Remote Virtual Interface
added RVI (Remote Virtual Interface) after iOS 5, which allows us to use OS X to capture data packets on ios device.
The basic method is to connect the device to the mac via USB. Then install RVI for this device. This virtual network card on the Mac represents the network card used by this ios device. Then run the packet capture tool on the mac and locate the virtual network card to capture packets.
(1) To install RVI, you need to use the rvictl tool. The following steps are performed in the terminal of mac:
$ # First get the current list of interfaces.
$ ifconfig -l
lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0
$ # Then run the tool with the UDID of the device.
$ rvictl -s 74bd53c647548234ddcef0ee3abee616005051ed
Starting device 74bd53c647548234ddcef0ee3abee616005051ed [SUCCEEDED]
$ # Get the list of interfaces again, and you can see the new virtual $
# network interface, rvi0, added by the previous command.
lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0 rvi0
(2) After the installation is successful, you can actually use any packet capture tool to capture it. Including wireshark, etc. Because then you will see an rvi0 network card. But today we introduce it through tcpdump.
Enter the following command in the terminal:
sudo tcpdump -i rvi0 -n -s 0 -w dump.pcap tcp
Explain the meaning of the above important parameters:
-i rvi0 Select the interface to be captured as rvi0 (remote virtual interface)
-s 0 Capture all data packets
-w dump.pcap Set the saved file name
tcp Capture only tcp packets
When tcpdump runs, you can start browsing the app you want to capture on the iOS device, and the data packets generated during the period will be saved to In the dump.pcap file, you can directly terminate tcpdump when you want to end the capture. Then find the dump.pcap file in mac. It's ok to open it with wireshark.
(3) Remove the RVI virtual network card and use the following command:
$ rvictl -x 74bd53c647548234ddcef0ee3abee616005051ed
Stopping device 74bd53c647548234ddcef0ee3abee616005051ed [SUCCEEDED]
[Turn] iphone does not jailbreak capture package
Guess you like
Origin http://10.200.1.11:23101/article/api/json?id=326924310&siteId=291194637
Recommended
Ranking