Capture Packets on iOS Devices
From time to time you may need to gather some information about what an iOS device is doing on your network. For instance, you may need to know what URLs an app is using so it can be bypassed in your content filter.
Before you begin, you need:
You’ll need the UDID of you iOS device, so plug it into you MacBook and open finder. You should see the device in the left-hand pane. Click on it, then click on the device’s description at the top.
This will display the serial number and UDID. Right click the UDID and click Copy UDID.
Now that you have the UDID, open the Terminal app and use this command to create the interface we’ll use to capture packets.
1
$ rvictl -s PASTE-YOUR-UDID-HERE
If successful, you should see your new interface on screen. In most instances, it will be rvi0 as seen below.
1
Starting device 00000000-0000000000000000 [SUCCEEDED] with interface rvi0
Now open Wireshark, and you should see this new interface listed as a capture option.
You can now proceed as you normally would with the capture filter of your choosing.