wirshark

Discussion in 'iOS Development' started by Communati0n, Aug 21, 2010.

  1. Communati0n

    Communati0n New Member

    Joined:
    Oct 22, 2009
    Messages:
    824
    Likes Received:
    0
    Device:
    iPad 2 (Black)
    ive been trying to look at what my ipod was sending out to the server of an onine app. Ive used wireshark to try and capture the packets and analyse them, but no luck. anyone got any ideas on what id do to capture and store ALL data my ipod is sending out while im running the app?

    It is important that the data doesnt get away cos i need to look at it
  2. lauNchD

    lauNchD Well-Known Member

    Joined:
    Jan 27, 2008
    Messages:
    1,844
    Likes Received:
    261
    Device:
    iPhone 5 (Black)
    If you have a Mac & are connected to your roter via Ethernet, use Internet Sharing (System Preferences->Sharing) to set up an ad-hoc network for your iPod to connect to. Then use Wireshark to capture either en0 (Ethernet, to capture everything your computer sends/recieves, obviously including everything your iPod does) or en1 (Wi-Fi, to capture traffic between your computer and your iPod, which is basically the same, except that nothing originating from your computer is recorded).

    • A similar approach may work under Windows/Linux
    • No, you can't "decrypt" SSL'd packets.
  3. Communati0n

    Communati0n New Member

    Joined:
    Oct 22, 2009
    Messages:
    824
    Likes Received:
    0
    Device:
    iPad 2 (Black)
    yeah, ive seen that method with mac. It looks perfect!

    only problem is... ive got windows
  4. lauNchD

    lauNchD Well-Known Member

    Joined:
    Jan 27, 2008
    Messages:
    1,844
    Likes Received:
    261
    Device:
    iPhone 5 (Black)
    Use something similar to the Mac's Internet sharing on Windows. Just google it; it's definitely been implemented somewhere.
    Configure WireShark just as you'd do on a Mac; either sniff the computer's internet/LAN connection or its Wi-Fi (->iPod) interface.
  5. Communati0n

    Communati0n New Member

    Joined:
    Oct 22, 2009
    Messages:
    824
    Likes Received:
    0
    Device:
    iPad 2 (Black)
    ok. i have identified 5 packets with the data i want to see. but i cant make sense of them!!!

    pls help out undertand them. data posted below

    For all of them:
    protocol:UDP
    Source port: pnrp-port
    Destination port: pnrp-port

    packet 1:
    source: fe80::98ce:ba36:4343:1f51
    destination: fe80::65a8:8a38:1a6e:3d1d

    data(hex):
    0000 6c f0 49 7a 59 f3 00 27 19 ea 77 41 86 dd 60 00
    0010 00 00 00 2c 11 80 fe 80 00 00 00 00 00 00 98 ce
    0020 ba 36 43 43 1f 51 fe 80 00 00 00 00 00 00 65 a8
    0030 8a 38 1a 6e 3d 1d 0d d4 0d d4 00 2c a1 e8 00 10
    0040 00 0c 51 04 00 01 75 4d 49 ff 00 92 00 18 a6 0c
    0050 5b 63 8a 2c a7 e4 39 fc 6f 92 f7 59 d9 96 0e 7d
    0060 7a 68

    packet 2:
    source: fe80::65a8:8a38:1a6e:3d1d
    destination: fe80::98ce:ba36:4343:1f51

    0000 00 27 19 ea 77 41 6c f0 49 7a 59 f3 86 dd 60 00
    0010 00 00 00 60 11 80 fe 80 00 00 00 00 00 00 65 a8
    0020 8a 38 1a 6e 3d 1d fe 80 00 00 00 00 00 00 98 ce
    0030 ba 36 43 43 1f 51 0d d4 0d d4 00 60 58 76 00 10
    0040 00 0c 51 04 00 02 c9 e8 b8 65 00 18 00 08 75 4d
    0050 49 ff 00 60 00 2c 00 01 00 28 00 30 00 20 7a ca
    0060 ad ce 31 07 f8 c7 8e 37 97 7c 6f ee 32 0b fe 80
    0070 00 00 00 00 00 00 ce a2 17 7c f0 47 d6 97 00 92
    0080 00 18 a6 0c 5b 63 8a 2c a7 e4 39 fc 6f 92 f7 59
    0090 d9 96 0e 7d 7a 68

    packet 3:
    source: fe80::98ce:ba36:4343:1f51
    destination: fe80::65a8:8a38:1a6e:3d1d

    0000 6c f0 49 7a 59 f3 00 27 19 ea 77 41 86 dd 60 00
    0010 00 00 00 54 11 80 fe 80 00 00 00 00 00 00 98 ce
    0020 ba 36 43 43 1f 51 fe 80 00 00 00 00 00 00 65 a8
    0030 8a 38 1a 6e 3d 1d 0d d4 0d d4 00 54 36 0a 00 10
    0040 00 0c 51 04 00 03 75 4d 4a 8f 00 93 00 14 08 c3
    0050 e6 00 37 5d e5 88 3b 2e ec 30 dc e4 cb 5c 00 60
    0060 00 2c 00 01 00 28 00 30 00 20 7a ca ad ce 31 07
    0070 f8 c7 8e 37 97 7c 6f ee 32 0b fe 80 00 00 00 00
    0080 00 00 ce a2 17 7c f0 47 d6 97

    packet 4:
    source: fe80::65a8:8a38:1a6e:3d1d
    destination: fe80::98ce:ba36:4343:1f51

    0000 00 27 19 ea 77 41 6c f0 49 7a 59 f3 86 dd 60 00
    0010 00 00 00 1c 11 80 fe 80 00 00 00 00 00 00 65 a8
    0020 8a 38 1a 6e 3d 1d fe 80 00 00 00 00 00 00 98 ce
    0030 ba 36 43 43 1f 51 0d d4 0d d4 00 1c 56 32 00 10
    0040 00 0c 51 04 00 09 c9 e8 b8 c5 00 18 00 08 75 4d
    0050 4a 8f

    packet 5:
    source: fe80::65a8:8a38:1a6e:3d1d
    destination: fe80::98ce:ba36:4343:1f51

    0000 00 27 19 ea 77 41 6c f0 49 7a 59 f3 86 dd 60 00
    0010 00 00 00 88 11 80 fe 80 00 00 00 00 00 00 65 a8
    0020 8a 38 1a 6e 3d 1d fe 80 00 00 00 00 00 00 98 ce
    0030 ba 36 43 43 1f 51 0d d4 0d d4 00 88 f4 52 00 10
    0040 00 0c 51 04 00 04 c9 e8 b9 99 00 43 00 07 00 01
    0050 00 00 00 39 00 24 00 00 00 00 00 00 00 00 00 00
    0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    0070 00 00 00 00 00 00 00 9a 00 3a 7a ca ad ce 31 07
    0080 f8 c7 8e 37 97 7c 6f ee 32 0b fe 80 00 00 00 00
    0090 00 00 ce a2 17 7c f0 47 d6 97 04 00 0d d4 00 01
    00a0 fe 80 00 00 00 00 00 00 65 a8 8a 38 1a 6e 3d 1d
    00b0 00 00 00 9e 00 0c 00 00 00 08 00 9d 00 12

Share This Page