Created
December 21, 2025 00:25
-
-
Save 0xDE57/8f812432c4c97e238f7a3293f6b874e7 to your computer and use it in GitHub Desktop.
tcpdump rooted android into wireshark
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| adb root | |
| adb remount | |
| adb exec-out "tcpdump -i any -U -w - 2>/dev/null" | sudo wireshark -k -S -i - |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
adb:
adb exec-out "tcpdump -i any -U -w - 2>/dev/null"exec-out is an option in adb that runs the specified command on the device and sends its output back to your host machine.
tcpdump:
-i any: Listen on all interfaces.
-U: Output packets as soon as they arrive (unbuffered).
-w -: Write the captured data to standard output instead of a file. This allows piping it directly to another program.
2>/dev/null: Redirects error messages to /dev/null, effectively silencing any errors.
Wireshark:
| sudo wireshark -k -S -i --k: Start capturing packets immediately after opening a new capture file or interface.
-S: Automatically scroll the packet list during live captures.
-i -: Read from standard input. This tells Wireshark to listen for incoming data from the previous command (tcpdump) instead of using a network interface.