iOS Packet Trace – Recording Network Traffic on Remote iOS Devices Using DevTunnel
Whether you’re a developer trying to debug your iOS app, or an individual in a product team running a CI job – recording the network traffic of the device while you’re debugging your application or while a test is running can bring great benefit to the process and to the end results.
Dumped network traffic contains important information regarding your device’s network connection – from DNS request and response times to overall network latency and errors, and even full HTTP/HTTPS* conversations (without the need to set a proxy!).
- Encrypted, unless you have access to the web server’s SSL key.
Recording the network traffic
First, you need to establish a DevTunnel session on the device. Once you have an iOS device opened…
Next, click on the “DevTunnel” widget on your left, and wait for the progress to reach 100%.
Now determine the UDID of the device. The easiest way is to look in the “Information” window of the device. Click on the “Information” button:
And then copy the UDID of the device by clicking on the “Copy to Clipboard” icon:
Now that we have the device’s UDID, we can create the Remote Virtual Interface by using a tool called rvictl* – a Remote Virtual Interface tool which can be used to start a network capture on iOS devices.
- rvictl is part of the XCode command line utilities. Install them if you haven't yet!
Let's go over the usage:
So, when you would like to start a remote capture, assuming our UDID is (for example) 002daa400df726c38aac1,
the usage would be:
rvictl -s 002daa400df726c38aac1
Once executed, rvictl will inform us of the new interface it has created
Running the ‘ifconfig’ command reveals the new interface
Now you can start sniffing the network traffic over the device. We can view the traffic by executing the following command:
tcpdump -n -t -i rvi0 -q -A tcp
As soon as the command is executed, we start seeing packet data printed to our console. Magic!
Recording the traffic to a PCAP file can also be easily achieved with tcpdump by using the -w flag. This can be very useful when recording the traffic while running your daily tests.
The following command would start a network sniff on the device and record the traffic to a pcap file:
tcpdump -n -t -i rvi0 -q -A tcp -w out.pcap
Another tool that can help developers analyze the traffic is Wireshark. Simply open Wireshark and select the rvi0 interface:
Once the capture has been started, we can immediately see the sniffed packets from the device:
And even reconstruct HTTP conversations on the fly:
There are many other tools that can help you read packet data from this remote virtual interface. A full list can be found in the following Apple Technical Q&A article: