Wireshark-users: Re: [Wireshark-users] Android 2.3.3

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 2 Sep 2011 11:58:37 -0700
On Sep 2, 2011, at 11:39 AM, Tony Trinh wrote:

> While there isn't a mobile edition of Wireshark [yet], there are other packet-capture tools, based on tcpdump (which runs on most Android devices). However, tcpdump requires root privileges, so you would have to root your phone in order to use it (assuming a rootkit is available for your device).

And if anybody's about to use one of the iOSBasedMachineNames in a question, the same applies there - no jailbreak, no capture.

In iOS, the only privilege you need to capture traffic is sufficient privilege to open a BPF device, but, by default, they're owned by root, permissions rw-------, in Darwin; we can (and do) override that in Mac OS X (by installing a startup item), but no way are Apple going to let us get away with that (or installing a launchd LaunchDaemon to do the same thing) in either an iOS App Store or Mac App Store application.

I don't know what kernel versions Google are using, but it appears that Linux can give executable images additional privileges - see the Linux information in

	http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Of course, you probably need root privileges to do so, unless you can request that in an Android app.