Smartphone networking

Monitor Network Traffic on an iOS Device Using Remote Virtual Interface

There are several situations in which one may want to monitor network traffic on an iOS device (e.g., ensuring there is no unexpected network traffic, identifying the APIs utilized by various apps, etc.) Let’s look at one possible option to accomplish this. From iOS 5 on, we can use Remote Virtual Interface (RVI) to add a network interface to your macOS device that contains the packet stream from an iOS device.

Install Xcode From The App Store

First, ensure that you’ve installed Xcode from the App Store on the Mac you’ll be using. It’s free, and it’s a straight-forward install.

Screen capture of search for Xcode
Find and install Xcode from the Apple Store.

Install Xcode Command Line Tools

Next, make sure you have the command line tools for Xcode installed on your system. You can type the following command to check if they are installed:

$ xcode-select --version
Screen capture of running command in terminal.
Ensure that the Xcode command line tools are installed.

If you don’t see any version information and you get a “command not found” type of error, you can use the following command to install the tools:

$ xcode-select --install

Of note, don’t try to use the same command above to update your installation of the command tools, just let Apple prompt you for an update (or, if you have automatic updates enabled, updates should happen without you needing to do anything.)

Connect Your iOS Device To Your Mac Computer

Then, connect your iOS device with your Mac computer using whatever wired connection is required (for my iPhone 8 and my iMac, I’m using a USB-to-Lightning cable.) Once connected, you just need to have both devices turned on so they can talk to each other (you may have to enter the passcode for your iOS device to unlock it.)

Start Xcode And Find Your UDID

Next, we have to locate the Unique Device Identifier (UDID) for your iOS device. The easiest way to do this (and have something you can copy into your command for the next step) is to use Xcode. After starting Xcode, you can navigate to the Window menu and then select Devices and Simulators. That will bring up a new window, then you can select the Devices tab, which should reveal detailed information about your iOS device. For our purposes, we need the value after the Identifier label (blurred out in my image below), which is the UDID for the device.

Screen capture of opening the devices tab in Xcode.

Find The “rvictl” Command On Your Mac

Now we need to open the terminal again. First, we have to find where the RVI command is located on your version of macOS. The find command can do this nicely, and we’ll enhance our command so we don’t see hundreds of permission denied messages.

$ find / -name "rvictl" 2>/dev/null

The output should reveal the location of the command. On my iMac running Catalina, the location is /Library/Apple/usr/bin, but make sure you check your system for the precise location.

Next, change to the directory of the rvictl binary and then run the command.

$ cd /Path/On/Your/System
Screen capture of running command in terminal.

Run The “rvictl” Command To Add Your iOS Device As A Network Interface

Finally, we can run the rvictl command and pass in the UDID we found earlier for our iOS device to start up a new network interface that will allow us to monitor the network traffic on the device using our Mac computer.

$ rvictl -s the-udid-number-of-your-ios-device
Screen capture of running command in terminal.

Test The Network Interface With tcpdump

Now that the network interface has been configured on your Mac for your iOS device (usually called rvi0), let’s test it to ensure that it’s working. Try using tcpdump to view HTTP activity on your iOS device and then visit a webpage on your phone that is using HTTP (not HTTPS.)

$ tcpdump -i rvi0 port http
Screen capture of running command in terminal.

Take Aways

You should now have the ability to configure your Mac computer to monitor network traffic on your iOS device. There are pros and cons to this particular approach. On the positive side, it is relatively easy if you’re using a Mac, unencrypted traffic is easily viewed, and the required applications/tools are few. However, if you you don’t own a Mac computer, or if you need to view encrypted traffic (e.g., HTTPS), there are better approaches. I’ll cover other monitoring options in the future that address these issues.






Leave a Reply

Your email address will not be published. Required fields are marked *