In previous installments we constructed our mobile development toolchain and cross compiled, installed, and executed TCPDUMP on our CyanogenMod Mobile Device. Now it's time to complete our mission by forwarding packets captured by TPCDUMP on our CyanogenMod Mobile Deice to Wireshark on our Debian Workstation in order to conduct realtime mobile device network traffic monitoring within a slick GUI interface. First we'll need to download Netcat, the network Swiss army knife. And of course we'll need to cross compile Netcat for ARM processors. I sure hope you were paying attention in the previous installments! First unpack Netcat:
root@debian $ tar zxvf netcat-0.7.1.tar.gz [OUTPUT TRUNCATED]
Then move into the newly created Netcat directory and set the "CC" environment variable to specify the ARM C compiler and the "LDFLAGS" environment variable to specify static linking:
root@debian $ cd netcat-0.7.1 root@debian $ export CC=arm-linux-gnueabi-gcc root@debian $ export LDFLAGS=-static
Note this environment variable syntax is specific to Bash and other Bourne shell derivatives. Now configure and make Netcat:
root@debian $ ./configure --host=arm-linux [OUTPUT TRUNCATED] root@debian bash $ make [OUTPUT TRUNCATED]
The cross compiled library will be located in the source directory, so let's move there. Survey says?
root@debian bash $ cd src/ root@debian bash $ file netcat netcat: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for GNU/Linux 2.6.18, BuildID[sha1]=7897b8bee37231a10b259e8be5832a6371d9ae47, not stripped
Winner Winner Chicken Dinner! Cross compiling was successful! Let's decrease the file size by more than 20% by stripping the symbols:
root@debian bash $ arm-linux-gnueabi-strip netcat
Finally let's copy Netcat from our Debian Workstation to our CyanogenMod Mobile Device:
root@debian bash $ adb push netcat /system/xbin 1238 KB/s (564848 bytes in 0.445s)
Now it's time for our final trick! First we'll need a root shell on our CyanogenMod Mobile Device, so if you don't already have one let's make it happen:
root@debian $ adb root restarting adb as root root@debian $ adb remount remount succeeded
Next let's configure ADB to enable port forwarding between a port on the CyanogenMod Mobile Device and a port on the Debian Workstation:
root@debian $ adb forward tcp:31337 tcp:31337
This port will be forwarded over the USB cable unless you've enabled the "ADB over network" option. You can verify port forwarding with the following command:
root@debian $ adb forward --list 015d3fb62b30100b tcp:31337 tcp:31337
You can select any port that is not being used on the CyanogenMod Mobile Device or Debian Workstation. You can even select different port numbers on the CyanogenMod Mobile Device and Debian Workstation, but that makes things a little confusing. Keep it simple, stupid. Now let's execute TCPDUMP in order to capture all HTTP packets transmitted over the wireless network interface and then utilize Netcat to transmit them to the forwarded port on the CyanogenMod Mobile Device:
root@debian $ adb shell "tcpdump -i wlan0 -s 1514 -w - -nS port 80 | netcat -l -p 31337"
Make sure you include the quotation marks so that Netcat is executed on our CyanogenMod Mobile Device, not our Debian Workstation. Finally let's execute Wireshark in order to receive packets from the forwarded port on the Debian Workstation:
root@debian $ netcat localhost 31337 | wireshark -i - -kS
Now we'll see all packets that are captured on our CyanogenMod Mobile Device displayed within Wireshark on our Debian Workstation:
#Winning! Note that the Wireshark "Stop" and "Start" buttons won't work. If you want to restart the packet capture or modify the packet capture settings you'll have to relaunch the last two commands. Well it's been a long and hopefully rewarding journey. We installed our mobile development toolchain, cross compiled LIBPCAP and TCPDUMP, installed and executed TCPDUMP on our mobile device, and finally put all the pieces together in order to forward packets captured by TPCDUMP on our CyanogenMod Mobile Device to Wireshark on our Debian Workstation in order to conduct realtime mobile device network traffic monitoring within a slick GUI interface. The Holy Grail!