How do you monitor network traffic on the iPhone?
IphoneSecurityNetworkingWiresharkIphone Problem Overview
We are looking for a Wireshark-like tool to use on the iPhone to test a 3rd party application before partnering with the 3rd party. Any suggestions?
Iphone Solutions
Solution 1 - Iphone
A man-in-the-middle proxy, like suggested by other answers, is a good solution if you only want to see HTTP/HTTPS traffic.
The best solution for packet sniffing (though it only works for actual iOS devices, not the simulator) I've found is to use rvictl
. This blog post has a nice writeup. Basically you do:
rvictl -s <iphone-uid-from-xcode-organizer>
Then you sniff the interface it creates with with Wireshark (or your favorite tool), and when you're done shut down the interface with:
rvictl -x <iphone-uid-from-xcode-organizer>
This is nice because if you want to packet sniff the simulator, you're having to wade through traffic to your local Mac as well, but rvictl
creates a virtual interface that just shows you the traffic from the iOS device you've plugged into your USB port.
Note: this only works on a Mac.
Solution 2 - Iphone
You didnt specify the platform you use, so I assume it's a Mac ;-)
What I do is use a proxy. I use SquidMan, a standalone implementation of Squid
I start SquidMan on the Mac, then on the iPhone I enter the Proxy params in the General/Wifi Settings.
Then I can watch the HTTP trafic in the Console App, looking at the squid-access.log
If I need more infos, I switch to tcpdump, but I suppose WireShark should work too.
Solution 3 - Iphone
I use Charles Web Debugging Proxy it costs but they have a trial version.
It is very simple to set up if your iPhone/iPad share the same Wifi network as your Mac.
- Install Charles on your Mac
- Get the IP address for your Mac - use the Mac "Network utility"
- On your iPhone/iPad open the Wifi settings and under the "HTTP Proxy" change to manual and enter the IP from step (2) and then Port to 8888 (Charles default Port)
- Open Charles and under the Proxy Settings dialogmake sure the “Enable Mac OS X Proxy” and “Use HTTP Proxy” are ticked
- You should now see the traffic appearing within Charles
- If you want to look at HTTPS traffic you need to do the additional 2 steps download the Charles Certificate Bundle and then email the .crt file to your iPhone/iPad and install.
- In the Proxy Settings Dialog SSL tab, add the specific https top level domains you want to sniff with port 443.
If your Mac and iOS device are not on the same Wifi network you can set up your Mac as a Wifi router using the "Internet Sharing" option under Sharing in the System Preferences. You then connect your device to that "Wifi" network and follow the steps above.
Solution 4 - Iphone
Run it through a proxy and monitor the traffic using Wireshark.
Solution 5 - Iphone
For Mac OS X
- Install Charles Proxy
- In Charles go to Proxy > Proxy Settings. It should display the HTTP proxy port (it's 8888 by default).
For Windows
- Install Fiddler2
- Tools -> Fiddler Options -> Connections and check "Allow remote computers to connect"
General Setup
- Go to Settings > Wifi > The
i
symbol > At the bottom Proxy > Set to manual and then for the server put the computer you are working on IP address, for port put 8888 as that is the default for each of these applications
ARP Spoofing
General notes for the final section, if you want to sniff all the network traffic would be to use ARP spoofing to forward all the traffic from your iOS to a laptop/desktop. There are multiple tools to ARP spoof and research would need to be done on all the specifics. This allows you to see every ounce of traffic as your router will route all data meant for the iOS device to the laptop/desktop and then you will be forwarding this data to the iOS device (automatically).
Please note I only recommend this as a last resort.
Solution 6 - Iphone
Without knowing exactly what your requirements are, here's what I did to see packts go by from the iPhone: Connect a mac on ethernet, share its network over airport and connect the iPhone to that wireless network. Run Wireshark or Packet Peeper on the mac.
Solution 7 - Iphone
On a jailbroken iPhone/iPod capturing traffic is done nicely by both "tcpdump" and "pirni"- available in the cydia repository. Analysis of these data are done by tranfering the capture over to another machine and using something like wireshark. However, given the active development that seems to be going on with these tools it's possible that soon the iPhone will handle it all.
Solution 8 - Iphone
The best solution I have found that Works:
Connect your device thru USB
And type these commands:
-
rvictl -s UDID - (id of device 20 chars, you can locate 4t in iTunes or organiser in Xcode)
-
sudo launchctl list com.apple.rpmuxd
-
sudo tcpdump -n -t -i rvi0 -q tcp
OR just sudo tcpdump -i rvi0 -n
If rvictl is not working install Xcode
For more info: Remote Virtual Interface
http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html
Solution 9 - Iphone
Here is another way http://www.tuaw.com/2011/02/21/how-to-inspect-ioss-http-traffic-without-spending-a-dime/
I didn't see Roger Nolan's reply, the above link is same workflow with a different tool.
Solution 10 - Iphone
Depending on what you want to do runnning it via a Proxy is not ideal. A transparent proxy might work ok as long as the packets do not get tampered with.
I am about to reverse the GPS data that gets transferred from the iPhone to the iPad on iOS 4.3.x to get to the the vanilla data the best way to get a clean Network Dump is to use "tcpdump" and/or "pirni" as already suggested.
In this particular case where we want the Tethered data it needs to be as transparent as possible. Obviously you need your phone to be JailBroken for this to work.
Solution 11 - Iphone
Try Debookee on Mac OS X which will intercept transparently the traffic of your iPhone without need of a proxy, thanks to MITM, as stated before. You'll then see in real time the different protocols used by your device.
Disclaimer: I'm part of the development team of Debookee, which is a paid application. The trial version will show you all functionnalities for a limited time.
Solution 12 - Iphone
A general solution would be to use a linux box (could be in a virtual machine) configured as a transparent proxy to intercept the traffic, and then analyse it using wireshark or tcpdump or whatever you like. Perhaps MacOS can do this also, I haven't tried.
Or if you can run the app in the simulator, you can probably monitor the traffic on your own machine.
Solution 13 - Iphone
Com'on, no mention of Fiddler? Where's the love :)
Fiddler is a very popular HTTP debugger aimed at developers and not network admins (i.e. Wireshark).
Setting it up for iOS is fairly simple process. It can decrypt HTTPS traffic too!
Our mobile team is finally reliefed after QA department started using Fiddler to troubleshoot issues. Before fiddler, people fiddled around to know who to blame, mobile team or APIs team, but not anymore.