Compile and run rpcapd for Android
Use rpcapd to enable remote network capture.
1
[email protected]:~$ sudo apt-get install gcc-arm-linux-gnueabi
2
[email protected]:~$ sudo apt-get install byacc
3
[email protected]:~$ sudo apt-get install flex
4
5
[email protected]:~$ git clone --depth=1 https://github.com/the-tcpdump-group/libpcap.git
6
[email protected]:~$ cd libpcap
7
[email protected]:~/libpcap$ ./configure --host=arm-linux --with-pcap=linux --enable-remote
8
[email protected]:~/libpcap$ make
9
[email protected]:~/libpcap$ cd rpcapd
10
11
[email protected]:~/libpcap/rpcapd$ file rpcapd
12
rpcapd: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-, for GNU/Linux 3.2.0, BuildID[sha1]=618e788b4252f72340c370d680407625187a2d9b, with debug_info, not stripped
13
14
[email protected]:~/libpcap/rpcapd$ arm-linux-gnueabi-gcc -fvisibility=hidden -g -O2 -o rpcapd daemon.o \
15
fileconf.o log.o rpcapd.o ../rpcap-protocol.o ../sockutils.o ../fmtutils.o ../sslutils.o ../libpcap.a\
16
-lcrypt -lpthread -static
17
18
[email protected]:~/libpcap/rpcapd$ file rpcapd
19
rpcapd: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, BuildID[sha1]=1828f2fa5576500d254546edb4cc5b6353a9d708, with debug_info, not stripped
20
21
[email protected]:~/libpcap/rpcapd$ upx rpcapd
22
23
[email protected]:~/libpcap/rpcapd$ file rpcapd
24
rpcapd: ELF 32-bit LSB executable, ARM, EABI5 version 1 (GNU/Linux), statically linked, stripped
25
26
27
[email protected]:~/libpcap/rpcapd$ adb push rpcapd sdcard
28
29
[email protected]:~/libpcap/rpcapd$ adb shell
30
31
32
sailfish:/ $ su
33
sailfish:/ # mv sdcard/rpcapd /data/local/tmp/rpcapd
34
sailfish:/ # chmod 777 /data/local/tmp/rpcapd
35
36
sailfish:/ # /data/local/tmp/rpcapd -h
37
38
RPCAPD, a remote packet capture daemon.
39
Compiled with libpcap version 1.10.0-PRE-GIT (with TPACKET_V3)
40
41
USAGE: rpcapd [-b <address>] [-p <port>] [-4] [-l <host_list>] [-a <host,port>]
42
[-n] [-v] [-d] [-i] [-D] [-s <config_file>] [-f <config_file>]
43
44
-b <address> the address to bind to (either numeric or literal).
45
Default: binds to all local IPv4 and IPv6 addresses
46
47
-p <port> the port to bind to.
48
Default: binds to port 2002
49
50
-4 use only IPv4.
51
Default: use both IPv4 and IPv6 waiting sockets
52
53
-l <host_list> a file that contains a list of hosts that are allowed
54
to connect to this server (if more than one, list them one
55
per line).
56
We suggest to use literal names (instead of numeric ones)
57
in order to avoid problems with different address families.
58
59
-n permit NULL authentication (usually used with '-l')
60
61
-a <host,port> run in active mode when connecting to 'host' on port 'port'
62
In case 'port' is omitted, the default port (2003) is used
63
64
-v run in active mode only (default: if '-a' is specified, it
65
accepts passive connections as well)
66
67
-d run in daemon mode (UNIX only) or as a service (Win32 only)
68
Warning (Win32): this switch is provided automatically when
69
the service is started from the control panel
70
71
-i run in inetd mode (UNIX only)
72
73
-D log debugging messages
74
75
-s <config_file> save the current configuration to file
76
77
-f <config_file> load the current configuration from file; all switches
78
specified from the command line are ignored
79
80
-h print this help screen
81
Copied!
References:
  • https://blog.qwerdf.com/2019/03/25/wireshark-with-android/
  • https://www.androidtcpdump.com/android-tcpdump/compile
Last modified 5mo ago
Copy link