I’m recently doing an IoT project. I wanted to investigate the network layer, and to do so I use Wireshark to capture the network traffic between my iOS apps and IoT hardware.
Let’s see how to start packet sniffing using Wireshark!
Install Wireshark
Wireshark is free and open-source. You can download Wireshark from its official website https://www.wireshark.org/.
Once installed, open Wireshark and run the following command to check the existing interfaces:
ifconfig -l
The action will output something like:
lo0 gif0 stf0 en0 en1 en2 bridge0 p2p0 awdl0 llw0 utun0 utun1 utun2 utun3 utun4 utun5 utun6 utun7
Capturing traffic
You can start capturing the traffic of any of the listed interfaces by double-clicking it now. But if you would like to capture the traffic of your iPhone, you have to do one more step.
Create a Remote Virtual Interface
Since the network communication between your iPhone and IoT hardware is not going through your Mac, to capture the traffic of an iPhone using tools like Wireshark on your Mac, you need to create a remote virtual interface (RVI) dedicated to your iPhone’s traffic on your Mac. To do this you will first need to get the devices UDID.
UDID
Find out your iPhone’s UUID through Xcode or Apple Music.
Xcode
Xcode -> Window -> Devices and Simulators
Apple Music
Devices -> Target device
Before entering your UUID in the next line, ensure that the code is lowercase.
rvictl -s [YourUUID] Starting device [YourUUID] [SUCCEEDED] with interface rvi0
Errors
For many the above will resolve and receive the succeeded message. However, on my first run this was not the case. Instead I received:
Starting device [YourUUID] [FAILED]
Success for some using
sudo /usr/sbin/installer -pkg /Applications/Xcode.app/Contents/Resources/Packages/MobileDeviceDevelopment.pkg -target /
But not for me.
Has rvictl been installed correctly?
If rvictl fails with the message bootstrap_look_up(): 1102, make sure that the com.apple.rpmuxd daemon is installed and loaded. The following command should print information about the daemon:
sudo launchctl list com.apple.rpmuxd If the daemon is installed correctly, you should see output like this: $ sudo launchctl list com.apple.rpmuxd { "Label" = "com.apple.rpmuxd"; … };
If the daemon isn’t installed correctly you’ll see this:
$ sudo launchctl list com.apple.rpmuxd Could not find service "com.apple.rpmuxd" in domain for system
This message can indicate that the daemon is unloaded. You can force it to load as follows:
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.rpmuxd.plist
What did I receive
{ "LimitLoadToSessionType" = "System"; "MachServices" = { "com.apple.rpmuxd" = mach-port-object; }; "Label" = "com.apple.rpmuxd"; "OnDemand" = true; "LastExitStatus" = 0; "Program" = "/Library/Apple/usr/libexec/rpmuxd"; "ProgramArguments" = ( "/usr/libexec/rpmuxd"; ); };
Heading nowhere a few queries I searched:
wireshark rvictl -s failed
This query lead to an interesting article on the Apple developer site and outlined the information above.
Is rvictl installed
Now I want to check that rvictl is installed on my Mac. To check this run the command:
rvictl -h
And if successful the output should like:
Remote Virtual Interface Tool starts and stops a remote packet capture instance for any set of attached mobile devices. It can also provide feedback on any attached devices that are currently relaying packets back to this host. Options: -l, -L List currently active devices -s, -S Start a device or set of devices -x, -X Stop a device or set of devices
Or to get the version type
rvictl -v
And see:
rvictl version 1.2
So, we now know that rvictl is installed and running. However, it is not finding any devices connected to the OSX.