but if you want specifics for Wireshark + OSX + iOS:到目前为止的概述很好,但是如果您想要 Wireshark + OSX + iOS 的详细信息:
- install Wireshark on your computer在您的计算机上安装 Wireshark
- connect iOS device to computer via USB cable通过 USB 数据线将 iOS 设备连接到计算机
- connect iOS device and computer to the same WiFi network将 iOS 设备和电脑连接到同一个 WiFi 网络
- run this command in a OSX terminal window:
rvictl -sxwherexis the UDID of your iOS device.在 OSX 终端窗口中运行此命令: rvictl -sx其中x是您的 iOS 设备的 UDID。 You can find the UDID of your iOS device via iTunes (make sure you are using the UDID and not the serial number).您可以通过 iTunes 找到您 iOS 设备的 UDID(确保您使用的是 UDID 而不是序列号)。 - goto Wireshark
Capture->Options, a dialog box appears, click on the linervi0then press theStartbutton.转到 Wireshark Capture->Options,出现一个对话框,单击rvi0行,然后按Start按钮。
Now you will see all network traffic on the iOS device.现在您将看到 iOS 设备上的所有网络流量。 It can be pretty overwhelming.它可能非常压倒性。 A couple of pointers:几个指针:
- don't use iOS with a VPN, you don't be able to make sense of the encrypted traffic不要将 iOS 与 VPN 一起使用,您无法理解加密流量
- use simple filters to focus on interesting traffic使用简单的过滤器来关注有趣的流量
ip.addr==204.144.14.134views traffic with a source or destination address of 204.144.14.134ip.addr==204.144.14.134查看源或目的地址为 204.144.14.134 的流量httpviews only http traffichttp仅查看 http 流量
Here's a sample window depicting TCP traffic for for pdf download from 204.144.14.134:这是一个示例窗口,描述了从 204.144.14.134 下载 pdf 的 TCP 流量:
解决方案5
11 2014-11-24 11:20:08
For Android phone I used tPacketCapture: https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture&hl=en对于 Android 手机,我使用了 tPacketCapture: https ://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture&hl=en
This app was a lifesaver I was debugging a problem with failure of SSL/TLS handshake on my Android app.这个应用程序是一个救星我在我的 Android 应用程序上调试 SSL/TLS 握手失败的问题。 Tried to setup ad hoc networking so I could use wireshark on my laptop.尝试设置临时网络,以便我可以在笔记本电脑上使用wireshark。 It did not work for me.它对我不起作用。 This app quickly allowed me to capture network traffic, share it on my Google Drive so I could download on my laptop where I could examine it with Wireshark!这个应用程序很快让我能够捕获网络流量,将其分享到我的 Google Drive 上,这样我就可以下载到我的笔记本电脑上,然后我可以使用 Wireshark 检查它! Awesome and no root required!太棒了,无需root!
解决方案6
8 2016-06-11 12:57:31
Packet Capture Android app implements a VPN that logs all network traffic on the Android device. 数据包捕获 Android 应用程序实现了一个记录 Android 设备上所有网络流量的 VPN。 You don't need to setup any VPN/proxy server on your PC.您无需在 PC 上设置任何 VPN/代理服务器。 Does not needs root.不需要root。 Supports SSL decryption which tPacketCapture does not.支持 tPacketCapture 不支持的 SSL 解密。 It also includes a good log viewer.它还包括一个很好的日志查看器。
解决方案7
7 2019-01-18 17:43:30
Preconditions: adb and wireshark is installed on your computer and you have a rooted android device.前提条件: adb 和 wireshark 已安装在您的计算机上,并且您有一个 root 的 android 设备。
- Download tcpdump to ~/Downloads下载tcpdump到 ~/Downloads
-
adb push ~/Downloads/tcpdump /sdcard/ -
adb shell -
su root -
mv /sdcard/tcpdump /data/local/ -
cd /data/local/ -
chmod +x tcpdump -
./tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap -
CTRL+Cafter you've captured enough packets.捕获足够的数据包后CTRL+C。 -
exit -
exit -
adb pull /sdcard/dump.pcap ~/Downloads/
Now you can open the pcap file using Wireshark.现在您可以使用 Wireshark 打开 pcap 文件。
解决方案8
4 2015-07-23 13:56:32
Install Fiddler on your PC and use it as a proxy on your Android device.在您的 PC 上安装 Fiddler 并将其用作 Android 设备上的代理。
Source: http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler来源:http: //www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler
解决方案9
4 2015-08-22 01:19:13
Similarly to making your PC a wireless access point, but can be much easier, is using reverse tethering.与使您的 PC 成为无线接入点类似,但更容易的是使用反向网络共享。 If you happen to have an HTC phone they have a nice reverse-tethering option called "Internet pass-through", under the network/mobile network sharing settings.如果你碰巧有一部 HTC 手机,他们在网络/移动网络共享设置下有一个很好的反向共享选项,称为“Internet pass-through”。 It routes all your traffic through your PC and you can just run Wireshark there.它通过您的 PC 路由您的所有流量,您可以在那里运行 Wireshark。
解决方案10
3 2014-01-24 04:52:38
Make your laptop a wifi hotspot for your phone (any) and connect it to internet.让您的笔记本电脑成为您手机(任何)的 wifi 热点并将其连接到互联网。 Sniff Traffic on your wifi interface using wireshark.使用wireshark在你的wifi接口上嗅探流量。
you will get to know a lot of anti privacy stuff!你会了解很多反隐私的东西!
解决方案11
1 2017-02-17 07:00:50
For Android , I previously used tPacketCapture but it didn't work well for an app streaming some video.对于 Android ,我之前使用过 tPacketCapture,但它不适用于流式传输视频的应用程序。 I'm now using Shark .我现在正在使用Shark 。 You need to be root to use it though.你需要root才能使用它。
It uses TCPDump (check the arguments you can pass ) and creates a pcap file that can be read by Wireshark.它使用TCPDump (检查您可以传递的参数)并创建一个 Wireshark 可以读取的pcap 文件。 The default arguments are usually good enough for me.默认参数通常对我来说已经足够好了。
解决方案12
1 2022-06-10 14:17:12
As a Wireshark alternative/companion for Android, you can try my open source app PCAPdroid .作为 Android 的 Wireshark 替代品/伴侣,您可以尝试我的开源应用PCAPdroid 。 On non-rooted devices, it uses the VPNService to capture the traffic with some limitations.在非 root 设备上,它使用 VPNService 来捕获流量,但有一些限制。 On rooted devices, it works like a user-friendly tcpdump.在有根设备上,它就像一个用户友好的 tcpdump 一样工作。
You can analyze connections and packets payload directly into the app, or export the traffic in PCAP format to analyze it on a PC with Wireshark.您可以将连接和数据包负载直接分析到应用程序中,或者以 PCAP 格式导出流量,以便使用 Wireshark 在 PC 上进行分析。 It has many other cool features, give it a try!它还有许多其他很酷的功能,试试吧!
解决方案13
0 2019-10-12 15:57:25
I had a similar problem that inspired me to develop an app that could help to capture traffic from an Android device.我遇到了一个类似的问题,这激发了我开发一个可以帮助从 Android 设备捕获流量的应用程序。 The app features SSH server that allows you to have traffic in Wireshark on the fly ( sshdump wireshark component ).该应用程序具有 SSH 服务器,可让您在 Wireshark 中即时获取流量( sshdump wireshark 组件)。 As the app uses an OS feature called VPNService to capture traffic, it does not require the root access.由于该应用程序使用称为 VPNService 的操作系统功能来捕获流量,因此不需要 root 访问权限。
The app is in early Beta.该应用程序处于早期测试阶段。 If you have any issues/suggestions, do not hesitate to let me know.如果您有任何问题/建议,请随时告诉我。
Tutorial in which you could read additional details您可以在其中阅读更多详细信息的教程
解决方案14
0 2020-12-11 05:47:47
For iOS Devices:对于 iOS 设备:
⦿ Open Terminal and simply write: ⦿ 打开终端并简单地写:
rvictl -s udid
it'll open an interface on Wireshark with a name, In my case its rvi0.它会在 Wireshark 上打开一个带有名称的界面,在我的例子中是 rvi0。
udid is iPhone's unique device id. udid 是 iPhone 的唯一设备 ID。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.