Article from: Listen to Cloud Blog

In many cases, network packet capture and analysis are required. The packet capture on the iPhone is slightly different. The following three commonly used methods are introduced. The analysis tool takes wireshark as an example.

1. The easiest way: use the PC as a hotspot and capture packets on the PC

Pros: Simple

Disadvantage: can not capture real machine 2g/3g/4g network data

Proceed as follows:

1. Connect the PC to the cable

2. The PC uses wifi to share the network, that is, the PC is used as a hotspot.

3. Set the network on the mobile phone and select the PC hotspot

4. Open wireshark on the PC, select the interface to be monitored, specify the wifi port, and start capturing.

2. tcpdump command

Advantages: There are many advantages, you can do very advanced customization and selection, and you can programmatically control

Disadvantages: two, one is that the phone must be jailbroken, and the other is that it is more troublesome to use.

Proceed as follows:

1. Download tcpdump

Search and install tcpdump from cydia, if not found, please add the source http://apt.saurik.com

2. Install openssh

Search and install openssh from cydia, if not found, please add the source first http://apt.saurik.com

3. Exit cydia, this will restart the machine or restart springboard

4. Access the mobile phone through ssh command on the PC, as root, the initial password of root is alpine, for example:

ssh [email protected]

After entering the password as prompted, you can log in to the phone remotely (it is recommended that the first thing is to use pwd to immediately change the default password). At this time, you can execute the tcpdump command to record network data.

5. Simple usage of tcpdump

tcpdump -h displays help information:

Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ]

[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]

[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]

[ -W filecount ] [ -y datalinktype ] [ -Z user ]

[ expression ]

Regarding the use of tcpdump, there are many online, for example: http://blog.chinaunix.net/uid-20237628-id-3946009.html

Since tcpdump only captures data, we need to get the captured data on the PC and analyze it with wireshark or similar tools, so the -w switch is necessary, it is used to specify a file that saves the captured data, and then we will Copy this file to a computer for analysis.

The -i switch is the most important, it specifies the network interface to intercept, for wifi, the interface is en0, for mobile digital networks, the network interface is pdp_ip0

E.g:

tcpdump -s 0 -i pdp_ip0 -w ~/1.PCap

The command requires to capture the data of the mobile network interface, to complete the data packet, and to save it to the ~/1.PCap file.

When it needs to end, use ctrl+z to end the tcpdump command. After the end, the data cached in the memory will be completely written to the file.

6. Copy the file to the PC

Copy the file to the PC with the scp command:

scp [email protected]:~/1.PCap ./

(Or a tool like ifunbox is easier to drag and drop)

7、现在，可以用wireshark打开1.PCap分析数据了。

总之，tcpdump很强大，也很复杂。以上我故意没有贴图，贴图会让篇幅很大，有点吓人。