Wireshark iPhone traffic capture
This page explains the process to setup packet capturing of an iPhone so that it can be views by Wireshark
Install prerequisite software
- Install Wireshark on a mac
- Make sure Xcode is installed, so we have access to the command
rvictl
rvictl
allows us to create an interface that the iPhones network traffic flows through so that we can monitor it with Wireshark
rvictl - Remote Virtual Interface Tool starts and stops a remote packet capture instance for any set of attached mobile devices. It can also provide feedback on any attached devices that are currently relaying packets back to this host.
Set up the capture interface
- Connect the iPhone with the Eco Plugs app to a mac via usb
- Figure out the UDID of the connected iPhone
- One way to do this is by going to
About this Mac
- In the
Overview
tab selectSystem Report...
Hardware
->USB
->iPhone
- The format is #########-############### so put a - after the 9th digit of the serial number to get the UDID of the iPhone
- Ex: Serial Number:123456789123456789abcdef
- UDID: 123456789-123456789abcdef
- The format is #########-############### so put a - after the 9th digit of the serial number to get the UDID of the iPhone
- One way to do this is by going to
- Check current interfaces
$ ifconfig -l lo0 gif0 stf0 anpi0 anpi1 en3 en4 en1 en2 ap1 en0 awdl0 llw0 bridge0 utun0 utun1 utun2 en6
- Create interface to be monitored
- Be sure to allow access to your computer from your iPhone by accepting the prompt on the iPhone if you have not allowed this computer in the past
$ rvictl -s 123456789-123456789abcdef Starting device 123456789-123456789abcdef [SUCCEEDED] with interface rvi0
- List devices again
$ ifconfig -l lo0 gif0 stf0 anpi0 anpi1 en3 en4 en1 en2 ap1 en0 awdl0 llw0 bridge0 utun0 utun1 utun2 en6 rvi0
rvi0
is now added to the list. Success!
View the traffic in Wireshark
- Just open up Wireshark and select interface
rvi0