B2G/Packet Sniffing with Wireshark

From MozillaWiki
< B2G
Jump to: navigation, search

This page describes how to use netcat, tcpdump, and Wireshark to monitor network traffic to and from a real Firefox OS phone. (It may also work with the simulator, but that hasn't been tested.)

This has been tested on Ubuntu 12.10 x64; if you work with a different platform, please update this page with your experiences.

This page is based on the AOSP instructions on debugging with tcpdump and other tools.

Prerequisites

adb

These instructions assume you have a working version of adb installed and on your path. adb is necessary to install some needed utilities, and also provides the communications channel between your phone and Wireshark. One way of getting a working copy of adb is to build your own version of Firefox OS; you can also get a prebuilt binary by following these instructions.

udev

For adb to work, you also need to configure a udev rule for your phone.

Getting and Installing the Tools

Wireshark

Download and install the latest version of Wireshark through one of the following channels.

Linux

  • If you are running Ubuntu, you can get the latest Wireshark bundle through the Ubuntu Software Centre.
  • If you are running another Linux distro, there is very likely a Wireshark package available for you—check the appropriate documentation for your distro.

Windows and Mac OS X

  • Prepackaged binaries are available here. Lucky you.

Local netcat

Linux

  • If you are running Ubuntu, you probably already have a local version of netcat installed; if not, you can get it through the Ubuntu Software Centre.
  • If you are running another Linux distro, there is very likely a netcat package available for you—check the appropriate documentation for your distro.

Windows and Mac OS X

TODO: add instructions on installing netcat to Mac OS X, if necessary; Windows is a whole other beast.

Remote tcpdump and netcat

This step installs a pair of utilities onto your Firefox OS phone. Before proceeding, connect your phone to a USB port on your PC and confirm that adb can see your phone by typing:

adb devices

If your phone doesn't appear, double-check that you have followed these instructions correctly.

Getting and Installing

  1. Download this archive containing prebuilt versions of netcat and tcpdump (md5sum 6cf53b270177093326dd8760f5059278);
  2. Extract the archive contents to a suitable temporary folder;
  3. Open your temporary folder in a terminal and run the following commands:
adb root
adb remount
adb push tcpdump /system/xbin/tcpdump
adb shell chmod 0555 /system/xbin/tcpdump
adb push nc /system/xbin/nc
adb shell chmod 0555 /system/xbin/nc

If you reflash the gonk portion of your phone, you will need to repeat the above instructions to reinstall netcat and tcpdump.

Adding to Your Flash Image

You can add netcat and tcpdump to your build images permanently by copying them (and making sure their permissions are set to 0555) to the out/target/product/$PRODUCT_NAME/system/xbin subfolder of your B2G root directory, where $PRODUCT_NAME is the name of your phone (i.e. otoro, unagi, etc).

For example, for otoro:

cp tcpdump out/target/product/otoro/system/xbin/
chmod 0555 out/target/product/otoro/system/xbin/tcpdump
cp nc out/target/product/otoro/system/xbin/
chmod 0555 out/target/product/otoro/system/xbin/nc

Note that if you change your build to another platform, you will need to copy nc and tcpdump to the new xbin folder as well.

Running Wireshark

Open two terminals. In the first terminal, run:

adb shell "tcpdump -n -s 0 -w - | nc -l -p 11233"

In the second terminal, run:

adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | wireshark -k -S -i -

The second command will launch Wireshark; if one or more interfaces is active, you should see all of the packets your phone is sending and receiving on those interfaces.

Gotchas

1. Restarting the running live capture in Wireshark (i.e. by clicking on the toolbar icon with the "back" arrow) seems to break the connection to the phone. When this happens, exit Wireshark and kill the tcpdump process (in the first terminal, above), then re-run the two commands again. 2. if you get an error : tcpdump: no suitable device found, run |adb root| first. You need root access on the device in order to get tcpdump

TODO

  1. Provide instructions on how to build nc and tcpdump from source.