I'm interesting in making a C# program that could be able to capture network traffic from Android device. Using ADB, I'm able to forward traffic from device to windows standard output. Then, the output will be forwarded to Wireshark which is pre-configured to listen to standard output.
Below is commands I'm using, just in case someone else needs
In the first CMD window
adb shell "tcpdump -n -s 0 -w - | nc -l 11233"
In the second CMD window
adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | wireshark -k -S -i -
Here is my question.
I'm using SharpPcap to capture network traffic in my program. Currently, I'm able to get packet from my network adapter, i.e. Ethernet or WiFi. But as you can see, network traffic is forwarded from Android device to standard output after this command
adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233
And output of this command will be input of the following one as Wireshark is configured to listen to standard output by "-i -"
Each time 2 above commands are executed, one instance of Wireshark window will be opened to capture packets. This could not be applied to my program.
The idea is to open a form using SharpPcap to capture packets from standard output
Does anyone know how to do this? Any other idea is also welcome.
Thanks a lot!!!
Can you create a fifo using
mkfifo and have
nc write to the fifo instead of to stdout? Then just have wireshark read from the fifo instead of from stdin? Something like:
mkfifo sharkfin wireshark -k -S -i sharkfin & adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 > sharkfin
In case wireshark stops capturing and you don't want it to, you can also issue the following command just after launching wireshark to ensure that wireshark never receives EOF.
cat > sharkfin &