????????????????Wireshark???????pcap???????????Wireshark???в???

????????????

????1) ????ssh???iphone????????top????????

???????崠?????£?

????a) ????豸IP???(wifi???)??

????b) ??PC???????????ssh root@IP?????

????????????alpine (root????????????)

????2) ???“tcpdump -X -s0 -w /data.pcap”????tcp????????浽iOS?豸????????

????3) ???91???????????pcap???????Windows???????????Wireshark??????

???????????????????????tcpdump??????????????????

????tcpdump [ -adeflnNOpqStvx ] [ -c ???? ] [ -F ????? ]

????[ -i ?????? ] [ -r ?????] [ -s snaplen ]

????[ -T ???? ] [ -w ????? ] [???? ]

???????????

????-a ???? ??????????????????????;

????-d ???? ????????????????????????????????????;

????-dd ?????????????????????c???????ε???????;

????-ddd ?? ??????????????????????????????;

????-e ???? ?????????????????

????-f ????????????Internet????????????????????;

????-l ?????????????????????????;

????-n ???? ???????????????????;

????-t ???? ??????????в????????;

????-v ???? ?????????????????????????ip???п??????ttl?????????????;

????-vv ?? ??????????????;

????-c ???? ??????????????????tcpdump????;

????-F ???? ???????????ж?????????????????????;

????-i ???? ???????????????;

????-r ???? ???????????ж????(??Щ????????-w??????);

????-w ??????????д??????У?????????????????;

????-T ???? ????????????????????????????????????????????rpc (?????????)??snmp(?????????Э??;)

???????????????????????????????????: -i [?????] -w [?????] -v -vv -c -X -e

???????磺

?????????eth0????100????????????????????д??capture.cap????У??????????

????tcpdump -i eth0 -w capture.cap -v -vv -c 100 -X -e

????????????ip?????????????

????tcpdump –s 0 –w socket host 10.1.3.9 and host 10.1.3.84

?????????eth0?????Э?????22?????IP?192.168.1.100????????

????tcpdump -i eth0 port 22 and src host 192.168.1.100

?????????????????Щ??????host??(????) ?? net( ????)?? port(???) ?? src(?IP) ?? dst(???IP)?? ?????????and ?? or??

????δ???ios?豸?????????

????2014-04-24 22:33 181????? ????(0) ??? ???

????Remote Virtual Interface

??????iOS 5?????????RVI(Remote Virtual Interface)?????????????OS X????ios device?????????

?????????????????豸???USB????mac???????????豸???RVI????????????Mac????????????????ios?豸????????????????mac???????????????λ????????????????????????

????(1)???RVI????????rvictl????????2?????mac??????в?????

????$ # First get the current list of interfaces.

????$ ifconfig -l

????lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0

????$ # Then run the tool with the UDID of the device.

????$ rvictl -s 74bd53c647548234ddcef0ee3abee616005051ed

????Starting device 74bd53c647548234ddcef0ee3abee616005051ed [SUCCEEDED]

????$ # Get the list of interfaces again?? and you can see the new virtual

????$ # network interface?? rvi0?? added by the previous command.

????$ ifconfig -l

????lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0 rvi0

????(2)?????????????????????κ??????????????????wireshark????????????????rvi0?????????????????????????tcpdump????

???????????????????????

????sudo tcpdump -i rvi0 -n -s 0 -w dump.pcap tcp

??????????????????????????壺

????-i rvi0 ?????????????rvi0(?????????)

????-s 0 ??????????

????-w dump.pcap ???????????????