I installed tcpdump on my Android tablet and am running commands from a root adb shell. I'm working from the tcpdump man page examples, specifically this one:
To print all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets.
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
If I execute the above command on my desktop (Ubuntu), it runs fine. If I try and execute it on my Android device, like this:
adb shell tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
I get this error:
/system/bin/sh: can't create 2)) != 0): Read-only file system
/system/bin/sh: here document missing
tcpdump: syntax error
/system/bin/sh: can't create 2)) != 0): Read-only file system
/system/bin/sh: here document missing
tcpdump: syntax error
And the following command runs fine on the Android device:
tcpdump 'tcp port 80'
It seems like the filter expression isn't being parsed properly, or something, but I'll be honest, I'm not sure how exactly it works, so I'm not sure where to start with troubleshooting. Any ideas as to what's going wrong or how to fix it?
