IOS network packet capture method

During iOS development, various network access problems often occur. In the past, packet capture tools were not used, and many network problems were solved. Now, we have finished. This article provides two methods for packet capture:

 

1.Network Sharing +Visual packet capture tool

• Basic Principles

The principle is relatively simple. iOS devices share the wireless network card that connects to Mac computers through proxy, use the packet capture tool to capture packets, and then perform analysis (we recommend Wireshark, you can also use the PAROS tool on MAC ).

Now we take the PAROS tool in MAC as an example to describe the packet capture process in detail:

• Procedure

1) First, the Mac computer's Ethernet is shared to the airport so that iOS devices can be connected through WiFi.

Go to system preference settings, find share, select Internet Share, select Ethernet in the following way on the right, and share connections to other computers select airport.

2) Open PAROS and set the local proxy PAROS for PAROS (http://www.parosproxy.org /)

In PAROS tools-> options, select local proxy and enter the IP address of the airport in address. Enter port 8080. Open the system preference settings, find the network, and select the airport on the left. The airport address is 169.254.69.225. Enter the address in the address column mentioned above.

3) use an iOS device to connect to the Mac shared network: On an iOS device, choose Settings> General> network> WiFi, find the shared network, and join. Then, in the HTTP Proxy section of the fine content of the network, select manual and enter the proxy IP address and port set in PAROS.

4) Now we can use PAROS to monitor the network of the IOS device. We can open safiri and view all the requests on the network in PAROS.

 

2.TcpdumpCommand +Visual packet capture tool

• Basic Principles

The tcpdump command is a network packet capture command line. It can specify a specific device and a specific 5-tuple to capture packets on the link. It can be printed on the terminal or written to a file. The file format is binary. Therefore, the tool I used when opening the file is ultraedit.

Of course, it can also be saved to the pcap format that Wireshark can recognize and then viewed using Wireshark.

• Procedure

1) Use SSH to log on to the iPhone, and use the top command to obtain:

The procedure is as follows:

A) Get the IP address of the device (WiFi address ):

B) Open the terminal on the PC and enter the SSH root @ IP Address:

 

Enter Password: Alpine (default password for root users)

 

2) run the "tcpdump-X-S0-W/data. pcap" command to save the TCP data packet to the root directory of the IOS device.

 

3) use tools such as 91 assistant to retrieve the pcap file. In Windows, double-click and use Wireshark to open and view the file.

 

Of course, you can also not output it to a file, tcpdumpCommand Format and parameter description:

Tcpdump [-adeflnnopqstvx] [-C quantity] [-F file name]

[-I network interface] [-r file name] [-s snaplen]

[-T type] [-W file name] [expression]

Introduction to selection:

-A converts a network address and broadcast address into a name;

-D. Give the code that matches the information package in an Assembly format that people can understand;

-Dd provides the code that matches the information package in the format of the C program segment;

-DDD provides the matching information package code in decimal format;

-E: display the number of captured packets.

-F print the Internet address in numbers;

-L changes the standard output to the buffer row format;

-N does not convert the network address into a name;

-T no timestamp is printed on each output line;

-V outputs a slightly detailed information. For example, the IP package can contain TTL and service type information;

-VV: Output detailed message information;

-C. After receiving the specified number of packages, tcpdump stops;

-F Read the expression from the specified file and ignore other expressions;

-I indicates the network interface of the listener;

-R reads packets from a specified file (these packets are generally generated using the-W option );

-W directly writes the package into the file and does not analyze or print it out;

-T directly interpret the listening packet as a specified type of message. Common types include RPC (Remote process call) and SNMP (Simple Network Management Protocol ;)

 

When using this command, I mainly use the following options:-I [interface name]-W [file name]-v-VV-C-X-e

For example:

When I capture 100 data packets from eth0 and write the data to the capture. Cap file, the command format is:

Tcpdump-I eth0-W capture. Cap-v-VV-C 100-X-e

Capture data packets between one IP segment:

Tcpdump-S 0-W socket host 10.1.3.9 and host 10.1.3.84

If you get data from eth0 and the communication protocol port is 22, the target IP address is 192.168.1.100:

Tcpdump-I eth0 port 22 and SRC host 192.168.1.100

In addition, there are other keywords: Host, (host), net (GATEWAY), port, Src (Source IP), DST (Destination IP), regular expression: And, or.

 

 

By sschu