0

Does anyone know how I might go about filtering tcpdump, so that I can ultimately get a list of hosts (not IP's) with time stamps?

I need to try to identify all the websites our test devices are going to and at what time. The exact URL is not required, just the domain.

The goal is to be able to create an arraylist like this or similar:

String domain = "www.google.com";
String timestamp = "<some time and date>";
ArrayList<String, String> sites = new ArrayList<>();
sites.put(domain, timestamp);

So this would be a huge array but those are the only two pieces of information I care about. How can I filter tcpdump to ignore everything else? I only want to know about requests going out, not replies.

Alternatively if there is another tool that can do this then that would be fine too. The target platform is Android. The devices will be rooted. If someone knows a way to get this without rooting even better but as far as I can tell this is not possible.

Thanks.

Michael Vescovo
  • 3,741
  • 4
  • 32
  • 45
  • i once used```pcap``` lib to write a program to filter network package, you can specify the ```recieved_packet_callback``` yourself. as of tcpdump, don't know how to config the output format... – sel-fish Aug 27 '16 at 10:30
  • Thanks for the suggestion. Having a look at the filter http://www.tcpdump.org/pcap.html it doesn't seem like I can any more easily extract the host than the tcpdump filter. Thanks anyway. As it turns out requirements have changed and so I don't even need this now. – Michael Vescovo Aug 27 '16 at 10:48

0 Answers0