Wireshark mailing list archives

Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode?

From: Peter Wu <peter () lekensteyn nl>
Date: Thu, 26 Feb 2015 10:41:50 +0100

On Wed, Feb 25, 2015 at 07:52:03AM +0100, Michal Labedzki wrote:

On 24 February 2015 at 23:03, Peter Wu <peter () lekensteyn nl> wrote:

Before you attempt to use the output of `adb shell` in a pipe, keep in
mind that adb mangles newlines (LF -> CRLF) and is therefore unsuitable
for binary data. This does not matter for textual output such as
"tcpdump -D", but it affects "tcpdump -w -" (writes pcap to stdout).


Yes, I know. In real it is not a problem (there is possibility to
safely replace bytes),  but I decided to use text output because from
time to time on Google Gerrit someone may found patch to fix these
newlines...


Not sure if understood your comment, does that refer to patching adb?
You can use ssh or adb with port forwarding (adb forward and netcat) as
alternative transports.

Peter, what do you think about tcpdump interfaces from Android in
Wireshark (PC side)? I do not have ready that in my extcap tool (that
I will contribute soon), but it is trivial to do that (something like
that I do for old Android for Bluetooth interface "hcidump"). Pros:
"~realtime sniffing from Android (with tcpdump and permissions...);
also may add interfaces for USB [Unfortunately I do not see any phone
that implement that...]", Cons: "add a lot of interfaces... sometimes
2 (wlan0, any), somethimes 5, etc."


The kernel on my phone (CyanogenMod 11 with patched 3.0.64 kernel on
i9300) has CONFIG_USB_MON=y and /sys/kernel/debug/usb/usbmon/ exists too
(no /dev/usbmonX). cat'ing that file (or using tcpdump for that matter)
produces no output even if I have a USB cable attached for adb...
strange.

This is the output for tcpdump -D (as root):

    1.wlan0
    2.usbmon1 (USB bus number 1)
    3.p2p0
    4.usbmon2 (USB bus number 2)
    5.any (Pseudo-device that captures on all interfaces)
    6.lo

No bluetooth interfaces even if I enable the interface (this is tcpdump
4.4.0 with libpcap 1.4.0).

If you try to make Android capture interfaces available in Wireshark,
then you are effectively trying to enable remote capturing from a Linux
source right? I suggest to use the 'adb forward' method mentioned above.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Shashikant Ajegaonkar (Feb 23)
- Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Michal Labedzki (Feb 23)
  - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Peter Wu (Feb 24)
    - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Michal Labedzki (Feb 24)
    - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Peter Wu (Feb 26)
- Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Bálint Réczey (Feb 23)
  - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Michal Labedzki (Feb 24)
    - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Bálint Réczey (Feb 24)
    - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Shashikant Ajegaonkar (Feb 24)
    - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Bálint Réczey (Feb 24)
    - Re: Can we put android phone device connected over USB to Win 7 PC in promiscous mode? Shashikant Ajegaonkar (Feb 24)