Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jduncanator/isniff

Packet capture and network sniffer for Apple iOS devices (iPhone / iPod). An implementation of iOS 5+ Remote Virtual Interface service and pcapd.
https://github.com/jduncanator/isniff

apple idevice ios iphone ipod network-monitoring packet-capture pcap sniffer wireshark

Last synced: 25 days ago
JSON representation

Packet capture and network sniffer for Apple iOS devices (iPhone / iPod). An implementation of iOS 5+ Remote Virtual Interface service and pcapd.

Host: GitHub
URL: https://github.com/jduncanator/isniff
Owner: jduncanator
License: gpl-2.0
Created: 2014-09-30T04:47:12.000Z (about 10 years ago)
Default Branch: master
Last Pushed: 2017-10-23T22:18:49.000Z (about 7 years ago)
Last Synced: 2024-08-03T17:11:23.521Z (4 months ago)
Topics: apple, idevice, ios, iphone, ipod, network-monitoring, packet-capture, pcap, sniffer, wireshark
Language: C
Homepage:
Size: 109 KB
Stars: 28
Watchers: 5
Forks: 7
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-network-stuff - **6**星

README

# iSniff

iSniff is a command line tool that interfaces with the built-in packet capture capabilities of iOS 5+ devices.

iSniff outputs a raw packet trace in pcap format which can then be used to save to a file or piped to other commonly used packet capture software.

## Usage

```
Usage: isniff [OPTIONS] [PCAPFILE]
Capture packets on a connected iDevice.

If PCAPFILE is passed, write the raw packets to file
rather than writing to STDOUT.

-u, --udid UDID Target specific device by its 40-digit device UDID.
-l, --list list UDID of all attached devices
-h, --help prints usage information
-d, --debug enable communication debugging
```

## Getting Started

By default iSniff will connect to the first connected device it finds and output the raw pcap data to *stdout*. This may not seem very useful but it allows easy use of the data in whatever tool you are most fluent with.

The easiest way to get started is to simply capture all packets on a connected iDevice to a pcap file:

```
isniff capture.pcap
```

This will start the packet capture service on the connected iDevice and start capturing all network to `capture.pcap`. To stop capturing packets signal the program to stop with `Ctrl+C`. iSniff will then flush the capture to disk and close.

### Using iSniff with tcpdump

This is nice but what if you want to monitor the capture in real-time? Normally the goto command line packet capture program is `tcpdump` a lightweight but feature packed packet sniffer based on libpcap. To use `tcpdump` like you normally would, simply pipe the output of iSniff to `tcpdump` with the flags `-r-`:

```
isniff | tcpdump -r-
```

`tcpdump` will then start logging the packets as they are received as if you had have just called `tcpdump` on the iDevice itself!

### Using iSniff with Wireshark

The same principle above applies to any packet tracing or capture program that can parse pcap-format packet captures from *stdin*. To view a live capture in Wireshark simply start it with the following command and flags:

```
isniff | wireshark -Ski-
```

This will start Wireshark and display packets as they are captured.