Skip to content

MASTG-TECH-0062: Basic Network Monitoring/Sniffing

You can remotely sniff all traffic in real-time on iOS by creating a Remote Virtual Interface for your iOS device. First, ensure Wireshark is installed on your macOS host computer.

  1. Connect your iOS device to your macOS host computer via USB.
  2. You would need to know the UDID of your iOS device before you can start sniffing. Check the section "Obtaining the UDID of an iOS device" on how to retrieve it. Open the Terminal on macOS and run the following command, replacing the UDID with your iOS device's UDID.
$ rvictl -s <UDID>
Starting device <UDID> [SUCCEEDED] with interface rvi0
  1. Launch Wireshark and select "rvi0" as the capture interface.
  2. Filter the traffic with Capture Filters in Wireshark to display what you want to monitor (for example, all HTTP traffic sent/received via the IP address 192.168.1.1).
ip.addr == 192.168.1.1 && http

The documentation of Wireshark offers many examples for Capture Filters that should help you to filter the traffic to get the information you want.

Tests

MASTG-TEST-0236: Cleartext Traffic Observed on the Network MASTG-TEST-0218: Insecure TLS Protocols in Network Traffic MASTG-TEST-0054: Determining Whether Sensitive Data Is Shared with Third Parties MASTG-TEST-0065: Testing Data Encryption on the Network