There are three ways to capture packets:
1. Set up network sharing on the PC and generate a wifi hotspot for mobile devices to use
2. Open the http proxy tool server (such as burpsuite, charles), and then the mobile device goes online through the HTTP proxy (only HTTP/HTTPS can be captured)
3. Use a tunneling tool such as nc+ADVsock2pipe to introduce traffic on iOS to the PC (requires jailbreak)
The above methods all have defects, such as the defect that only wifi network communication can be captured, but 2G/3G network packets cannot be captured.
After iOS 5, apple introduced the feature of RVI remote virtual interface. It only needs to connect the iOS device to the mac using a USB data cable, and then use the rvictl tool to create a virtual network interface rvi in the Mac with the UDID of the iOS device as a parameter. You can use tools such as tcpdump and wireshark on the mac device to capture and analyze the created interface.
Step 1: Connect the iOS device to the MAC with a USB cable
Step 2: Obtain the UDID of the iOS device, which can be viewed using iTools or the Organizer tool of Xcode
Step 3: Create the RVI Interface
$ rvictl -s <UDID>
The command rules of the RVI virtual interface can be rvi0, rvi1,. . . , after creation, you can use the following command to check whether the creation is successful
$ ifconfig rvi0
Step 4: Use tools such as wireshark or tcpdump to capture packet analysis on mac
$ sudo tcpdump -i rvi0 -n -vv
Step 5: After the analysis, remove the created RVI interface
$ rvictl -x <UDID>
Capture interface:
