rvi抓包在mac 10.9下失效的问题
来源:互联网 发布:取件自证齐天大圣淘宝 编辑:程序博客网 时间:2024/05/21 14:58
Mavericks - can not capture from iPhone using RVI
After updating my macbook to Mavericks, Wireshark can still capture data from my iPhone using RVI(remote virtual interface). But it cannot analyze and show packets right. it only tells about packets that they are "User encapsulation not handled: DLT=149, check your Preferences->Protocols->DLT_USER".
This problem only occurs when capturing lively.If I capture and save using tcpdump, Wireshark analyzes them right.I tried to test using stable version and night builds. but the results were same.
Can anyone tell me how to solve this?Thanks in advance.
asked 29 Oct '13, 11:13
gish
26●1●2●4
accept rate:0%
edited12 Nov '13, 23:56
Guy Harris ♦♦
10.2k●2●24●131
Can anyone tell me how to solve this?
Solve this by complaining to Apple, ideally by filing a bug at http://bugreport.apple.com/, asking them not to use DLT_USER2 for their own purposes, and asking them instead to request an official DLT_ value from tcpdump-workers@lists.tcpdump.org, citing the page athttp://www.tcpdump.org/linktypes.html. The more dups, the better.
answered 29 Oct '13, 11:51
Guy Harris ♦♦
10.2k●2●24●131
accept rate:16%
A better method is to use header size = 108 and payload protocol = eth.
answered 17 Nov '13, 23:14
bennettp123
41●3
accept rate:0%
A way to get data directly:
Go into Preferences/Protocols/DLT_USER and add an entry for user2, which is DLT=149. Set the header length to 112, and the protocol value to IP. This is less robust than #1, because there's plenty of info in that 112 byte header that's being ignored, but it should work for IP traffic.
answered 30 Oct '13, 22:06
kjbrock
26●3
accept rate:0%
edited30 Oct '13, 22:10
Thank you, kjbrock.Now I can enjoy live capture :)
This does not help me capture and analyse my SIP message. Is there a better way to get it working as it was prior to mavericks?
Have you tried the "capture with tcpdump and open in WS" solution? That seems to show me all the packets, not just the IP packets.
To get general capture working in WS you'd probably need to write something that parses the header and determines the protocol type from that. So for the truly masochistic, get Apple's tcpdump sources, look at how they're parsing it and integrate that into WS.
I think that Guy Harris is absolutely correct that Apple shouldn't be doing this with User2, so longer term we've got to hope that they'll fix this on their end.
Sorry for replying late.
The capture with tcpdump approach works fine. I can capture and write to a file. Then I am able to analyse the packets in Wireshark.
But this adds an additional step to my workflow. I would definitely want to file a bug with Apple if it is so. Can you please explain to me what exactly it is that appears to be broken on their part. I am not entirely familiar with the whole User2 thing.
I had to use header length 122 to get this to work for me. And for clarification, you need to have payload protocol set to "ip" (as opposed to header protocol or other).
- rvi抓包在mac 10.9下失效的问题
- mac os 10.9下rvi抓包失效
- mac下对ios设备抓包(5.0以上系统),通过rvi方式
- Mac通过RVI使用Wireshark对iPhone抓包
- Mac平台下的抓包神器
- 在mac下通过tcpdump抓iPhone包
- 用RVI方法,对iOS进行抓包
- 用RVI方法,对iOS进行抓包
- mac下最好的抓包分析工具wireshark
- MAC下 WinShark 的Android抓包方法
- 一个诡异的问题:Mac上Charles只能抓浏览器,抓app包失败的问题
- mac下HTTP与HTTPS抓包
- Mac系统下使用tcpdump抓包
- 在Mac上使用Charles抓包
- Mac下利用RVI抓取iPhone网络数据包分析
- 在网卡的直接模式下进行抓包
- 嵌入式 tcpdump在Linux下的抓包用法
- 使用Charles,在mac环境下对android app抓包
- 成员函数、友元函数和一般函数之区别
- Oracle 数据库监听配置
- Objective-C的动态特性
- Hibernate Annotation关系映射, 级联cascade属性
- [易飞]自定义开窗小知识
- rvi抓包在mac 10.9下失效的问题
- x86服务器MCE(Machine Check Exception)问题
- win7下创建和删除服务的简单实用方法
- javascript 日期相减 返回天数 和 小时
- 一个简单的猜数游戏
- struts2学习笔记5-- 获取Session、request、response和Application对象
- 小强的HTML5移动开发之路(31)—— JavaScript回顾6
- 技术社区
- Google Map Api 谷歌地图接口整理
This solution works much better for me