Mac computer Capture Package Setup method

1: crawling iPhone packets via RVI

(1) about RVI

Using Mac to crawl IPhone packets can be two ways of sharing and acting :

• use mac The network sharing feature will macwifi share iphone connection;
• use proxy software (e.g. charles ) on machttp proxy server.

Both of these methods import the IPhone 's network traffic to a mac computer and connect to the Internet via a mac . This requires the Mac itself to be networked, and for network sharing, it requires the Mac's network to not use WiFi, and only WiFi is available on the IPhone Connection, unable to crawl to the 2g/3g network packet.

Apple inIOS 5The introduction of the new“Remote Virtual Interface(Remote Virtual Interface,RVI)” features , You can set up a virtual network interface in macios The device's network stack, so that all ios The device traffic goes through this virtual interface. This virtual interface simply listens for ios The protocol stack of the device itself (but does not relay network traffic to mac Network connection), all network connections are ios The device itself, with mac The computer itself is unrelated to the network or networking type. ios The device itself can be any network type (wifi/2g/3gmac Use any grab kit on your computer (tcpdump , wireshark< Span class= "S1", CPA ) crawl rvi The packet on the interface implements the iphone grab bag.

Mac OS X support for RVI is provided via Terminal command rvictl ,enter "rvictl?" in Terminal (Terminal). commands to view Help:

==================================================

Rvictl Options:

-L,-l List currently active devices

-S,-s Start a device or set of devices

-X,-X Stop a device or set of devices

==================================================

(2) Create a virtual interface using the rvictl-s command

First, connect your iPhone to a mac machine that has Mac Os+xcode 4.2 (or later) installed via a MFI USB cable. IOS 7 and above need to be paired with Xcode 5.0(or later) and must remain connected during the capture process.

Then, get the IPhone's UDIDvia itunes->summary or Xcode->organizer->devices ( identifier).

Next, use the "rvictl-s" command to create the RVI interface, using the IPhone's UDID as a parameter.

==================================================

$rvictl-S <UDID> 0d950f479c29a7926ebc44e92b59b68696e963de

==================================================

Select Rvi0 on the Wireshark home page to start grabbing your iPhone with the default Capture options .

(3) Remove the virtual interface using the rvictl-x command

Use the "rvictl-x" command to remove the RVI interface, using the IPhone 's UDID as a parameter.

==================================================

$rvictl-x <UDID> 0d950f479c29a7926ebc44e92b59b68696e963de

==================================================

2 , computer to do wifi hotspot , mobile phone connected to the computer using wireshark Grab Bag

This method does not need root, and is suitable for all kinds of mobile phones (IOS, Android, etc.) with WiFi function. As long as the computer's wireless card has the wireless load-carrying function, you can. Here's how:

1. make the computer network a hotspot

2. when the WiFi hotspot is turned on, the mobile phone is connected to the hotspot;

3. start wireshark, select the network card as the hotspot, click Start to grab the packet;

4. operation mobile phone, can crawl to the phone all the network interaction with the packet, if need to stop, directly click on the Wireshark stop .

Mac computer Capture Package Setup method