File: //usr/share/wireshark/androiddump.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor 2.0.16">
<title>androiddump(1)</title>
<link rel="stylesheet" href="./ws.css">
</head>
<body class="manpage">
<div id="header">
<h1>androiddump(1) Manual Page</h1>
<h2 id="_name">NAME</h2>
<div class="sectionbody">
<p>androiddump - Provide interfaces to capture from Android devices</p>
</div>
</div>
<div id="content">
<div class="sect1">
<h2 id="_synopsis">SYNOPSIS</h2>
<div class="sectionbody">
<div class="paragraph">
<p><span class="nowrap"><strong>androiddump</strong></span>
<span class="nowrap">[ <strong>--help</strong> ]</span>
<span class="nowrap">[ <strong>--version</strong> ]</span>
<span class="nowrap">[ <strong>--extcap-version</strong> ]</span>
<span class="nowrap">[ <strong>--debug</strong> ]</span>
<span class="nowrap">[ <strong>--extcap-interfaces</strong> ]</span>
<span class="nowrap">[ <strong>--extcap-dlts</strong> ]</span>
<span class="nowrap">[ <strong>--extcap-interface</strong>=<interface> ]</span>
<span class="nowrap">[ <strong>--extcap-config</strong> ]</span>
<span class="nowrap">[ <strong>--capture</strong> ]</span>
<span class="nowrap">[ <strong>--fifo</strong>=<path to file or pipe> ]</span>
<span class="nowrap">[ <strong>--adb-server-ip</strong>=<IP address> ]</span>
<span class="nowrap">[ <strong>--adb-server-tcp-port</strong>=<TCP port> ]</span>
<span class="nowrap">[ <strong>--logcat-text</strong>=<TRUE or FALSE> ]</span>
<span class="nowrap">[ <strong>--bt-server-tcp-port</strong>=<TCP port> ]</span>
<span class="nowrap">[ <strong>--bt-forward-socket</strong>=<TRUE or FALSE> ]</span>
<span class="nowrap">[ <strong>--bt-local-ip</strong>=<IP address> ]</span>
<span class="nowrap">[ <strong>--bt-local-tcp-port</strong>=<TCP port> ]</span></p>
</div>
<div class="paragraph">
<p><span class="nowrap"><strong>androiddump</strong></span>
<span class="nowrap"><strong>--extcap-interfaces</strong></span>
<span class="nowrap">[ <strong>--adb-server-ip</strong>=<IP address> ]</span>
<span class="nowrap">[ <strong>--adb-server-tcp-port</strong>=<TCP port> ]</span></p>
</div>
<div class="paragraph">
<p><span class="nowrap"><strong>androiddump</strong></span>
<span class="nowrap"><strong>--extcap-interface</strong>=<interface></span>
<span class="nowrap">[ <strong>--extcap-dlts</strong> ]</span></p>
</div>
<div class="paragraph">
<p><span class="nowrap"><strong>androiddump</strong></span>
<span class="nowrap"><strong>--extcap-interface</strong>=<interface></span>
<span class="nowrap">[ <strong>--extcap-config</strong> ]</span></p>
</div>
<div class="paragraph">
<p><span class="nowrap"><strong>androiddump</strong></span>
<span class="nowrap"><strong>--extcap-interface</strong>=<interface></span>
<span class="nowrap"><strong>--fifo</strong>=<path to file or pipe></span>
<span class="nowrap"><strong>--capture</strong></span></p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_description">DESCRIPTION</h2>
<div class="sectionbody">
<div class="paragraph">
<p><strong>Androiddump</strong> is a extcap tool that provide interfaces to capture from
Android device. There is only two requirements:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>You must have Android SDK and add it PATH environment variable.
PATH should contain directory with tools like "adb" and "android".
