How can I sniff packets from my iPhone on my network? can someone give me some instructions? I tried Googling, but nothing teaches how to sniff iPhone packets?
I am on windows.
This question is related to
iphone
packet
packet-capture
sniffing
packet-sniffers
I had to do something very similar to find out why my iPhone was bleeding cellular network data, eating 80% of my 500Mb allowance in a couple of days.
Unfortunately I had to packet sniff whilst on 3G/4G and couldn't rely on being on wireless. So if you need an "industrial" solution then this is how you sniff all traffic (not just http) on any network.
Basic recipe:
Detailed'ish instructions:
Note that the above implementation is not security focussed it's simply about getting a detailed packet capture of all of your iPhone's traffic on 3G/4G/Wireless networks
The easiest way of doing this will be to use wifi of course. You will need to determine if your wifi base acts as a hub or a switch. If it acts as a hub then just connect your windows pc to it and wireshark should be able to see all the traffic from the iPhone. If it is a switch then your easiest bet will be to buy a cheap hub and connect the wan side of your wifi base to the hub and then connect your windows pc running wireshark to the hub as well. At that point wireshark will be able to see all the traffic as it passes over the hub.
You can proceed as follow:
I like to use Pirni (availble for free in Cydia on a jailbroken device), or there's also Pirni Pro now for a few bucks (http://en.wikipedia.org/wiki/Pirni). I've been using the pirni-derv script available for free on Google Code (http://code.google.com/p/pirni-derv/) mixed with Pirni and it's been working very well. I recommend it.
The following worked for iPhone 4S (iOS 5) and Macbook Pro (10.8.2)
On your Mac, go to System Preferences > Sharing > Internet Sharing
On your iPhone, go to Settings > Wifi and choose your Mac as the Wifi Access Point. Press the blue detail disclosure next to it to and note down the IP Address (192.168.2.2 in my case). At this point, the wifi icon on Mac's your taskbar should change to the following:
Open wireshark. Click on start capture, and use the new bridge interface that should now be available among the options.
???
Profit!
As with all stuff networking related, you might have to restart wifi etc and repeat steps and invoke your favorite deity to get this incantation working :)
Connect your iOS device by USB
$ rvictl -s UDID
where UDID
is the UDID of your device (located in XCode under Devices, shortcut to with ??2)
$ sudo launchctl list com.apple.rpmuxd
$ sudo tcpdump -n -t -i rvi0 -q tcp
or $ sudo tcpdump -i rvi0 -n
If victl is not working install Xcode and the developer tools.
For more info see Remote Virtual Interface and for the original tutorial here's the Use Your Loaf blog post
I have successfully captured HTTP traffic using Fiddler2 as a proxy, which can be installed on any Windows PC on your network.
The tcpdump
tool is available under gnu.
You can use it instead of wireshark
.
I recommend Charles Web Proxy
Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
It's cross-platform, written in JAVA, and pretty good. Not nearly as overwhelming as Wireshark, and does a lot of the annoying stuff like setting up the proxies, etc. for you. The only bad part is that it costs money, $50 at that. Not cheap, but a useful tool.
Source: Stackoverflow.com