In order to troubleshoot ‘eduroam’ connectivity, I needed to capture traffic off an iPhone to see what was actually going on.
This is what I had to do to make this possible:
- Jailbreak an iPhone (yes, it needs to be jailbroken and have access to the Cydia application store)
- Install ‘tcpdump’ and ‘MobileTerminal‘ from Cydia
- If you also want to transfer the .pcap-files from the iPhone via a USB cable to a (Windows) PC you also need to install ‘Apple File Conduit “2” ‘ on the iPhone.
On the PC you will need iTunes and iExplorer (https://www.macroplant.com/iexplorer/)
- open ‘MobileTerminal’ on the iPhone and enter ‘Root’ mode:
type in ‘su’ and use the default password of ‘alpine’
- (then type in ‘passwd root‘ and change the password to something else)
- next start up ‘tcpdump‘ and start capturing traffic:
‘tcpdump -i en0 -w capturefil.pcap -s 0’
-i en0 tells to trace off WLAN card
(use -D to list available interfaces)
-w specifies the file to write to
-s is to make sure packets are saved in their entire length
- to re run the last command type ‘!-1’ – that will save you some work typing long commands over and over again.
- to copy/move the resulting .pcap-file to a PC, connect the iPhone to the PC via a USB cable and use iExplorer to browse to ‘root/var/mobile’ where the file will reside by default.
My interfaces were as follows:
1: pdp_ip0 (GSM-network)
2: en0 (WLAN)
3: lo0 (local loopback)
More information on available options for ‘tcpdump’ can be found here: www.tcpdump.org