iOS Packet Trace – Recording Network Traffic on Remote iOS Devices Using DevTunnel

iOS Packet Trace – Recording Network Traffic on Remote iOS Devices Using DevTunnel

//iOS Packet Trace – Recording Network Traffic on Remote iOS Devices Using DevTunnel

Whether you’re a developer trying to debug your iOS app, or an individual in a product team running a CI job – recording the network traffic of the device while you’re debugging your application or while a test is running can bring great benefit to the process and to the end results.

Dumped network traffic contains important information regarding your device’s network connection – from DNS request and response times to overall network latency and errors, and even full HTTP/HTTPS* conversations (without the need to set a proxy!).

  • Encrypted, unless you have access to the web server’s SSL key.


    Recording the network traffic

    First, you need to establish a DevTunnel session on the device. Once you have an iOS device opened…

Perfecto interactive IDE. Click on the "DevTunnel" Widget on the left

Next, click on the “DevTunnel” widget on your left, and wait for the progress to reach 100%.

Wait for the progress to reach 100%

Now determine the UDID of the device. The easiest way is to look in the “Information” window of the device. Click on the “Information” button:

The information button is to be found on the left, circled

And then copy the UDID of the device by clicking on the “Copy to Clipboard” icon:

Click on the green "Copy to clipboard" icon next to Device ID


Now that we have the device’s UDID, we can create the Remote Virtual Interface by using a tool called rvictl* – a Remote Virtual Interface tool which can be used to start a network capture on iOS devices.

  • rvictl is part of the XCode command line utilities. Install them if you haven’t yet!

Let’s go over the usage:

So, when you would like to start a remote capture, assuming our UDID is (for example) 002daa400df726c38aac1,

the usage would be:

            rvictl -s 002daa400df726c38aac1

Once executed, rvictl will inform us of the new interface it has created

Running the ‘ifconfig’ command reveals the new interface

Now you can start sniffing the network traffic over the device. We can view the traffic by executing the following command:

            tcpdump -n -t -i rvi0 -q -A tcp

As soon as the command is executed, we start seeing packet data printed to our console. Magic!

Recording the traffic to a PCAP file can also be easily achieved with tcpdump by using the -w flag. This can be very useful when recording the traffic while running your daily tests.

The following command would start a network sniff on the device and record the traffic to a pcap file:

            tcpdump -n -t -i rvi0 -q -A tcp -w out.pcap

Another tool that can help developers analyze the traffic is Wireshark. Simply open Wireshark and select the rvi0 interface:

Once the capture has been started, we can immediately see the sniffed packets from the device:

And even reconstruct HTTP conversations on the fly:

There are many other tools that can help you read packet data from this remote virtual interface. A full list can be found in the following Apple Technical Q&A article:


Roy Nuriel, Director of Product Management
Roy has over 15 years of experience in the quality assurance domain, specializing in enterprise software. Over the course of his career, Roy's roles have spanned engineering, product delivery and product management. He is an expert in software quality, application lifecycle management (ALM) and end-to-end IT management. Prior to joining Perfecto, Roy held a number of senior positions at HP Software and Mercury. He holds a B.Sc. in Computer Science from the Hebrew University in Israel.

Leave A Comment