Re: Libpcap on mobile Android platform

[Michael Richardson <mcr () sandelman ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> > > > > "Mark" == Mark Bednarczyk <voytechs () yahoo com> writes:
    Mark> I found a port of libpcap to Android (
    Mark> <http://github.com/android/platform_external_libpcap>
    Mark> http://github.com/android/platform_external_libpcap). Android

So, I'm doing lots of Android work lately.
tcpdump/libpcap is actually in the stock android build tree, but isn't
included by default in the non-engineering build.

Works great on the command line.

    Mark> is linux underneath but java as the main application API. I am
    Mark> trying to figure out if my java wrapper http://jnetpcap.com
    Mark> <http://jnetpcap.com/> can be extended for that
    Mark> platform. Android does support JNI (java to native interface)
    Mark> so its possible to link it with native libpcap on android
    Mark> based device (i.e. smart phones). So I have a few questions.

Android SDK (under "eclipse") does not support JNI.
Android NDK ("native Development kit") does support JNI.
The full build tree includes libpcap already.

However, Applications do not run with root priviledges, and even if
you've rooted your phone, it's very hard to get Java applications
("activities") to run as root.  So, don't expect to easily get driftnet or
dsniff or tcpdump to run nicely to give you a cool, integrated wireless
sniffer... 

I recently created an APK that included a helper application, and you
run a shell script as root to create a setuid executable that the
activity can start to get the priviledges it needs, and talk to it over
the Android IPC (Binder).  You could take that approach, and your JNI
code could adapted to transparently speak binder to such a daemon.
 
    Mark> What is the status of libpcap on that platform in general?
 
    Mark> Is it actively maintained?

I didn't see any significant changes in that tree at all. It just works.
 
    Mark> Can libpcap library be distributed as part of an android
    Mark> application package or does it need special android build to
    Mark> be installed?

You certainly could distribute it, and even access it via JNI.

You could link your JNI wrappers statically against a libpcap.a to
produce a single .so that you could distribute, and you could then
analyze pcap files on the phone.  So, you could open a "connectbot"
shell, su, run tcpdump -w file.pcap, and then run some activity built
with your interface to display/analyze the packets. (use inotify to tell
when more data is available in the file).

(Have you seen the tricorder "application"?  network trace info would be
a cool new tab to have. "Just a second Captain, I'll try to tap into
their primitive planet's communications system using my tricorder...")

    Mark> If no special build is required what is the minimum Android
    Mark> SDK API and I would assume that atleast a generic or common
    Mark> ARM processor type support is provided?
 
    Mark> Anything missing from libpcap API because of android
    Mark> limitations?

live captures.
 
- -- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBS2x+PICLcPvd0N1lAQIl2Af9EEc9hSG8GVLfIFdX21b5u6ohlOElwhDT
5AIwtyLdXNu6WXVK51LY2+tikx8l1f6ec0Yo8mSYUOGrZv6GDJLmvEMUucRKWTf/
HRVntfpy4PrFy/31LUQyhR34uWp+JlwM49Xc6cMXaue0ePTCQS44w+xxAFCQr5uw
/JSfZFyqChdSNHppLox22CQmyUc+5BoWi/tpnJRvTpgSmDkNl15LhAElGkZPoJVH
K/NZbiH6g6gO+BUXcxRtCaneLTXO00VQAjg23Ph7a8s6ONvb9NaltjcAoIainh5V
rgx/WwzpaYX4qSN4jqvZWOS0NurdyiiELYAC49/7KBi1w/483dqYaA==
=LvZt
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.