Introduction to the packet capture tool
- Charles is a good tool to capture packets, but unfortunately, Charles can only capture HTTP/HTTPS protocol data packets
- Wireshark is a powerful packet capture tool that can capture TCP, UDP, and Bluetooth data packets
Download Wireshark
Click to download, completely free
Start Wireshark
After the startup, you can see the following figure. Select an interface and double-click it to enter the packet capture interface. Ethernet: EN0 (Ethernet card) and Wi-Fi: EN1 (wireless card) are commonly used interfaces.
Create a virtual network card for your iPhone
The virtual network adapter is the interface to be captured. Connect the USB of the iPhone device to the Mac, and use Xcode to obtain the UDID of the device
- View all virtual nics
ifconfig -l
lo0 gif0 stf0 XHC20 en0 en1 en2 en3 p2p0 awdl0 bridge0 utun0 en27
Copy the code- Creating a Virtual NIC
$ rvictl -s xxxxxxxxxxx
Starting device xxxxxxxxxxx [SUCCEEDED] with interface rvi0
Copy the code- Deleting a Virtual NIC
rvictl -x xxxxxxxxxx
Copy the code- Check all virtual nics again
ifconfig -l
lo0 gif0 stf0 XHC20 en0 en1 en2 en3 p2p0 awdl0 bridge0 utun0 en27 rvi0
Copy the codeThe extra RVI0 is the virtual network card we created
Starting a virtual NIC
Double-click RVI0 to start the virtual nic
TCP/UDP caught
- This page describes the Wireshark
- Content filtering
Ip.src == IP address && tcp.port == port && frame contains "content"