Running Wireshark for Android has been an dream for a long time. Now it became a reality!
You only need a rooted Android device with ~2GB free space, Internet connectivity and some patience to follow the steps below.
- Install Lil’ Debi from
Google Play orF-Droid. Lil’Debi will install a Debian root file system in a loop device separately from the Android file system allowing us running Debian side-by-side to the Android apps.
- Start Lil’ Debi and create the Debian system with 2000 MB image size. We will need some space for Wireshark, the graphical interface Wireshark depends on and for the capture files.
- Start the newly created Debian system and log in to it. You will see the error message “bash: [: : integer expression expected”, but you can continue.
- Now run the following commands at the command line to install all the packages Wireshark will need:
# some important directories are missing from the PATH by default export PATH=/sbin:/usr/sbin/:$PATH # we will start an X server later export DISPLAY=127.0.0.1:0 # install wireshark an a few things to make it nicer apt-get install openbox gnome-themes-standard tshark wireshark # gnome-settings-daemon depends on plenty of packages we don't need now, # but we need gnome-settings-daemon for the GNOME theme to be applied apt-get install --no-install-recommends gnome-settings-daemon
- To run graphical applications from the Debian chroot we need to set up an X server on Android because Android uses a different method for presenting the GUI. XServer XSDL is available from Google Play and from SourceForge. Install and start it. It will show the display it is serving which will most probably end with :0, so the DISPLAY environment variable we set before is correct. (If there is an other number after the “:”, fix your DISPLAY variable.)
- Start the openbox window manager, gnome-settings-daemon and finally wireshark in capturing mode:
openbox & # if you would like to have bigger menu fonts skip starting gnome-settings-daemon gnome-settings-daemon & wireshark -k -i wlan0
- Switch to the X server to see wireshark starting up, close the warning dialogs start capturing traffic!
I tested the tests above using a Nexus 7 (Asus 2013 version) running CyanogenMod M7, thus root access was granted by default, Lil’ Debi 0.4.7, and XServer XSDL 1.11.14.
update: Lil’ Debi has apparently been removed from Play Store. 🙁