I run sudo adb root I compile tcpdump for android (it turns out is not needed on Replicant 6 as tcpdump is already included) I push tcpdump to the device using sudo adb push tcpdump-4.99.4/tcpdump /data/local/tcpdump You will notice the version I used. This was the last version I could successfully compile (but not run) When I run my compiled version of tcpdump I get error: only position independent executables (PIE) are supported.
I run (in "adb shell"): lsusb I get: Bus 001 Device 001: ID 1d6b:0002 Bus 002 Device 001: ID 1d6b:0001 Bus 001 Device 002: ID 05c6:904c You will see that Bus 001, Device 002 is the usb modem. I run: tcpdump -D ... to list devices: 1.nfqueue (Linux netfilter queue (NFQUEUE) interface) 2.usbmon1 (USB bus number 1) 3.wwan2 4.usbmon2 (USB bus number 2) 5.any (Pseudo-device that captures on all interfaces) 6.lo I incorrectly try usbmon2 because I was reading the device number instead of the bus number and get listening on usbmon2, link-type USB_LINUX (USB with Linux header), capture size 65535 bytes and 0 packets captured I then try "usbmon1", like a proper hacker lol. tcpdump -i usbmon1 -vvv -XX -s0 -w modem_replicant.pcap with tcpdump running I - dial a call for some reason, when sniffing with tcpdump, the call is automatically answered. Either way I hang up on the calling phone. To try and dissect the file on my computer, I use: sudo apt-get install tshark wireshark tcpdump git clone https://github.com/dnlplm/WiresharkQMIDissector git clone https://gitlab.freedesktop.org/mobile-broadband/libqmi.git cd WiresharkQMIDissector python3 generate_lua.py ../libqmi/data/ tshark -T json -r ../modem_replicant.pcap -X lua_script:qmi_dissector_gen.lua | tee modem_replicant_dissected.json I grep the json for "qmi" and "QMI" but receive no results. I also search for the number I dialled and recieve no results. I then try wireshark with the GUI because I am actually a novice. wireshark -r ../modem_replicant.pcap -X lua_script:qmi_dissector_gen.lua As with tshark, I don't see any qmi fields. Regarding "Info" section of wireshark when reading the pcap file with the lua dissector... There are "GET_STATUS Request" for [Port 1] to [Port 3] There are "CLEAR FEATURE Request" There are "CLEAR FEATURE Request [Port 2: C_PORT_SUSPEND]" There are "GET STATUS Request" There are "GET_STATUS Response" [Port 1] to [Port 3] There are "SET FEATURE Request" There are "SET_FEATURE Response" There are "SET_FEATURE Request [Port 2: PORT_SUSPEND]" There are "URB_BULK in" There are "URB_CONTROL in" There are "URB_INTERRUPT in" The protocols are all either "USB" or "USB HUB" The source seems to be either "host", "1.1.0", "1.1.1", "1.2.0", "1.2.1", "1.2.3", "1.2.8", "1.2.9" The destination (likewise) seems to be either "host", "1.1.0", "1.1.1", "1.2.0", "1.2.1", "1.2.3", "1.2.8", "1.2.9" As I could see no QMI fields in wireshark or tshark, I decided not to reinstall LineageOS yet and get a tcpdump for that to compare with. I only try on scintill's branch of replicant 6 so far. I could possibly PM you Denis the pcap file but I don't believe it would be worth it. I may try the pmos thing now less anyone has any other suggestions. Josh _______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant