On Sep 21, 2009, at 11:46 AM, Gerald Combs wrote:
Three minutes after Stephen's mail arrived I received a request from
Laura Chappell for iPhone support.
Unless things have changed since I last had a jailbroken iPhone (and I
doubt they have), the BPF devices were just like the OS X ones,
defaulting to owned by root/wheel and not readable or writable by
anybody other than the owner, and apps don't run as root, so no access
to the BPF devices - and probably no chance of any access without
jailbreaking - and hence no traffic capture.
Neither the Tiger nor the Leopard/Snow Leopard techniques for putting
802.11 adapters into monitor mode worked, either. That was a while
ago, though - it was probably iPhone OS 1.x. Maybe that, at least,
has changed.
Keeping the capture process going even if you bring another app
forward would be a bit tricky, too, especially without jailbreaking
(and even then, the OS reserves the right to terminate background
processes if it needs memory - I've even see it terminate Safari, as
my browsing history, presumably kept in main memory in pre-3.0
releases, disappeared on occasion after switching to Mail and back to
Safari, probably because the Safari process terminated).
The other big question is "how much support?" Making Wireshark - or
some subset thereof - usable on a small screen would probably take
some work.