This article looks at using Wireshark to capture packets directly on an iOS device, instead of capturing them over the air.
To do this, it uses a tool called rvictl, which is included in Xcode.
The rvictl (Remote Virtual Interface Tool) allows the user to control remote packet captures on attached devices.
The tool is typically found at Library/Apple/usr/bin/rvictl, and iphone users must reboot their phones after installation, to load the rpmuxd daemon which is essential for rvictl to function.
To start the capture, the user needs to connect their iPhone to their MacBook and establish an SSH connection using the rvictl tool.
Packets are captured in the Wireshark instance on the MacBook, with the captured data being transmitted over the SSH connection.
After starting the capture, the user can analyze the packets using Wireshark.
This method allows the user to see packets that would otherwise be unavailable, and gives a more comprehensive view of the mobile device’s network traffic.