Sniff Android con tcpdump

mayo 23, 2025

Sniff Android con tcpdump

Requisitos:
Android rooteado
apt install wireshark -y
Descargar binario -> tcpdump desde:
https://www.androidtcpdump.com/
Mover a Android/Sdk/platform-tools/

Terminal 1:
./adb root
./adb push tcpdump sdcard/tcpdump
./adb shell
cd sdcard
chmod +x tcpdump
tcpdump //ctrl+c probar si funcioma y parar
exit // salir del shell

./adb forward tcp:9999 tcp:9999
./adb shell
joyeuse:/ #
cd sdcard
joyeuse:/sdcard #
tcpdump -i wlan0 -s0 -w - | nc -l -p 9999

//tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes

Terminal 2:
nc localhost 9999 | wireshark -k -S -i -

// ** (wireshark:26754) 09:31:25.108916 [Capture MESSAGE] -- Capture Start ...
** (wireshark:26754) 09:32:34.830643 [Capture MESSAGE] -- Capture started
** (wireshark:26754) 09:32:34.830775 [Capture MESSAGE] -- File: "/tmp/wireshark_-J18A72.pcapng"

Wireshark: Solución al problema “Couldn’t run /usr/bin/dumpcap in hild process: Permiso denegado”
sudo chmod +x /usr/bin/dumpcap

Leer:

Otra buena idea es reutilizar un router abandonado:

https://maldroidversing.blogspot.com/2025/06/duplicar-trafico-de-red-con-router-tp.html

Buscar este blog

Maldroidversing

Sniff Android con tcpdump

Entradas populares

Frida unpinning Failed to spawn: need Gadget to attach on jailed Android

Tuyapi para Cecotec