A Little PCAP Reader for iOS+ Meraki Remote Capture = Handy

I had been pecking away at a problem at a remote site, where phantom ringing was driving staff nuts on their Ring Central VoIP phones. I’ll spare you all the nasty things I want to say about the frailty of Ring Central phones and try to stay on topic… These devices are clients on a Meraki network, which means that you can capture their packets remotely, while doing analysis locally.

image0

It’s a nice feature, as it really helps you to exercise a common network troubleshooting task that traditionally requires you to be within the network environment to carry out. I had left the office, and my Wireshark-equipped workstation behind for the day, but found myself with free time, my iPad, and the phantom ringing problem on my mind.

Hmmm. I wonder if there are any PCAP-related apps for iOS? I doubt it, but what the hell… Let’s take a look and see if there is anything I can break down those remote capture files with… If I had my PC with Wireshark on it I wouldn’t need this… But all I have is my iPad… Let’s see.. 

Whoa- what’s this?

It’s an app for iOS called Telluric, and it reads (to a certain extent) packet capture files. It doesn’t do 802.11 radio header stuff. It doesn’t actually CAPTURE packets. You can’t really do display filtering or fancy stuff like Wireshark can. But it does do a decent job when no other tools are available, provided you have access to remote packet capture and local download (or can have someone send you a pcap file).

Sure, it’s a niche app of limited value. But it helped me find the source of my problem when I had no other real options:

image1

It’s time for a firewall rule. Sorry, Mr. Vicious.

(I do know that there are online resources for dumping and analyzing packet capture files. Don’t ruin the mood.)

 

 

1 thought on “A Little PCAP Reader for iOS+ Meraki Remote Capture = Handy

  1. CablingOptional

    I had a similar situation a few months ago and found an iOS PCAP analyzer called MooseNet. It kinda sucks (next to OmniPeek or Wireshark), but it was the only think I could find. I’ll give the one you shared here a try now also – thanks Lee!

    Reply

Tell me what YOU think.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s