Search code examples
bashtcpdumpmonkey

Trouble getting tcpdump to capture data from android


I'm trying to write a bash script in Ubuntu to install an app on an android emulator, send random commands to the app using 'monkey' and capture all the data with tcpdump. Code:

#!/bin/bash

#store all apks files in array
shopt -s nullglob
packageArray=(*.apk)


function getPackageName()
{
    myResult= aapt dump badging $1 | grep package | awk '{print $2}' | sed   s/name=//g | sed s/\'//g
}

#loop through array installing, testing and capturing data, and uninstalling
for i in "${packageArray[@]}";
do
    :
    myResult=$(getPackageName "$i")

echo "------------------INSTALLING-----------------"

sudo adb install $i
echo "*****************INSTALLED****************************"

echo "*****************TESTING****************************"

#-------THESE COMMANDS ARE THE TROUBLE-------

(sudo -i xterm -e "tcpdump src 10.0.2.11 -vvv >   /home/seed/Documents/autoTcpLogs/$myResult.pcap" &
sudo -i xterm -e "adb shell monkey -p $myResult -v 500")
echo "------------------DONE TESTING-----------------"

sudo adb uninstall $myResult
echo "*****************PACKAGE UNINSTALLED****************************"

done

The Problem: I need a good way for tcpdump to close once monkey has completed sending the 500 random commands. I've tried using the KILL command in a few different ways, but it doesn't seem to do the trick.


Solution

  • Consider the following example:

    #!/bin/bash
    
    sudo -- tcpdump > /dev/null &
    SUDO_TCPDUMP_PID=$!
    echo "Waiting 3 seconds"
    sleep 3;
    echo "3 seconds elapsed"
    sudo -- setsid kill -TERM "${SUDO_TCPDUMP_PID}"
    

    EDIT (read question comments): We need to use setsid to force the signal to be sent from a different session, otherwise sudo will not relay the signal (see sudo manpage).

    The PID of sudo tcpdump ... (the sudo pid in this case) will be stored in the SUDO_TCPDUMP_PID variable, which will be used as kill argument:

    $ ./tcp.sh
    Waiting 3 seconds
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on wlp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
    3 seconds elapsed
    0 packets captured
    2 packets received by filter
    0 packets dropped by kernel
    $