9/19/2023 0 Comments Wireshark android![]() No error message and not even a help output to figure out if you need to enable somethihng. Wireshark calls into extcap, that calls into androiddump, that calls into adb, that calls into tcpdump on the device.Īnd here is the problem: my device (a Sony Xperia XA from 3 Ireland) has indeed a tcpdump command, but the only thing it does is returning 1 as return value, and that’s it. The explanation is kind of simple: this set of interfaces is effetively just a matrioska of interfaces. ![]() Googling for a good half hour didn’t bring me anywhere, I even started strace‘ing the process (to the point that Wireshark crashed in a few situations!) until I finally managed to figure out the right -incantation- invokation of the androiddump tool… that had no more information even in verbose mode, but at least it told me what it was trying to do. This kept failing with the following error:Įrror by extcap pipe: ERROR: Broken socket connection.Īnd no further debugging information available. There are multiple interfaces that androiddump can capture from that does include the logcat output, that makes it very useful when you’re debugging an application in realtime, but what I cared about was sniffing the packets from the interfaces on the device itself. As I’ll show later, this is not the only useful tool using the interface. I like this idea among other things because it splits the displaying/parsing from the capturing. This uses the extcap interface to “fetch” the packets to display from a remote source. Rick suggested to look into the androiddump tool that comes with Wireshark on Gentoo that requires enabling the right USE flag. So make sure you get your Wireshark installed, and make sure you never run it as root for your own safety. What I wanted to write about is some notes about my experience, if nothing else because it took me a while to get all the fragments ready, and I could not find a single entry anywhere that would explain what the error message I was receiving was about.įirst of all, this is about the Wireshark tool, and Android phones, but at the end of the day you’ll find something that would work almost universally with a bunch of caveats. There are a few other things that can go wrong, they can for instance not validate the certificate provided over TLS, effectively allowing MITM attacks to succeed, but that’s a different story altogether, so I won’t go there for now. This was important because if it didn’t, it meant it was sending medical information over plaintext. In my review of the iHealth glucometer I pointed out that I did indeed check if the app talked with the remote service over TLS or not. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |