TCPDUMP incoming traffic capturing

0
votes

I am using TCPDUMP-arm because I'd like to capture TCP packets arriving on my tablet. The problem is that I want to get rid of the results about the outgoing packets.

When I execute: 

./tcpdump-arm tcp -qt -l > /sdcard/res.txt

I get results like:

IP 172.17.***.***.49890 > 74.125.***.***.5228: tcp 139
IP 172.17.***.***.56869 > 173.194.***.***.80: tcp 0
IP 173.194.***.***.80 > 172.17.***.***.56869: tcp 0

Where the IP starting with 172.17. is mine.

So, is there a way to adjust TCPDUMP to show me only the last result (the one where my IP is destination)

2
androidpackettcpdumppacket-capture
The solution isn't immediately jumping out of tcpdump's rather lengthy man page. If I wanted to solve the problem right now I'd just pipe the output through a negative grep for my own IP address in the first position... though I expect there is a better way.Chris Stratton

2 Answers

0
votes

Not sure about tcpdump-arm (never used it), but assuming that the pcap-filter expression is the same as tcpdump's (which is quite likely, I'd think), then to see tcp traffic and leave out packets where your IP address is the source, your expression should be:

tcp and src host not 172.17.x.x

Can't try it out now to be 100% sure, but I'll leave that to you.

0
votes

I've managed to deal with the problem :)

Also , I created one ToggleButton in my app , in order to Start/Stop TCPDUMP. Now I want to be able to read the text file which is generated, while the program is still executing , and make decisions based on the data from the file.

The problem is that I want to read only the latest results , and so far I can just read the whole file from begging to the end. My other option is somehow to read the output from TCPDUMP directly/live in my app , without making a text file , but I have no idea how to achieve that.

I am looking forward for your replies.