How do I check tcp packets when they were blocked by droidwall?

Question

I'm using cyanogenmod's rom with droidwall activated with whitelist mode, and nothing checked.

I've seen some strange ips being called, and droidwall blocking them. I wan to analyse these packets. Which is the best way?

PS: I dont have Android Market installed.

score 3 · Accepted Answer · answered Jan 11 '12 at 00:36

3

Cyanogenmod has tcpdump installed. You can run it from the shell, just make sure you select the correct interface:

tcpdump -i tiwlan0 -vv

Or, you can write the dump to a file on your sdcard, and analyze it with Wireshark on your desktop later:

tcpdump -i tiwlan0 -w /mnt/sdcard/tcpdump.out

There is also software like Shark for Root, which will capture the packets like tcpdump (it requires root, but does not require tcpdump, which is available on my Cyanogenmod 7.1, but I'm not sure if it is available in all versions of Cyanogenmod).

answered Jan 11 '12 at 00:36

haimg

1,278
3
11
22

Thanks @haimg. The sdcard option is really interesting. If I stop the command, will it have all dumps from before stopping? – Somebody still uses you MS-DOS Jan 11 '12 at 02:37
@SomebodystillusesyouMS-DOS: Yes, that's the idea... – haimg Jan 11 '12 at 04:23
I've disabled my adsl modem, and tried to do this command, but it didn't save any http packet. Is this command correct? Am I doing something wrong? – Somebody still uses you MS-DOS Jan 26 '12 at 00:02

How do I check tcp packets when they were blocked by droidwall?

1 Answers1