MASTG-TECH-0062: Basic Network Monitoring/Sniffing
You can remotely sniff all traffic in real-time on iOS by creating a Remote Virtual Interface for your iOS device. First make sure you have Wireshark installed on your macOS host computer.
- Connect your iOS device to your macOS host computer via USB.
- You would need to know the UDID of your iOS device, before you can start sniffing. Check the section "Obtaining the UDID of an iOS device" on how to retrieve it. Open the Terminal on macOS and enter the following command, filling in the UDID of your iOS device.
$ rvictl -s <UDID>
Starting device <UDID> [SUCCEEDED] with interface rvi0
- Launch Wireshark and select "rvi0" as the capture interface.
- Filter the traffic with Capture Filters in Wireshark to display what you want to monitor (for example, all HTTP traffic sent/received via the IP address 192.168.1.1).
ip.addr == 192.168.1.1 && http
The documentation of Wireshark offers many examples for Capture Filters that should help you to filter the traffic to get the information you want.