iPhone Traffic Capture

    If you would like to capture traffic from the wireless interface of an iPhone. You will need the following:

    • iPhone identifier
    • Remote Virtual Interface Tool rvctl
    • Traffic capture software
    • macOS computer

    Plug the iPhone into a macOS computer using a USB to Lightning cable. Run Xcode, and access the Device and Simulators window through the menubar Window > Device and Simulators or by using the keyboard short ⇧⌘2.

    Once presented with the Device and Simulators window, select your iPhone from the list of Connected Devices.

    Retrieve the identifier number for the iPhone to use with the rvictl command to start remote traffic capture.

    Open Terminal application to access a shell prompt. Use rvictl and iPhone identifier to create interface.

    sh$ rvictl -s 00008020-X

    You can use ifconfig -l to see if the interface has been created successfully. Interfaces being with rvi.

    sh$ ifconfig -l
    lo0 gif0 stf0 en0 en6 ap1 en1 awdl0 llw0 en2 en3 en4 en5 bridge0 utun0 utun1 utun2 utun3 utun4 utun5 utun6 en7 en10 rvi0

    Once the interface is created. Launch your favourite traffic capture software. In my case I was using Wireshark. Select the interface rvi0 from a list of interfaces, start a traffic capture. You should see capture traffic in the software.

    Filed in: iPhone, Wireshark
    Reading Time: 1 minute(s)