Packet Capture on iOS Device

Posted on by Todd Smith

Found this tweet and wanted to test it and record it for future reference.

Screen Shot 2018-03-08 at 9.26.02 AM

I envision the most useful aspect is to t-shoot secure paging to personal devices in Medical Verticals. For example: Hospital System has an issue with secure paging being delayed. Where is the delay? Or is the transmission simply not being transmitted to the iOS device.

To obtain the UDID:

  1. Connect iOS device via USB to MAC
  2. Open up iTunes
  3. Click the Serial Number Field on the Device Summary screen
  4. UDID will be displayed

 

Screen Shot 2018-03-08 at 9.37.27 AM.png

Screen Shot 2018-03-08 at 9.37.36 AM

Start RVICTL -s <UDID>

m85077:~ wsmith3$ rvictl -s 2691c94e0ddf253525630d9ba382f5937a196b6f
Starting device 2691c94e0ddf253525630d9ba382f5937a196b6f [SUCCEEDED] with interface rvi0

Start TCPDUMP

m85077:~ wsmith3$ sudo tcpdump|wireshark -i rvi0
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Packet Tap), capture size 262144 bytes

Screen Shot 2018-03-08 at 9.47.49 AM.png

Screen Shot 2018-03-08 at 12.06.32 PM.png

Additional Links:

https://github.com/gh2o/rvi_capture

https://supportforums.cisco.com/t5/small-business-support-documents/configure-remote-virtual-interface-rvi-on-an-ios-device/ta-p/3169646

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s