Cross-Compiling or Building Android tcpdump?


Building

There are multiple ways of building or compiling Android tcpdump. The one outlined below is the method we use to build the Android tcpdump binary that you will find in our downloads section. You can also try using the NDK from Google. The NDK uses a different set of libraries, tool-chains, and compile tools.

The tcpdump we offer in our downloads section was compiled with a method called Cross-Compiling. Cross-Compiling is a method of compiling one operating system binary on another operating system. In our instance we are cross-compiling the Android binary on an Ubuntu Linux system targeting the ARM architecture. Once the binary or program is created, it can only run on the targeted operating system. So the binary can only run on Android devices running on the ARM architecture.

Aside Note: The Architecture could be ARM, i386 or MIPS. The ARM architecture is used in 95% of the Androids in the market, so the binary you will find in our downloads is for the ARM architecture. Also, we only have access to devices with the ARM architecture, so we cannot confirm whether binaries compiled for other architectures will work. If you would like us to compile a binary for i386 or MIPS please let us know in our contact page so we can make appropriate arrangements.

Ubuntu Compile Tools

To install the compile tools and tool chains we used, execute the following on your Ubuntu Linux Server:

To compile the 32 Bit version, you need the following gcc compiler:

sudo apt-get install gcc-arm-linux-gnueabi

To compile the 64 Bit version, you need the following gcc compiler:

apt-get install gcc-aarch64-linux-gnu

You may need the following dependencies as well:

sudo apt-get install byacc
sudo apt-get install flex

Note: You only need to install the above mentioned compile tools once on your system.

Steps to Compile Android tcpdump

  1. Download the latest tcpdump source code from https://www.tcpdump.org. In this case, we will compile the latest version, tcpdump-4.99.5.
    2. wget https://www.tcpdump.org/release/tcpdump-4.99.5.tar.gz
  2. Since tcpdump is dependent on the libpcap, we will need to download this as well. Download the latest libpcap source code from https://www.tcpdump.org
    3. wget https://www.tcpdump.org/release/libpcap-1.10.5.tar.gz
  3. Extract the source code into the respective directories.
    4. tar zxvf tcpdump-4.99.5.tar.gz
    tar zxvf libpcap-1.10.5.tar.gz
  4. Export your compiler to point to the ARM Linux build tool. Note: These libraries may not be available by default on your linux operating system. You may need to "yum" or "apt-get" the appropriate building libraries or toolchains. For 32 bit, you need:
    5. export CC=arm-linux-gnueabi-gcc
  5. For 64 bit compiling, you will need:
    6. export CC=aarch64-linux-gnu-gcc
  6. We need to compile the LIBPCAP first. Change your directory to where you extracted your LIBPCAP
    7. cd libpcap-1.10.5
  7. Execute the configure file which came with LIBPCAP with a few switches. The "--host=arm-linux" tells the compiler that we are cross compiling to ARM. The "--with-pcap=linux" will tell the compiler which packet capture type we are compiling.
    8. ./configure --host=arm-linux --with-pcap=linux
  8. Then execute the "make" command. This should create the libpcap library.
    9. make
  9. Now, change your directory to where you extracted your TCPDUMP file
    10. cd tcpdump-4.99.5
  10. We need to find out what major version our Ubuntu (or Linux) operation system kernel is running. Execute the uname -a command. Note: Your output may be different, but look for something which looks like a version number. Below, mine is 2.6.32-042stab094.8. We grab the first "2".
    11. uname -a

    The above command produced the following output:
    Linux androidtcpdump 2.6.32-042stab094.8 #1 SMP Tue Dec 16 20:36:56 MSK 2014 i686 i686 i686 GNU/Linux

  11. Set the ac_cv_linux_vers variable to the major number of your release Kernel version from the previous command.
    12. export ac_cs_linux_vers=2
  12. Export the following variables required for compiling. Since we want the executable to be self-contain (ie. not reliant on external libraries, we provide the following flags to build it statically.
    13. export CFLAGS=-static
    export CPPFLAGS=-static
    export LDFLAGS=-static
  13. Execute the configure file which came with TCPDUMP with a few switches. The "--host=arm-linux" is telling the compiler we are cross-compiling, and the "--disable-ipv6" to disable IP Version 6.
    14. ./configure --host=arm-linux --disable-ipv6
  14. Execute the "make" command. This will build the tcpdump binary.
    15. make
  15. Strip the symbol information to make the binary even smaller. These symbols are only useful in debugging the application. For 32 bit:
    16. arm-linux-gnueabi-strip tcpdump
  16. For 64 bit:
    17. aarch64-linux-gnu-strip tcpdump
  17. Done. Your finished binary should be in your tcpdump directory.

All-In-One Script (32 Bit)

Below are all the steps listed above in an easy script. You only need to change the versioning information and perhaps your linux Kernel version in the "ac_cv_linux_vers" variable

export TCPDUMP=4.99.5
export LIBPCAP=1.10.5

wget https://www.tcpdump.org/release/tcpdump-$TCPDUMP.tar.gz
wget https://www.tcpdump.org/release/libpcap-$LIBPCAP.tar.gz

tar zxvf tcpdump-$TCPDUMP.tar.gz
tar zxvf libpcap-$LIBPCAP.tar.gz
export CC=arm-linux-gnueabi-gcc
cd libpcap-$LIBPCAP
./configure --host=arm-linux --with-pcap=linux
make
cd ..

cd tcpdump-$TCPDUMP
export ac_cv_linux_vers=2
export CFLAGS=-static
export CPPFLAGS=-static
export LDFLAGS=-static

./configure --host=arm-linux --disable-ipv6
make

arm-linux-gnueabi-strip tcpdump

All-In-One Script (64 Bit)

Below are all the steps listed above in an easy script. You only need to change the versioning information and perhaps your linux Kernel version in the "ac_cv_linux_vers" variable

export TCPDUMP=4.99.5
export LIBPCAP=1.10.5

wget https://www.tcpdump.org/release/tcpdump-$TCPDUMP.tar.gz
wget https://www.tcpdump.org/release/libpcap-$LIBPCAP.tar.gz

tar zxvf tcpdump-$TCPDUMP.tar.gz
tar zxvf libpcap-$LIBPCAP.tar.gz
eport CC=aarch64-linux-gnu-gcc
cd libpcap-$LIBPCAP
./configure --host=arm-linux --with-pcap=linux
make
cd ..

cd tcpdump-$TCPDUMP
export ac_cv_linux_vers=2
export CFLAGS=-static
export CPPFLAGS=-static
export LDFLAGS=-static

./configure --host=arm-linux --disable-ipv6
make

aarch64-linux-gnu-strip tcpdump

You're Done.

Now you have the instructions we use to build android tcpdump. But there are alternatives to compiling/building. If you do not have access to a Linux system, or ran into difficulties compiling, you can always just download the latest version from our Downloads area. It is just that easy.