Monday, December 31, 2012

Pcap Touch: Read PCAP on iOS!

I finally joined the ranks of the iOS-enabled this Christmas, thanks to a gift of an iPod Touch.  As I was casting about for free/cheap apps (there's an inverse relationship between "number of kids" and "disposable income", and it's an exponential...), I stumbled across this gem - Pcap Touch!

It's a very basic app, in that it only displays pcap-format files; don't expect all the bells and whistles of Wireshark.  Nonetheless, a quick test drive suggests that Pcap Touch will be quite useful for taking a "quick look" at small capture files.  I can already envision using it in situations where we've already performed problem isolation and know exactly what packets are of interest in a given capture.

The only roll-your-own step is transferring the pcap files to your iOS device.  Out of sheer convenience, I used Dropbox; the Dropbox UI shows a "can't view this file" message upon download, but Pcap Touch shows up in Dropbox's "export file to app" UI automatically.

One VERY interesting side note: the app can also stream a live packet capture from a Linux system, via the open-source pcap-touch-server.  I have not tested this capability (yet), but its utility is obvious.

In summary: I wouldn't try to do full-blown capture analysis with this tool, but it's definitely going to come in handy for mobile/remote capture review on a regular basis.  The pairing of Dropbox and Pcap Touch can make the iOS platform useful to network engineers and hobbyists alike.  Have at it.

