Apple publishes Recording a Packet Trace, which explains how to capture packets for macOS and iOS. With the rvictl and tcpdump The combination addressed on the page allows us to capture the network traffic that occurs on a connected iOS device.
One note here is about rvictl. The page addresses the functionality as;
iOS doesn’t let you record a packet trace directly. However, you can use your Mac to record a packet trace on an attached iOS device using the Remote Virtual Interface (RVI) mechanism. To get started, first connect your iOS device to your Mac via USB. Next run the
rvictlcommand in Terminal.
When I captured the network via the command and compared the network captured VPN on a device, I found 4 bytes of difference in every packet. It was NullLoooback. It means the amount of size captured network via rvictl could be slightly bigger than the vanilla network packet size. The main body should have no differences, though.
A side note about Personal VPN. With the feature, we can create a VPN app by ourselves. Some of Apple’s official apps may bypass the VPN even when it is enabled on a device. The rvictl method could capture those packets, but this VPN feature did not.
~ my tech diary ~ 