3.命令行输入rvictl -s [你的手机UUID标示],打开Mac监听
4.命令行输入sudo tcpdump -i rv0 -n -s 0 -w dumpFile.pcap tcp,开始向文件写入监控数据

关闭Mac监听,命令是 rvictl -v [你的手机UUID标示]



iOS Packet Tracing

iOS does not support packet tracing directly. However, if you’re developing for iOS you can take a packet trace of your app in a number of different ways:

If the problem you’re trying to debug occurs on Wi-Fi, you can put your iOS device on a test Wi-Fi network. See Wi-Fi Capture for details.
If your app uses HTTP, you can configure your iOS device to use a debugging HTTP proxy (such as Charles HTTP Proxy).
In iOS 5 and later you can use the remote virtual interface facility.
Remote Virtual Interface
iOS 5 added a remote virtual interface (RVI) facility that lets you use OS X packet trace programs to capture traces from an iOS device. The basic strategy is:

Connect your iOS device to your Mac via USB.
Set up an RVI for that device. This creates a virtual network interface on your Mac that represents the iOS device’s networking stack.
Run your OS X packet trace program, and point it at the RVI created in the previous step.
To set up an RVI, you should run the rvictl tool as shown below.

# First get the current list of interfaces. ifconfig -l
lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0
# Then run the tool with the UDID of the device. rvictl -s 74bd53c647548234ddcef0ee3abee616005051ed

Starting device 74bd53c647548234ddcef0ee3abee616005051ed [SUCCEEDED]

# Get the list of interfaces again, and you can see the new virtual # network interface, rvi0, added by the previous command.
$ ifconfig -l
lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0 rvi0
Now that you know the name of the RVI, you can point your packet trace tool at it. For example, here’s how you might run tcpdump to take a packet trace from the RVI and write it to the file trace.pcap.

$ sudo tcpdump -i rvi0 -w trace.pcap
tcpdump: WARNING: rvi0: That device doesn’t support promiscuous mode
(BIOCPROMISC: Operation not supported on socket)
tcpdump: WARNING: rvi0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rvi0, link-type RAW (Raw IP), capture size 65535 bytes
When you’re done you can remove the RVI with the following command.

$ rvictl -x 74bd53c647548234ddcef0ee3abee616005051ed

Stopping device 74bd53c647548234ddcef0ee3abee616005051ed [SUCCEEDED]
Important: The RVI represents the entire networking stack of the iOS device; there’s no way to trace a specific interface on the device, or even learn which packets were transferred on which interface.