Android SDK for various platform are available on:
<a href="https://developer.android.com/sdk/index.html#Other" class="bare">https://developer.android.com/sdk/index.html#Other</a></p>
</li>
<li>
<p>You must have permission to Android devices. Some Android devices requires
on-screen authentication.</p>
</li>
</ol>
</div>
<div class="paragraph">
<p>Supported interfaces:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Logcat Main (binary [<=Jelly Bean] or text)</p>
</li>
<li>
<p>Logcat System (binary [<=Jelly Bean] or text)</p>
</li>
<li>
<p>Logcat Events (binary [<=Jelly Bean] or text)</p>
</li>
<li>
<p>Logcat Radio (binary [<=Jelly Bean] or text)</p>
</li>
<li>
<p>Logcat Crash (text; from Lollipop)</p>
</li>
<li>
<p>Bluetooth Hcidump [<=Jelly Bean]</p>
</li>
<li>
<p>Bluetooth Bluedroid External Parser [Kitkat]</p>
</li>
<li>
<p>Bluetooth BtsnoopNet [>=Lollipop]</p>
</li>
<li>
<p>WiFi tcpdump [need tcpdump on phone]</p>
</li>
</ol>
</div>
<div class="paragraph">
<p>Please note that it will work also for FirefoxOS or other Android-based stuffs.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_options">OPTIONS</h2>
<div class="sectionbody">
<div class="dlist">
<dl>
<dt class="hdlist1">--help</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print program arguments.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--version</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print program version.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--extcap-version</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print extcapized version.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--debug</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print additional messages.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--extcap-interfaces</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>List available interfaces.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--extcap-interface=<interface></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use specified interfaces.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--extcap-dlts</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>List DLTs of specified interface.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--extcap-config</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>List configuration options of specified interface.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--capture</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Start capturing from specified interface save saved it in place specified by --fifo.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--fifo=<path to file or pipe></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Save captured packet to file or send it through pipe.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--adb-server-ip=<IP address></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use other then default (127.0.0.1) ADB daemon’s IP address.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--adb-server-tcp-port=<TCP port></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use other then default (5037) ADB daemon’s TCP port.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--logcat-text=<TRUE or FALSE></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>If TRUE then use text logcat rather then binary. This option has effect only on
Logcat interfaces. This have no effect from Lollipop where is no binary Logcat
available.</p>
</div>
<div class="paragraph">
<p>Defaults to FALSE.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--bt-server-tcp-port=<TCP port></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use other then default Bluetooth server TCP port on Android side.
On Lollipop defaults is 8872, earlier 4330.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--bt-forward-socket=<TRUE or FALSE></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>If TRUE then socket from Android side is forwarded to host side.</p>
</div>
<div class="paragraph">
<p>Defaults to FALSE.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--bt-local-ip=<IP address></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use other then default (127.0.0.1) IP address on host side for forwarded socket.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--bt-local-tcp-port=<TCP port></dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Specify port to be used on host side for forwarded socket.</p>
</div>
</div>
</div>
</dd>
</dl>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_examples">EXAMPLES</h2>
<div class="sectionbody">
<div class="paragraph">
<p>To see program arguments:</p>
</div>
<div class="literalblock">
<div class="content">
<pre>androiddump --help</pre>
</div>
</div>
<div class="paragraph">
<p>To see program version:</p>
</div>
<div class="literalblock">
<div class="content">
<pre>androiddump --version</pre>
</div>
</div>
<div class="paragraph">
<p>To see interfaces:</p>
</div>
<div class="literalblock">
<div class="content">
<pre>androiddump --extcap-interfaces</pre>
</div>
</div>
<div class="listingblock">
<div class="title">Example output</div>
<div class="content">
<pre>interface {display=Android Logcat Main unknown MSM7627A}{value=android-logcat-main-MSM7627A}
interface {display=Android Logcat System unknown MSM7627A}{value=android-logcat-system-MSM7627A}
interface {display=Android Logcat Radio unknown MSM7627A}{value=android-logcat-radio-MSM7627A}
interface {display=Android Logcat Events unknown MSM7627A}{value=android-logcat-events-MSM7627A}
interface {display=Android Bluetooth Hcidump unknown MSM7627A}{value=android-bluetooth-hcidump-MSM7627A}
Human-readable display name of interfaces contains interface type, one of:
android-logcat-main (Android Logcat Main)
android-logcat-system (Android Logcat System)
android-logcat-radio (Android Logcat Radio)
android-logcat-events (Android Logcat Events)
android-logcat-text-main (Android Logcat Main)
android-logcat-text-system (Android Logcat System)
android-logcat-text-radio (Android Logcat Radio)
android-logcat-text-events (Android Logcat Events)
android-logcat-text-crash (Android Logcat Crash)
android-bluetooth-hcidump (Android Bluetooth Hcidump)
android-bluetooth-external-parser (Android Bluetooth External Parser)
android-bluetooth-btsnoop-net (Android Bluetooth Btsnoop Net)
android-wifi-tcpdump (Android WiFi)
Then Android Device's name if available, otherwise "unknown".
