This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark developers planning on building an iPad app?

0

Will the Wireshark developers release an iPad application?

asked 10 Aug '11, 09:29

kmcintosh78's gravatar image

kmcintosh78
1111
accept rate: 0%

edited 10 Aug '11, 15:58

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

I highly doubt it. That requires too much development effort IMHO. Plus, I don't think Apple would ever approve it.

(10 Aug '11, 10:44) bstn

So Pirni + a hypothetical iOS-ported Wireshark ver or equiv would still be pointless? Pirni packcaps via a basic MITM, i just would like to analyze the dump file while still on the iOS device.

(17 Jan '13, 06:30) metacym

One Answer:

0

Someday, perhaps, as long as you wouldn't mind not being able to capture any traffic with it - just downloading pcap files from elsewhere and looking at them - or wouldn't mind having to have a jailbroken iPad on which to run Wireshark if you want to capture traffic on the iPad.

By default, capturing network traffic in Darwin, the OS core of both Mac OS X and iOS, requires root privileges; I think one could safely say that the chances that Apple would approve an application requiring root privileges are so close to zero as to be indistinguishable from zero. Even if Apple were to change that, so that code running as the user (at least at one point, applications apparently ran as the user "mobile" in iOS) were allowed to open BPF devices, they would probably do so by sandboxing the ability to open BPF devices by default, and only approve selected applications to open BPF devices, which would require that the sandboxing mechanism allow that.

In addition, the user interface would probably have to be rethought for the smaller screen, and lack of overlapping windows, for the iPad.

A program to read captures, without being able to capture traffic, could probably be written for a non-jailbroken iPhone or iPad. It would not support C plugins, given that dlopen() and dlsym() are not allowed into the sandbox (so no loading additional code into the process); I don't know whether it would allow add-on Lua code. Given the user interface issues, a lot of work would be required to write an iPhone or iPad program to do that, and ,given the lack of arbitrary amounts of virtual memory (as this Apple document says, "In iPhone applications, read-only data that is already on the disk (such as code pages) is simply removed from memory and reloaded from disk as needed. Writable data is never removed from memory by the operating system. Instead, if the amount of free memory drops below a certain threshold, the system asks the running applications to free up memory voluntarily to make room for new data. Applications that fail to free up enough memory are terminated"), we'd have to do more work on reducing the address-space footprint of the program and to handle out-of-memory conditions (which would be a good thing to do, so it's more work).

So even an iOS version of Wireshark incapable of capturing packets is unlikely to exist soon.

answered 10 Aug '11, 15:56

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 17 Jan '13, 11:24