This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Packet capturing application for the iPhone?

0

Does anyone know if there is a packet capturing application for the iPhone?

asked 08 Jan '13, 04:25

ToNyW87's gravatar image

ToNyW87
1222
accept rate: 0%

converted to question 11 Jan '13, 14:15

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

see my comment in the following question:

http://ask.wireshark.org/questions/10010/can-wireshark-be-installed-on-an-ipad-or-iphone

If you jailbreak the phone, you can install tcpdump and/or pirni.

(08 Jan '13, 04:29) Kurt Knochner ♦

I don't really want to jailbreak my phone and I don't have Mac so what would you recommend doing? I read that Fiddler is pretty good at capturing over WiFi. I was hoping for an application to be honest because that would also allow me to capture network traffic send/received on the 3G network.

(11 Jan '13, 05:56) ToNyW87

As your phone is a radio transmitter/reciver the only way to access signals outside of the phone or the base station is to use a device that can recieve the radio signals and decode them, as the signals are encrypted and using 3GPP(LTE/3G/GSM) protocols this is not realy feasable and equipment that can do it given the encryption keys are realy expensive.

(11 Jan '13, 07:55) Anders ♦

I don't really want to jailbreak my phone and I don't have Mac

well, then you're out of luck.

I read that Fiddler is pretty good at capturing over WiFi.

well, wifi is a different game. As you said, you can use a debugging tool like Fiddler, or capture the wifi traffic with Wireshark directly. So no need for a capturing tool on the phone.

I was hoping for an application to be honest because that would also allow me to capture network traffic send/received on the 3G network.

Without jailbreak, there is nothing (I know of), as Apple has no interest at all in that kind of apps.

(11 Jan '13, 11:52) Kurt Knochner ♦

Has anyone ever tried to capture the iPhone traffic using wireshark, I have had a play about with it but can't get it to work. I managed it with fiddler when I used my computer as a proxy. Not entirely sure how accurate that is for capturing web traffic. Incase anyone is wondering, I am doing a project on comparing authentication methods used on iphones and computers, that is why I am asking so many questions.

(16 Jan '13, 07:55) ToNyW87

4 Answers:

2

1.Connect your iOS device to your Mac via USB.

2.Get the UDID for the connected device from iTunes or organiser.

3.Open terminal in your Mac

4.type the following commands in the terminal

$ ifconfig -l // First get the current list of interfaces.

$ rvictl -s <udid> // Then run the tool with the UDID of the device.

                   // This adds a new virtual network interface rvi0.

$ ifconfig -l

                   // Get the list of interfaces again, and you can see the new

virtual network interface, rvi0, added by the previous command.

$ sudo tcpdump -i rvi0 -w ./output.pcap // Get the traced packets and save it to a file

Note : output.pacp is the packet traced file and will be located in the systems root directory

When you're done you can stop the process with the following command.

$ rvictl -x <udid>

open the .pacp using wireshark and do your default procedures. Thats it !!!!!!!!

answered 06 Oct '14, 22:09

vishnu's gravatar image

vishnu
4113
accept rate: 0%

...or directly capture on rvi0 with Wireshark if you have 1.12 or later.

(06 Oct '14, 23:55) Guy Harris ♦♦

How can I get the SSL key so I can sniff HTTPS?

(13 Jul '16, 08:03) Josh

0

As noted, you would either need to run the program as root, or arrange that, each time the iPhone boots, a script of some sort is run to change the permissions of the /dev/bpf devices to allow unprivileged user IDs to open them (and even that* might not be possible in the sandboxes in which iOS apps run, by default), so it's impossible without jailbreaking.

However, you can get machines running iOS 5 or later to send copies of their network traffic over the USB link to a Mac (running OS X), with the Mac making that traffic appear on a fake network interface, and then run a capture program on the Mac, capturing from that fake network interface. This is done with the remote virtual interface facility. (Apple doesn't say what version of OS X is required on the Mac.)

answered 11 Jan '13, 14:21

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

0

Has anyone ever tried to capture the iPhone traffic using wireshark,

I think the comments and answers are pretty clear. There is no way to capture 3G traffic (the requirement in your first comment) with Wireshark, as you can't run Wireshark on the iPhone (not available). You can't capture 3G traffic with Wireshark on another machine. That is not possible, unless you own some special hardware and add support for that into Wireshark. Even then it would be (most certainly) impossible to read the data due to the encryption used for 3G traffic.

However: you can capture 3G traffic on the phone itself, but only with a jailbreak. Then you can run a capture tool on the phone (tcpdump, pirni: see comments in your question) to intercept 3G traffic. Sorry, no other way for 3G traffic!

If you now want to capture wifi/wlan traffic (the statement in your last comment makes me believe that), you can do that with Wireshark by using a capturing PC with a wifi/wlan adapter and some other requirements.

Please read the WLAN Capturing Wiki: http://wiki.wireshark.org/CaptureSetup/WLAN

Regards
Kurt

answered 16 Jan '13, 13:08

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 16 Jan '13, 13:12

Hi, I meant to say in my last comment that I am only referring to WLAN traffic. I don't think that is very simple to achieve using Wireshark on a Windows PC. Most sources say that it can't be done unless a special adapter is purchased.

(17 Jan '13, 05:16) ToNyW87
1

I don't think that is very simple to achieve using Wireshark on a Windows PC.

That's true, as WinPcap cannot enable monitor mode for WLAN adapters.

Your options are:

  • buy a special adapter (AirPcap)
  • Capture with Microsoft Network Monitor
  • Run Linux on your PC and capture the traffic there
(17 Jan '13, 09:19) Kurt Knochner ♦

Thanks for that, I really appreciate your help. Sorry I have another question though. If I jailbreak my iPhone and use Pirni for the 3G traffic, will I be able to understand the captured traffic or will it be encrypted using a specialist key as mentioned above. Thanks again.

(19 Jan '13, 06:50) ToNyW87

0

Maybe you can use your router to capture it.
Not all routers support this, but e.g. AVMs FritzBoxes support this.
On the FritzBox web interface you can activate the capture
which creates a download of the capture file which you can open with Wireshark.
As long you don't close the website, the capture will go on.
But you will capture all network traffic, maybe from other devices in your network.
So better inform the other users or build up an independet network only with your router, PC and iPhone.

answered 12 Oct '14, 02:25

lal12's gravatar image

lal12
367712
accept rate: 33%