Last part of it is DeviceID - the identificator of the device provided by Android SDK (see "adb devices").
For example:
"Android Logcat Main unknown MSM7627A"
"Android Logcat Main" - user-friendly type of interface
"unknown" - name of Android Device
"MSM7627A" - device ID</pre>
</div>
</div>
<div class="paragraph">
<p>To see interface DLTs:</p>
</div>
<div class="literalblock">
<div class="content">
<pre>androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --extcap-dlts</pre>
</div>
</div>
<div class="literalblock">
<div class="title">Example output</div>
<div class="content">
<pre>dlt {number=99}{name=BluetoothH4}{display=Bluetooth HCI UART transport layer plus pseudo-header}</pre>
</div>
</div>
<div class="paragraph">
<p>To see interface configuration options:</p>
</div>
<div class="literalblock">
<div class="content">
<pre>androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --extcap-config</pre>
</div>
</div>
<div class="literalblock">
<div class="title">Example output</div>
<div class="content">
<pre>arg {number=0}{call=--adb-server-ip}{display=ADB Server IP Address}{type=string}{default=127.0.0.1}
arg {number=1}{call=--adb-server-tcp-port}{display=ADB Server TCP Port}{type=integer}{range=0,65535}{default=5037}</pre>
</div>
</div>
<div class="paragraph">
<p>To capture:</p>
</div>
<div class="literalblock">
<div class="content">
<pre>androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --fifo=/tmp/bluetooth.pcapng --capture</pre>
</div>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">
To stop capturing CTRL+C/kill/terminate application.
</td>
</tr>
</table>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_see_also">SEE ALSO</h2>
<div class="sectionbody">
<div class="paragraph">
<p><a href="wireshark.html">wireshark</a>(1), <a href="tshark.html">tshark</a>(1), <a href="dumpcap.html">dumpcap</a>(1), <a href="extcap.html">extcap</a>(4)</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_notes">NOTES</h2>
<div class="sectionbody">
<div class="paragraph">
<p><strong>Androiddump</strong> is part of the <strong>Wireshark</strong> distribution. The latest version
of <strong>Wireshark</strong> can be found at <a href="https://www.wireshark.org" class="bare">https://www.wireshark.org</a>.</p>
</div>
<div class="paragraph">
<p>HTML versions of the Wireshark project man pages are available at
<a href="https://www.wireshark.org/docs/man-pages" class="bare">https://www.wireshark.org/docs/man-pages</a>.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_authors">AUTHORS</h2>
<div class="sectionbody">
<div class="paragraph">
<div class="title">Original Author</div>
<p>Michal Labedzki <michal.labedzki[AT]tieto.com></p>
</div>
<div class="paragraph">
<div class="title">Contributors</div>
<p>Roland Knall <rknall[AT]gmail.com></p>
</div>
</div>
</div>
</div>
<div id="footer">
<div id="footer-text">
Last updated 2022-03-04 16:13:20 UTC
</div>
</div>
</body>
</html>