Wireshark. How to route traffic from iPhone

Question

I'm trying to capture packets from my iPhone app. It does not use HTTP to communicate, but a custom protocol to connect with my server. I can not use Paros to monitor the packets sent.

Is it possible to proxy the date through wireshark just like you can with Paros for http?

Answer 1

You can't proxy the data through Wireshark, per se; the problem is to have Wireshark running somewhere where it can see the traffic passing by. (If you had command line only, you could run tcpdump and capture packets, and then load the dump file into Wireshark somewhere else that had a UI.)

Are you on a Mac? If so, plug your mac into ethernet so that it has an internet connection (or connection to your server, anyway). Then share your Mac's internet connection over its wifi. Connect to this wifi point using your iPhone. Run Wireshark on the Mac (promiscuous mode enabled), then use your iPhone app and watch Wireshark. No need to mess around with servers or forwarding X11 connections! You could do something very similar with a Windows PC too.

Answer 2

The best solution that works:

Connect your device thru USB and type these commands:

1. rvictl -s UDID (UDID = id of device, 32 chars, you can locate it in iTunes or 'Devices & Simulators' in Xcode)

2. sudo launchctl list com.apple.rpmuxd

3. sudo tcpdump -n -t -i rvi0 -q tcp
   OR just sudo tcpdump -i rvi0 -n

If rvictl is not working install Xcode (or see -bash : rvictl: command not found, Mac book pro OS X 10.7.5 & Xcode 4.6)

For more info: Remote Virtual Interface

http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html

Answer 3

Run wireshark on the server - you'll see the traffic there.