Does anyone know if there is a packet capturing application for the iPhone? asked 08 Jan '13, 04:25  ToNyW87 converted to question 11 Jan '13, 14:15  Guy Harris ♦♦ |
4 Answers:
1.Connect your iOS device to your Mac via USB. 2.Get the UDID for the connected device from iTunes or organiser. 3.Open terminal in your Mac 4.type the following commands in the terminal $ ifconfig -l // First get the current list of interfaces. $ rvictl -s <udid> // Then run the tool with the UDID of the device. $ ifconfig -l virtual network interface, rvi0, added by the previous command. $ sudo tcpdump -i rvi0 -w ./output.pcap // Get the traced packets and save it to a file Note : output.pacp is the packet traced file and will be located in the systems root directory When you're done you can stop the process with the following command. $ rvictl -x <udid> open the .pacp using wireshark and do your default procedures. Thats it !!!!!!!! answered 06 Oct '14, 22:09  vishnu ...or directly capture on rvi0 with Wireshark if you have 1.12 or later. (06 Oct '14, 23:55) Guy Harris ♦♦ How can I get the SSL key so I can sniff HTTPS? (13 Jul '16, 08:03) Josh |
As noted, you would either need to run the program as root, or arrange that, each time the iPhone boots, a script of some sort is run to change the permissions of the However, you can get machines running iOS 5 or later to send copies of their network traffic over the USB link to a Mac (running OS X), with the Mac making that traffic appear on a fake network interface, and then run a capture program on the Mac, capturing from that fake network interface. This is done with the remote virtual interface facility. (Apple doesn't say what version of OS X is required on the Mac.) answered 11 Jan '13, 14:21 Guy Harris ♦♦ |
I think the comments and answers are pretty clear. There is no way to capture 3G traffic (the requirement in your first comment) with Wireshark, as you can't run Wireshark on the iPhone (not available). You can't capture 3G traffic with Wireshark on another machine. That is not possible, unless you own some special hardware and add support for that into Wireshark. Even then it would be (most certainly) impossible to read the data due to the encryption used for 3G traffic. However: you can capture 3G traffic on the phone itself, but only with a jailbreak. Then you can run a capture tool on the phone (tcpdump, pirni: see comments in your question) to intercept 3G traffic. Sorry, no other way for 3G traffic! If you now want to capture wifi/wlan traffic (the statement in your last comment makes me believe that), you can do that with Wireshark by using a capturing PC with a wifi/wlan adapter and some other requirements. Please read the WLAN Capturing Wiki: http://wiki.wireshark.org/CaptureSetup/WLAN Regards answered 16 Jan '13, 13:08  Kurt Knochner ♦ edited 16 Jan '13, 13:12 Hi, I meant to say in my last comment that I am only referring to WLAN traffic. I don't think that is very simple to achieve using Wireshark on a Windows PC. Most sources say that it can't be done unless a special adapter is purchased. (17 Jan '13, 05:16) ToNyW87 1
That's true, as WinPcap cannot enable monitor mode for WLAN adapters. Your options are:
(17 Jan '13, 09:19) Kurt Knochner ♦ Thanks for that, I really appreciate your help. Sorry I have another question though. If I jailbreak my iPhone and use Pirni for the 3G traffic, will I be able to understand the captured traffic or will it be encrypted using a specialist key as mentioned above. Thanks again. (19 Jan '13, 06:50) ToNyW87 |
Maybe you can use your router to capture it. answered 12 Oct '14, 02:25  lal12 |
see my comment in the following question:
If you jailbreak the phone, you can install tcpdump and/or pirni.
I don't really want to jailbreak my phone and I don't have Mac so what would you recommend doing? I read that Fiddler is pretty good at capturing over WiFi. I was hoping for an application to be honest because that would also allow me to capture network traffic send/received on the 3G network.
As your phone is a radio transmitter/reciver the only way to access signals outside of the phone or the base station is to use a device that can recieve the radio signals and decode them, as the signals are encrypted and using 3GPP(LTE/3G/GSM) protocols this is not realy feasable and equipment that can do it given the encryption keys are realy expensive.
well, then you're out of luck.
well, wifi is a different game. As you said, you can use a debugging tool like Fiddler, or capture the wifi traffic with Wireshark directly. So no need for a capturing tool on the phone.
Without jailbreak, there is nothing (I know of), as Apple has no interest at all in that kind of apps.
Has anyone ever tried to capture the iPhone traffic using wireshark, I have had a play about with it but can't get it to work. I managed it with fiddler when I used my computer as a proxy. Not entirely sure how accurate that is for capturing web traffic. Incase anyone is wondering, I am doing a project on comparing authentication methods used on iphones and computers, that is why I am asking so many questions.