Capture iPhone data packets using MAC (II. RVI)

IPhone data packets captured by MAC (II. RVI) Author: xuguoxing category: IOS, developer tips Release Date:
I. Remote Virtual Interface

Two methods are introduced to capture iPhone data packets on Mac computers, one is to use the Mac network sharing function to share the Mac network to the iPhone through WiFi, and the other is to use the proxy software to create an HTTP Proxy server on the Mac; both methods import the network traffic of the iPhone to the Mac computer and connect to the Internet through the Mac, which requires that the MAC itself be connected to the Internet, for network sharing, it is also required that the MAC network cannot use WiFi, And the Wi-Fi connection is used on the iPhone, so it is not allowed to capture 2g/3G network packets.

The "remote virtual interface (RVI)" feature is introduced in ios5. You can create a virtual network interface on Mac as the network stack of iOS devices, in this way, all the traffic passing through the iOS device will pass through this virtual interface, which replaces the protocol stack of the IOS device, but does not transfer the network traffic to the network connection of the Mac device, in this way, all network connections are made to iOS devices. Mac computers are not connected to the Internet or the connected network type. However, iOS devices can be of any network type, 2G/3g/wifi. Capture packets on the RVI interface using any packet capture tool on the Mac computer to view all network data on the iOS device.

Ii. Usage

1. Connect the iPhone to the Mac using a USB port.
2. Use xcode's organizer tool to get the iPhone's udid
3. Use the rvictl command to create a remote virtual interface (RVI) and use the iPhone's udid as the parameter.

   $ rvictl -s <UDID>

   If you want to capture network packages for multiple devices, you can use the preceding command to create RVI for multiple devices and pass the udid of each iOS device as the parameter.
   The naming rules for RVI virtual interfaces are rvi0, rvi1, rvi2 ,..., You can use the ifconfig command to view

   $ ifconfig rvi0 rvi0: flags=3005<UP,DEBUG,LINK0,LINK1> mtu 0

4. Use any packet capture tool tcpdump and Wireshark on Mac to listen to the RVI interface created.
5. After use, remove the created virtual interface.

   $ rvictl -x <UDID>

Refer:
Technical Q & A qa1176-getting a packet trace
Remote packet capture for iOS devices
WWDC 2011-core OS networking in-depth presentation slides

This article is from Qingfeng's blog, which is booming. Please indicate the source and relevant links when you repost the article.

Permanent link to this article: http://www.winddisk.com/2012/09/01/mac_capture_iphone_package_remote_virtual_interface/