Thank you, for all the great info ! While I don't intend to capture on my phone but I do need to examine a capture from time to time.
Glenn
On Sep 2, 2011 2:59 PM, "Guy Harris" <
guy@xxxxxxxxxxxx> wrote:
> 
> On Sep 2, 2011, at 11:39 AM, Tony Trinh wrote:
> 
>> While there isn't a mobile edition of Wireshark [yet], there are other packet-capture tools, based on tcpdump (which runs on most Android devices). However, tcpdump requires root privileges, so you would have to root your phone in order to use it (assuming a rootkit is available for your device).
> 
> And if anybody's about to use one of the iOSBasedMachineNames in a question, the same applies there - no jailbreak, no capture.
> 
> In iOS, the only privilege you need to capture traffic is sufficient privilege to open a BPF device, but, by default, they're owned by root, permissions rw-------, in Darwin; we can (and do) override that in Mac OS X (by installing a startup item), but no way are Apple going to let us get away with that (or installing a launchd LaunchDaemon to do the same thing) in either an iOS App Store or Mac App Store application.
> 
> I don't know what kernel versions Google are using, but it appears that Linux can give executable images additional privileges - see the Linux information in
> 
> 	
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
> 
> Of course, you probably need root privileges to do so, unless you can request that in an Android app.
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <
wireshark-users@xxxxxxxxxxxxx>
> Archives:    
http://www.wireshark.org/lists/wireshark-users> Unsubscribe: 
https://wireshark.org/mailman/options/wireshark-users
>              mailto:
wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe