This article will describe the topic according to the following outline, focusing on Android network communication:
1. Why packet capturing is necessary;
2. How to capture packets;
3. A simple analysis of messages;
(Note: The devices mentioned in the article refer to Android system devices)
1. Why Packet Capturing is Necessary
During network communication, higher layers often use protocols related to HTTP. Nowadays, there are many open-source frameworks for network communication, like okhttp, which have already provided us with very simple interfaces. You might need just one line of code to achieve simple functions like uploading.
Communication between various protocol layers in the network is carried out through message transmission, with each protocol layer having its own message format. Sometimes we need to verify whether the sent or received message information is correct, and this is when packet capturing is needed for analysis. There are, in fact, many scenarios where packet capturing is used; for instance, if you want to download a video from a website using PHP, you can capture packets to examine the website’s request information and discern the actual access URL of the video.
Personally, I use packet capturing while implementing socket communication. When two devices communicate via UDP, with one being an Android system and the other a Linux system, the message content is defined by a protocol specific to the project. During development, when there’s a discrepancy in the received and sent messages during joint debugging, packet capturing is the best approach, relying on actual captured content.
2. How to Capture Packets && How to Perform Simple Message Analysis
There are many tools and methods to capture packets on Android. Below are the two methods I have personally used. One involves installing the Fiddler tool on a PC to view network messages in real-time on the computer, and the other uses the tcpdump command to capture packets and then analyze them using Wireshark software. I’ve mostly used the second method, capturing packets directly through commands is relatively convenient, and the captured packets can be shared with colleagues for analysis.
Using the Fiddler tool requires both the device’s IP and the computer’s IP to be on the same network segment. For instance, if using a company’s unified WiFi, both the PC and the device should connect to the company’s WiFi. Additionally, the WiFi proxy on the device needs to be set to the PC’s IP. The purpose here is clear: when the device’s WiFi proxy is set to the PC’s IP, any network access by the device actually occurs through the PC, so Fiddler can easily show the network access status.
Alright, after understanding the basics of Fiddler, let’s get started!
(The following screenshot is from examining a request message instance of the Himalaya app)
2. Next, let’s explore the second method: utilizing the tcpdump command to capture packets, followed by analyzing them with Wireshark software for Android network communication.
1) tcpdump packet capturing command
2) Using Wireshark to analyze captured packets
On Windows, use Wireshark to open the captured ***.pcap file.
The following screenshot shows packets filtered from 192.168.7.2 to 192.168.7.3 according to the requirement. It indicates that the protocol is UDP and the port used is 4052.
Click open a packet to view more specific information, where more attention is paid to the message data part. By checking the Data part, we can determine whether the message data we sent is correct.
“`