Network Activity Monitoring on iPhone

Question

I've been working for 5 days trying to learn and implement Network monitor on the iPhone. I looked into netstat code from apple, and i lost like 25% of my hair.

I found links for JB Devices but i need it to execute on a non JB device. (Irrespective of whether Apple accepts it on the App store or not).

I found some useful links :

how to get tcp udp opening port list on iPhone (I couldn't parse the data returned in this question :( )

Data Usage on iPhone

sysctlbyname buf return type (I'm not a networking guy..could not understand this one, may be you guys can help :) )

TCP/UPD port list

I can say i got some thing from the first link. Can you guys help me to Parse the data ? Is there any other method to achieve this??

Answer 1

Ok, you have all that you need over the table.

You can check the question Is there any private api to monitor network traffic on iPhone? And here you can find the source code of inet. That code have all you need to parse the data returned of how to get tcp udp opening port list on iPhone

size_t len = 0;
if (sysctlbyname("net.inet.tcp.pcblist_n", 0, &len, 0, 0) < 0) {
    perror("sysctlbyname");
} else {
    char *buf = malloc(len);
    sysctlbyname("net.inet.tcp.pcblist_n", buf, &len, 0, 0);
    NSData *data = [NSData dataWithBytesNoCopy:buf length:len];
    NSLog(@"data = %@", data);
}

Ok, yes the source code of inet is a little complicate. But, you know that netstat print the net status. So, you only need to see when inet execute printf, at this point you will have the data parsed.

If you try to compile the source of inet for iOS, you will find a lot of problems: some header files are not present in ios sdk. Ok, no problem copy the headers.

For the simulator you only need copy the header of netstat.h. And add some struct declaration that are private:

struct  xtcpcb_n {
    u_int32_t                      xt_len;
    u_int32_t                        xt_kind;                /* XSO_TCPCB */

    u_int64_t t_segq;
    int     t_dupacks;              /* consecutive dup acks recd */

    int t_timer[TCPT_NTIMERS_EXT];  /* tcp timers */

    int     t_state;                /* state of this connection */
    u_int   t_flags;

    int     t_force;                /* 1 if forcing out a byte */

    tcp_seq snd_una;                /* send unacknowledged */
    tcp_seq snd_max;                /* highest sequence number sent;
                                     * used to recognize retransmits
                                     */
    tcp_seq snd_nxt;                /* send next */
    tcp_seq snd_up;                 /* send urgent pointer */

    tcp_seq snd_wl1;                /* window update seg seq number */
    tcp_seq snd_wl2;                /* window update seg ack number */
    tcp_seq iss;                    /* initial send sequence number */
    tcp_seq irs;                    /* initial receive sequence number */

    tcp_seq rcv_nxt;                /* receive next */
    tcp_seq rcv_adv;                /* advertised window */
    u_int32_t rcv_wnd;              /* receive window */
    tcp_seq rcv_up;                 /* receive urgent pointer */

    u_int32_t snd_wnd;              /* send window */
    u_int32_t snd_cwnd;             /* congestion-controlled window */
    u_int32_t snd_ssthresh;         /* snd_cwnd size threshold for
                                     * for slow start exponential to
                                     * linear switch
                                     */
    u_int   t_maxopd;               /* mss plus options */

    u_int32_t t_rcvtime;            /* time at which a packet was received */
    u_int32_t t_starttime;          /* time connection was established */
    int     t_rtttime;              /* round trip time */
    tcp_seq t_rtseq;                /* sequence number being timed */

    int     t_rxtcur;               /* current retransmit value (ticks) */
    u_int   t_maxseg;               /* maximum segment size */
    int     t_srtt;                 /* smoothed round-trip time */
    int     t_rttvar;               /* variance in round-trip time */

    int     t_rxtshift;             /* log(2) of rexmt exp. backoff */
    u_int   t_rttmin;               /* minimum rtt allowed */
    u_int32_t t_rttupdated;         /* number of times rtt sampled */
    u_int32_t max_sndwnd;           /* largest window peer has offered */

    int     t_softerror;            /* possible error not yet reported */
    /* out-of-band data */
    char    t_oobflags;             /* have some */
    char    t_iobc;                 /* input character */
    /* RFC 1323 variables */
    u_char  snd_scale;              /* window scaling for send window */
    u_char  rcv_scale;              /* window scaling for recv window */
    u_char  request_r_scale;        /* pending window scaling */
    u_char  requested_s_scale;
    u_int32_t ts_recent;            /* timestamp echo data */

    u_int32_t ts_recent_age;        /* when last updated */
    tcp_seq last_ack_sent;
    /* RFC 1644 variables */
    tcp_cc  cc_send;                /* send connection count */
    tcp_cc  cc_recv;                /* receive connection count */
    tcp_seq snd_recover;            /* for use in fast recovery */
    /* experimental */
    u_int32_t snd_cwnd_prev;        /* cwnd prior to retransmit */
    u_int32_t snd_ssthresh_prev;    /* ssthresh prior to retransmit */
    u_int32_t t_badrxtwin;          /* window for retransmit recovery */
};


struct  xinpcb_n {
    u_int32_t               xi_len;         /* length of this structure */
    u_int32_t               xi_kind;                /* XSO_INPCB */
    u_int64_t               xi_inpp;
    u_short                 inp_fport;      /* foreign port */
    u_short                 inp_lport;      /* local port */
    u_int64_t               inp_ppcb;       /* pointer to per-protocol pcb */
    inp_gen_t               inp_gencnt;     /* generation count of this instance */
    int                             inp_flags;      /* generic IP/datagram flags */
    u_int32_t               inp_flow;
    u_char                  inp_vflag;
    u_char                  inp_ip_ttl;     /* time to live */
    u_char                  inp_ip_p;       /* protocol */
    union {                                 /* foreign host table entry */
        struct  in_addr_4in6    inp46_foreign;
        struct  in6_addr        inp6_foreign;
    }                               inp_dependfaddr;
    union {                                 /* local host table entry */
        struct  in_addr_4in6    inp46_local;
        struct  in6_addr        inp6_local;
    }                               inp_dependladdr;
    struct {
        u_char          inp4_ip_tos;    /* type of service */
    }                               inp_depend4;
    struct {
        u_int8_t        inp6_hlim;
        int                     inp6_cksum;
        u_short         inp6_ifindex;
        short           inp6_hops;
    }                               inp_depend6;
    u_int32_t               inp_flowhash;
};


#define SO_TC_STATS_MAX 4

struct data_stats {
    u_int64_t       rxpackets;
    u_int64_t       rxbytes;
    u_int64_t       txpackets;
    u_int64_t       txbytes;
};

struct xgen_n {
    u_int32_t   xgn_len;            /* length of this structure */
    u_int32_t   xgn_kind;       /* number of PCBs at this time */
};

#define XSO_SOCKET  0x001
#define XSO_RCVBUF  0x002
#define XSO_SNDBUF  0x004
#define XSO_STATS   0x008
#define XSO_INPCB   0x010
#define XSO_TCPCB   0x020

struct  xsocket_n {
    u_int32_t       xso_len;        /* length of this structure */
    u_int32_t       xso_kind;       /* XSO_SOCKET */
    u_int64_t       xso_so; /* makes a convenient handle */
    short           so_type;
    u_int32_t       so_options;
    short           so_linger;
    short           so_state;
    u_int64_t       so_pcb;     /* another convenient handle */
    int             xso_protocol;
    int             xso_family;
    short           so_qlen;
    short           so_incqlen;
    short           so_qlimit;
    short           so_timeo;
    u_short         so_error;
    pid_t           so_pgid;
    u_int32_t       so_oobmark;
    uid_t           so_uid;     /* XXX */
};

struct xsockbuf_n {
    u_int32_t       xsb_len;        /* length of this structure */
    u_int32_t       xsb_kind;       /* XSO_RCVBUF or XSO_SNDBUF */
    u_int32_t       sb_cc;
    u_int32_t       sb_hiwat;
    u_int32_t       sb_mbcnt;
    u_int32_t       sb_mbmax;
    int32_t         sb_lowat;
    short           sb_flags;
    short           sb_timeo;
};

struct xsockstat_n {
    u_int32_t       xst_len;        /* length of this structure */
    u_int32_t       xst_kind;       /* XSO_STATS */
    struct data_stats   xst_tc_stats[SO_TC_STATS_MAX];
};

But for the Device you need to copy some other headers of the kernel, I don't know why the headers aren't in the device sdk (maybe if you use them Apple will not approve your app, I don't know, but that doesn't matter).

You can copy the missing headers from the simulator SDK to your project. Or you can change the header path to the simulator SDK. (I copied the headers).
If you copy the headers you will need change some include declaration.

You don't need all the inet.c code. You only need these functions:

• protopr
• inetprint
• inetname

Then inside those functions you will see the printf with the data parsed, you can add that in a dictionary.

Here is my code. You can see a class named: DHInet with two method that return a NSArray with a list of NSDictionary with the information of the connections.

I hope you find it useful, and if anyone wants to give me a hand in improving the code, so be it, I need to clean the code, because it has a lot of ifdef that are not necessary.