So you would like to troubleshoot packets being sent by your iPhone across your network but where do you start?
To do so you will need to have your iPhone plugged into a Mac computer using the USB cable. There is no need for any other tools but the XCode command line tools.
To create the remote virtual interface to capture packets, launch iTunes to obtain the phones UDID (or you can use your settings > about to locate it). Select the phone in itunes to see its details. You may have to click on the “serial number” field a few times for it to cycle through to the UDID.
Using the rvictl command as follows create the virtual interface
rvictl -s
e.g. rvictl -s 6b3a01a32a5a7d74da742afbbca43056a6fd480e
Starting device 6b3a01a32a5a7d74da742afbbca43056a6fd480e [SUCCEEDED] with interface rvi0
Check to see if the interface is working
ifconfig rvi0
rvi0: flags=3005<UP,DEBUG,LINK0,LINK1> mtu 0
Run TCP Dump to gather packets
sudo tcpdump -n -i rvi0 -w ./iphone.pcap
Password:
tcpdump: WARNING: rvi0: That device doesn’t support promiscuous mode
(BIOCPROMISC: Operation not supported on socket)
tcpdump: listening on rvi0, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
^C700 packets captured
700 packets received by filter
0 packets dropped by kernel
To remove the virtual interface use:
rvictl -x UDID
rvictl -x 6b3a01a32a5a7d74da742afbbca43056a6fd480e
Use wireshark to open and troubleshoot the packet capture file
Hits: 598