iOS抓包

1. 在mac上为iPhone或iPad建立虚拟网络接口

终端中输入（后面的参数为iPhone或iPad的UDID）：

rvictl -s bffdc51b470f201972dd8f5975a321da11c9e8de

成功的话，终端显示：

Starting device bffdc51b470f201972dd8f5975a321da11c9e8de [SUCCEEDED]

2. 开始抓包

终端中输入（dump.pcap为生成的抓包文件名称，可任意命名；tcp为过滤条件，表示只抓tcp包，可也全部抓后在wireshark中再过滤）

sudo tcpdump -i rvi0 -n -s 0 -w dump.pcap tcp

成功的话，终端显示：

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

输入sudo密码后，终端显示：

tcpdump: WARNING: rvi0: That device doesn't support promiscuous mode

(BIOCPROMISC: Operation not supported on socket)

tcpdump: WARNING: rvi0: no IPv4 address assigned

tcpdump: listening on rvi0, link-type PKTAP (Packet Tap), capture size 65535 bytes

这时就开始抓包了。

此时dump.pcap文件已经生成，可以双击使用wireshark查看。

可以一边抓包，一边使用wireshark查看，只要刷新一下就可以了

3. 终端中按ctrl+C，停止抓包

成功的话，终端显示：

^C41 packets captured

80 packets received by filter

0 packets dropped by kernel