Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Wireshark. How to route traffic from iPhone

I'm trying to capture packets from my iPhone app. It does not use HTTP to communicate, but a custom protocol to connect with my server. I can not use Paros to monitor the packets sent.

Is it possible to proxy the date through wireshark just like you can with Paros for http?

like image 660
GV1 Avatar asked Dec 14 '11 21:12

GV1


3 Answers

You can't proxy the data through Wireshark, per se; the problem is to have Wireshark running somewhere where it can see the traffic passing by. (If you had command line only, you could run tcpdump and capture packets, and then load the dump file into Wireshark somewhere else that had a UI.)

Are you on a Mac? If so, plug your mac into ethernet so that it has an internet connection (or connection to your server, anyway). Then share your Mac's internet connection over its wifi. Connect to this wifi point using your iPhone. Run Wireshark on the Mac (promiscuous mode enabled), then use your iPhone app and watch Wireshark. No need to mess around with servers or forwarding X11 connections! You could do something very similar with a Windows PC too.

like image 111
occulus Avatar answered Sep 29 '22 07:09

occulus


The best solution that works:

Connect your device thru USB and type these commands:

  1. rvictl -s UDID (UDID = id of device, 32 chars, you can locate it in iTunes or 'Devices & Simulators' in Xcode)

  2. sudo launchctl list com.apple.rpmuxd

  3. sudo tcpdump -n -t -i rvi0 -q tcp
    OR just sudo tcpdump -i rvi0 -n

If rvictl is not working install Xcode (or see -bash : rvictl: command not found, Mac book pro OS X 10.7.5 & Xcode 4.6)

For more info: Remote Virtual Interface

http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html

like image 26
Oleh Kudinov Avatar answered Sep 29 '22 07:09

Oleh Kudinov


Run wireshark on the server - you'll see the traffic there.

like image 28
Jake Feasel Avatar answered Sep 29 '22 07:09

Jake Feasel