This document describes how to conduct a packet capture of IPhone traffic with Windows Internet Connection Sharing (ICS).
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
This process requires that you share a Wired network connection with an iPhone or any other Wi-Fi phone (called iPhone in this document for simplicity). All the iPhone's traffic is diverted through a PC. This process is extremely useful when you need to troubleshoot the iPhone's traffic (Cisco Jabber for iPhone, Android).
How to packet capture iPhone's traffic with Windows ICS
Open a network connections window. You can open it from the Control Panel, or you can type ncpa.cpl in a Windows command prompt.
Open the Local Area Connectionproperties and click the Sharing tab.
Open a Windows Command prompt (you may need to run the command prompt with Administrative privileges). Then, enter this command:
Note: You choose the Service Set Identifier (SSID) and key. Once you enter the command, you will see a new network adapter popup called the Microsoft Virtual Wi-Fi Miniport Adapter. This network adapter acts as the Wi-Fi access point for the iPhone's Wi-Fi.
Open the Local Area Connection properties and click the Sharing tab. Check the Allow other network to connect through this computer's internet connection check box and then choose the appropriate wireless network connection for the Microsoft Virtual Miniport Adapter. In this example, it was Wireless Network Connection 2.
Tip: It may help to ensure that your main Wireless Network Connection is in a Not connected state before you create the Microsoft Virtual Wi-Fi Miniport adapter. If it is in a connected state, right-click the connection and choose Connect/Disconnect to move it to the Not connected state.
Enter this command from the command prompt.
After you enter the command, the Wireless Network Connection 2 status displays as cisco.com
Now, open your iPhone and connect to the SSID. In this example, the SSID is test123. If the SSID does not appear, type it.
Now, open Wireshark on your PC in order to see your iPhone traffic.
If you want to remove the captures, enter this command:
Then, open Local Area Connection properties and click the Sharing tab. Uncheck the Allow other network to connect through this computer's internet connection box.
Tip: If this process does not work, enter netsh wlan stop hostednetwork followed by netsh wlan start hostednetwork.