This script will cross compile tcpdump for use on Android devices.
It was written by Loic Poulain on OMAPpedia. See http://omappedia.org/wiki/USB_Sniffing_with_tcpdump for full details.
Install the Android NDK then:
gpg --recv-key E089DEF1D9C15D0D gpg: requesting key D9C15D0D from hkp server keys.gnupg.net gpg: key D9C15D0D: "The Tcpdump Group (Package signing key) <release@tcpdump.org>" 2 new signatures gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 27 trust: 0-, 0q, 0n, 0m, 0f, 2u gpg: depth: 1 valid: 27 signed: 20 trust: 18-, 0q, 0n, 6m, 3f, 0u gpg: next trustdb check due at 2016-11-28 gpg: Total number processed: 1 gpg: new signatures: 2 gpg --fingerprint E089DEF1D9C15D0D pub 3104R/D9C15D0D 2013-05-13 [expires: 2023-05-11] Key fingerprint = 1F16 6A57 42AB B9E0 249A 8D30 E089 DEF1 D9C1 5D0D uid The Tcpdump Group (Package signing key) <release@tcpdump.org> export NDK=/ndk/is/here ./build-tcpdump > adb root > adb remount > adb push tcpdumpbuild/tcpdump /system/xbin/tcpdump > adb shell # mount | grep system or # grep system /proc/mounts /dev/block/xxxxxxxx /system ext4 ro,relatime,barrier=1,data=ordered 0 0 # mount -o remount,ro /dev/block/xxxxxxxx /system
# tcpdump -D (or run netcfg) 1.eth0 2.any (Pseudo-device that captures on all interfaces) 3.lo # tcpdump -vv -i eth0 -s 0 -w /sdcard/dump.cap