How To Sniff iPhone Network Traffic

, Wellesley, MA

Recently, I saw that some of my company’s servers were handling a heavy load of requests from our iPhone apps that I couldn’t explain. We’ve gained a humbling number of users in the first 8 weeks of the year, but the load was outpacing even the fastest growing usage metrics. After a few days of banging my head against the wall, on a whim, I watched the server logs for my own phone’s IP address and noticed that our app continued to make requests after I put it in the background. Every copy of the app that was running in the background on every user’s phone was making superfluous HTTP requests. The next version will fix that problem.

Here’s how you can sniff your iPhone’s network usage to find out if your app or anyone else’s is making unexpected network requests. No server logs necessary.

  1. Connect your Mac to a wired Internet connection.

  2. Open a web browser and confirm you can open any public web page.

  3. Open System Preferences > Sharing.

  4. Select Share your connection from: Ethernet.

  5. Select To computers using: Wi-Fi.

  6. Enable Internet Sharing by clicking the corresponding check box.

  7. Click Start when your Mac prompts you.

  8. Click the Network icon in your menu bar and note the name of the computer-to-computer network you’ve created.

  9. On your iPhone, open Settings > Wi-Fi.

  10. Select the network you created on your Mac.

  11. Open a web browser and confirm you can open any public web page.

  12. On your Mac, download Wireshark and install it.

  13. Open Terminal, and give Wireshark permission to read your network devices with: sudo chmod 644 /dev/bpf*.

  14. Open Wireshark.

  15. Start capture on: en1.

  16. Optionally enter a filter, e.g., http.

It would be really nice if there were an iPhone app that could capture and display network traffic natively. Ideally, the app would start capturing and show a list of other apps that have made network requests since the capture started. I’d like to sort the list of apps by number of requests or amount of data transferred. I’d like to drill into each app to see the details of its requests, and I’d like to kill runaway apps from within the capture app. For the time being, it looks like you have to jailbreak your phone to run anything like it, but I’d love to hear otherwise if you know a good Apple-reviewed app for that.

Enjoyed reading this post? Discuss it on Reddit, or follow me on Twitter.