Ubuntu下移植Tcpdump到Android平台

简书排版
http://www.jianshu.com/p/aca8345dc7fb

系统: ubuntu14.04.2NDK: android-ndk-r10e

为Linux平台编译Tcpdump

源码准备
Tcpdump-4.7.4
libpcap-1.7.4

编译之前确保有lex和yacc工具

sudo apt-get install flex bison

1.解压libpcap-1.7.4之后进入该目录，打开终端

接着输入

make

完成编译
2.解压Tcpdump-4.7.4之后进入该目录，打开终端
同样

./configuremake

不出意外的话

查看文件信息

直接输入

./tcpdump

可能会提示

需要带上权限

sudo ./tcpdump

为Android平台编译Tcpdump

新建一个Shell脚本
笔者稍微做了一点修改

#!/bin/sh# --------------------------------------##      Title: build-tcpdump#     Author: Loic Poulain, loic.poulain@gmail.com# Updated by: muzso (http://muzso.hu/)##    Purpose: download & build tcpdump for arm android platform## You have to define your android NDK directory before calling this script# example:# $ export NDK=/home/Workspace/android-ndk-r10e# $ sh build-tcpdump## works with#   tcpdump 4.7.4#   android-ndk-r10e## You'll need lex and yacc.# On Debian/Ubuntu based systems run this:#   sudo apt-get install flex bison# --------------------------------------# default, edit version tcpdump_ver=4.7.4libpcap_ver=1.7.4# note: libpcap v1.7.2 only required api v9, but libpcap v1.7.3+ requires api v21# And tcpdump v4.7.4 requires libpcap v1.7.3+ too (tcpdump v4.7.3 could be compiled with libpcap v1.7.2).# So viable combos are:#   * api=9, libpcap=1.7.2, tcpdump=4.7.3#   * api=21, libpcap=1.7.4, tcpdump=4.7.4android_api_def=21ndk_dir_def=android-ndk-r10e#指定平台arm mips aarch64platform=arm#-------------------------------------------------------#tcpdump_dir=tcpdump-${tcpdump_ver}libpcap_dir=libpcap-${libpcap_ver}if [ ${NDK} ]then    ndk_dir=${NDK}else    ndk_dir=${ndk_dir_def}findk_dir=`readlink -f ${ndk_dir}`if [ ${ANDROID_API} ]then    android_api=${ANDROID_API}else    android_api=${android_api_def}fiecho "_______________________"echo ""echo "NDK - ${ndk_dir}"echo "Android API: ${android_api}"echo "_______________________"exit_error(){    echo " _______"    echo "|       |"    echo "| ERROR |"    echo "|_______|"    exit 1}{    if [ $# -ne 0 ]    then        if [ -d $1 ]        then            cd $1        else            echo directory $1 not found            exit_error        fi    else        mkdir tcpdumpbuild        cd tcpdumpbuild    fi}# create env{    echo " ____________________"    echo "|                    |"    echo "| CREATING TOOLCHAIN |"    echo "|____________________|"    if [ -d toolchain ]    then        echo Toolchain already exist! Nothing to do.    else        echo Creating toolchain...        mkdir toolchain        bash ${ndk_dir}/build/tools/make-standalone-toolchain.sh --arch=$platform --platform=android-${android_api} --install-dir=toolchain        if [ $? -ne 0 ]        then            rm -fr toolchain            exit_error        fi    fi    export CC=arm-linux-androideabi-gcc    export RANLIB=arm-linux-androideabi-ranlib    export AR=arm-linux-androideabi-ar    export LD=arm-linux-androideabi-ld    export PATH=`pwd`/toolchain/bin:$PATH}# download & untar libpcap + tcpdump{    echo " _______________________________"    echo "|                               |"    echo "| DOWNLOADING LIBPCAP & TCPDUMP |"    echo "|_______________________________|"    tcpdump_file=${tcpdump_dir}.tar.gz    libpcap_file=${libpcap_dir}.tar.gz    tcpdump_link=http://www.tcpdump.org/release/${tcpdump_file}    libpcap_link=http://www.tcpdump.org/release/${libpcap_file}    if [ -f ${tcpdump_file} ]    then        echo ${tcpdump_file} already downloaded! Nothing to do.    else        echo Download ${tcpdump_file}...        wget ${tcpdump_link}        if [ ! -f ${tcpdump_file} ]        then            exit_error        fi    fi    if [ -f ${libpcap_file} ]    then        echo ${libpcap_file} already downloaded! Nothing to do.    else        echo Download ${libpcap_file}...        wget ${libpcap_link}        if [ ! -f ${libpcap_file} ]        then            exit_error        fi    fi    if [ -d ${tcpdump_dir} ]    then        echo ${tcpdump_dir} directory already exist! Nothing to do.    else        echo untar ${tcpdump_file}        tar -zxf ${tcpdump_file}    fi    if [ -d ${libpcap_dir} ]    then        echo ${libpcap_dir} directory already exist! Nothing to do.    else        echo untar ${libpcap_file}        tar -zxf ${libpcap_file}    fi}# build libpcap{    cd ${libpcap_dir}    echo " _____________________"    echo "|                     |"    echo "| CONFIGURING LIBPCAP |"    echo "|_____________________|"    chmod +x configure    ./configure --host=$platform-linux --with-pcap=linux ac_cv_linux_vers=2    if [ $? -ne 0 ]    then        exit_error    fi      echo " __________________"    echo "|                  |"    echo "| BUILDING LIBPCAP |"    echo "|__________________|"    chmod +x runlex.sh    make    if [ $? -ne 0 ]    then        exit_error    fi    cd ..}# build tcpdump{    cd ${tcpdump_dir}    echo " _____________________"    echo "|                     |"    echo "| CONFIGURING TCPDUMP |"    echo "|_____________________|"    chmod +x configure    # Compile PIE (position independent executable) for Lollipop compatibility.    ./configure --host=$platform-linux ac_cv_linux_vers=2 --with-crypto=no CFLAGS='-fPIE' LDFLAGS='-fPIE -pie'    if [ $? -ne 0 ]    then        exit_error    fi      echo " __________________"    echo "|                  |"    echo "| BUILDING TCPDUMP |"    echo "|__________________|"    #setprotoent endprotoen not supported on android    sed -i".bak" "s/setprotoent/\/\/setprotoent/g" print-isakmp.c    sed -i".bak" "s/endprotoent/\/\/endprotoent/g" print-isakmp.c    # NBBY is not defined => FORCE definition    make CFLAGS='-DNBBY=8' # for tcpdump < 4.2.1 (CFLAGS redefined in Makefile) => just make    if [ $? -ne 0 ]    then        exit_error    fi    cd ..}cp ${tcpdump_dir}/tcpdump .chmod +x tcpdumpecho " __________________"echo "|                  |"echo "| TCPDUMP IS READY |"echo "|__________________|"echo `pwd`/tcpdump

编译开始

export NDK=/xxxxxx/android-ndk-r10ebash build_tcpdump.sh

完成编译后即可看到

然后使用adb上传到手机里

adb push tcpdump /sdcard/adb shellsucd /sdcard/mv tcpdump /data/local/cd /data/local/chmod -R 777 tcpdump

不过在一款华为手机上执行的时候，发现一个问题

./tcpdump: not executable: magic 7F45

究其原因发现是混合编译的平台不一致导致的

我们可以通过命令查看CPU信息

adb shell cat /proc/cpuinfo

修改上面的shell脚本

platform=aarch64

编译之后按照上述方式上传到手机里执行

./tcpdump -i any -p -s 0 -w /sdcard/temp/log.pcap

接着就可以使用
wireshark分析抓到的包了

混合编译参考
http://muzso.hu/2015/07/14/how-to-compile-tcpdump-for-android-5.-lollipop