Tcpdump trace on android - could not load library "libssl.so" needed by "/system/bin/tcpdump"

Question

I need to do tcpdump trace on my android devices.

My setup:

Push tcpdump file to sdcard

adb push filepath/tcpdump /sdcard/tcpdump

Copy file to /system/bin

Give root privileges to tcpdump file

adb shell
cd /system/bin
su
chmod 777 tcpdump

Install BUSYBOX from Google Play

Run tcpdump trace

tcpdump -vv -s 0 -w /sdcard/filename.pcap

I have already managed to do that on Samsung Galaxy S4 - it works fine. However, it doesn't work on my Samsung Galaxy Tab. After tcpdump command I got error:

tcpdump
soinfo_link_image(linker.cpp:1635): could not load library "libssl.so" needed by
 "/system/bin/tcpdump"; caused by load_library(linker.cpp:761): not a valid ELF
executable: libssl.soCANNOT LINK EXECUTABLE

Both devices are rooted and they have the same tcpdump configuration. I have libssl.so in /system/lib/

Samsung Galaxy S4

C:\Windows\System32>adb shell
shell@android:/ $ su
su
root@android:/ # cd system/bin
cd system/bin
root@android:/system/bin # tcpdump
tcpdump
tcpdump: WARNING: arptype 530 not supported by libpcap - falling back to cooked
socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rmnet_usb0, link-type LINUX_SLL (Linux cooked), capture size 96 byt
es

Samsung Galaxy Tab

C:\Windows\System32>adb shell
root@android:/ # su
su
root@android:/ # cd system/bin
cd system/bin
root@android:/system/bin # tcpdump
tcpdump
soinfo_link_image(linker.cpp:1635): could not load library "libssl.so" needed by
 "/system/bin/tcpdump"; caused by load_library(linker.cpp:761): not a valid ELF
executable: libssl.soCANNOT LINK EXECUTABLE
 255|root@android:/system/bin #

score 4 · Answer 1 · answered May 23 '14 at 06:46

http://www.kandroid.org/online-pdk/guide/tcpdump.html

it may useful.

adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap

# "-i any": listen on any network interface
# "-p": disable promiscuous mode (doesn't work anyway)
# "-s 0": capture the entire packet
# "-w": write packets to a file (rather than printing to stdout)

... do whatever you want to capture, then ^C to stop it ...

adb pull /sdcard/capture.pcap .

sudo apt-get install wireshark  # or ethereal, if you're still on dapper
wireshark capture.pcap          # or ethereal

KnightWhoSayNi · Answer 2 · 2013-10-25T07:59:18.123

0

SOLUTION

I solved my problem by copying 'libssl.so' and 'libcrypto.so' from Samsung Galaxy S4 to Samsung Galaxy Tab. It seems to work fine. I have no idea about the possible negative impact of that change.

edited Oct 25 '13 at 07:59

answered Oct 21 '13 at 13:16

KnightWhoSayNi

520
1
5
13

score 0 · Answer 3 · answered Mar 08 '14 at 03:46

0

Samsung Galaxy Discover SGH-S730M *#9900# TCP Dump requires OTP Authentication, so I would assume TCP dump won't work on any Android device without a password.

answered Mar 08 '14 at 03:46

adam

1

I'm working on rooted devices and I use this: http://www.tcpdump.org/ . It works fine – KnightWhoSayNi Mar 08 '14 at 19:28

Tcpdump trace on android - could not load library "libssl.so" needed by "/system/bin/tcpdump"

3 Answers3