Wireshark-dev: Re: [Wireshark-dev] mobile

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 24 Dec 2008 10:58:42 -0800

On Dec 23, 2008, at 7:55 AM, Milo Rambaldi wrote:

hi, isit possible to get wireshark on the mobilephone?

(Presumably by "mobile phone" you mean "smartphone".)

A Wireshark package for Openmoko apparently exists:

	http://www.pocketpicks.co.uk/latest/index.php/2008/09/22/neopwn-pocket-penetration-testing-with-an-openmoko/

If somebody were to make a smartphone that runs Maemo, it might work there as well, as, like the Openmoko OS, Maemo is Linux-based and includes GTK+.

How well Wireshark would work on a smaller screen is another matter; to work well on a smartphone, a different GUI would probably be required.

I don't know whether any other Linux-based smartphone OSes would be able to run Wireshark.

The iPhone also runs UN*X, and supports BPF (at least as of the last 1.x iPhone OS that I had jailbroken), so, at least in theory, it's conceivable that a version of Wireshark could be made that would run on the iPhone. However, as of late 1.x, iPhone OS apps don't run as root, so some means would have to be found to either

1) make the BPF devices owned by the account running the apps ("mobile", I think)

or

	2) have dumpcap set-UID to root

and I don't think Apple would approve of either of those to put the app into the Apple Store, so an iPhone Wireshark would probably be only available for jailbroken iPhones (jailbroken, not necessarily unlocked). The GUI code would have to be rewritten to use UIKit, but you'd want to rewrite it anyway, as per the above.

Windows Mobile is built atop Windows CE, and there's an unsupported version of WinPcap for Windows CE:

	http://www.winpcap.org/install/default.htm

but nobody's ported Wireshark to Windows Mobile, as far as I know.

I don't know of any port of libpcap to Symbian, or of any port of Wireshark to Symbian, and don't know how difficult that would be. I think the only third-party applications the Blackberry OS supports are Java applications.