iOS Packet Trace – Recording Network Traffic on Remote iOS Devices Using DevTunnel

Whether you’re a developer trying to debug your iOS app, or an individual in a product team running a CI job – recording the network traffic of the device while you’re debugging your application or while a test is running can bring great benefit to the process and to the end results.

Dumped network traffic contains important information regarding your device’s network connection – from DNS request and response times to overall network latency and errors, and even full HTTP/HTTPS* conversations (without the need to set a proxy!).

  • Encrypted, unless you have access to the web server’s SSL key.

     

    Recording the network traffic

    First, you need to establish a DevTunnel session on the device. Once you have an iOS device opened…

Perfecto interactive IDE. Click on the "DevTunnel" Widget on the left

Next, click on the “DevTunnel” widget on your left, and wait for the progress to reach 100%.

Wait for the progress to reach 100%

Now determine the UDID of the device. The easiest way is to look in the “Information” window of the device. Click on the “Information” button:

The information button is to be found on the left, circled

And then copy the UDID of the device by clicking on the “Copy to Clipboard” icon:

Click on the green "Copy to clipboard" icon next to Device ID

 

Now that we have the device’s UDID, we can create the Remote Virtual Interface by using a tool called rvictl* – a Remote Virtual Interface tool which can be used to start a network capture on iOS devices.

  • rvictl is part of the XCode command line utilities. Install them if you haven't yet!

Let's go over the usage:

So, when you would like to start a remote capture, assuming our UDID is (for example) 002daa400df726c38aac1,

the usage would be:

            rvictl -s 002daa400df726c38aac1

Once executed, rvictl will inform us of the new interface it has created

Running the ‘ifconfig’ command reveals the new interface

Now you can start sniffing the network traffic over the device. We can view the traffic by executing the following command:

            tcpdump -n -t -i rvi0 -q -A tcp

As soon as the command is executed, we start seeing packet data printed to our console. Magic!

Recording the traffic to a PCAP file can also be easily achieved with tcpdump by using the -w flag. This can be very useful when recording the traffic while running your daily tests.

The following command would start a network sniff on the device and record the traffic to a pcap file:

            tcpdump -n -t -i rvi0 -q -A tcp -w out.pcap

Another tool that can help developers analyze the traffic is Wireshark. Simply open Wireshark and select the rvi0 interface:

Once the capture has been started, we can immediately see the sniffed packets from the device:

And even reconstruct HTTP conversations on the fly:

There are many other tools that can help you read packet data from this remote virtual interface. A full list can be found in the following Apple Technical Q&A article:

https://developer.apple.com/library/content/qa/qa1176/_index.html

 

About the Author

Shai Dvash, Software Engineer Shai is a Software Engineer working at Perfecto. He is formerly the Head of Client at The Grid, a Tel-Aviv based startup, Shai has been into mobile development Since 2011 when he joined Cisco as a Mobile Developer, which also included experiencing in the IoT security field. He has vast experience in developing native and hybrid applications for iOS and Android devices, and has a huge passion for new technologies.

Share Your Thoughts!

Your email address will not be published. Required fields are marked *

Love to learn about creating top notch digital experiences?

Get the latest news, tips and articles delivered right to your inbox.