Getting a List of All TCP Connections

I am trying to get a list of all the current TCP connections in iOS. I am currently using the sysctlbyname() UNIX call but it is extraordinarily difficult to see good, working examples of this. Right now, my current implementation just returns an empty array.


Does anyone have any good examples? I've spent a long time googling and I cannot find anything that works.


Thanks!

Accepted Reply

I'm so glad I've finally got it working 🙂


I don't see why Apple would block sysctl networking calls, I don't see any huge privacy concerns here.


For anyone who is curious, there is a publicly available Xcode project (google 'DHInet.h github' to find it). The project itself doesn't actually seem to work in iOS 9 but it's still a good example of what we can do, he's got all the correct source files such as netstat.h which are required to get it working. I completely removed his implementation of the protopr function in his DHInet.m file, then copied Apple's open-sourced implementation of the protopr function (link here) and made some changes so that instead of printing out the current connections it converts them to NSStrings and places them in an array. The actual function that is supposed to print out the network connection is called inetprint in that link I posted above.

Replies

Have you considered that the iOS application sandbox may be interfering with that code?


According to the security and privacy videos from last WWDC, In iOS 9,

sysctl()
was modified to no longer allow sandboxed Apps to retrieve information about other running processes.

I am trying to get a list of all the current TCP connections in iOS.

There’s no high-level API for doing this and the low-level APIs that might work (like

sysctlbyname
) aren’t really APIs but are more like legacy stuff grandfathered in from OS X that the sandbox hasn’t quite yet got around to blocking.

What’s your final goal here?

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I'm so glad I've finally got it working 🙂


I don't see why Apple would block sysctl networking calls, I don't see any huge privacy concerns here.


For anyone who is curious, there is a publicly available Xcode project (google 'DHInet.h github' to find it). The project itself doesn't actually seem to work in iOS 9 but it's still a good example of what we can do, he's got all the correct source files such as netstat.h which are required to get it working. I completely removed his implementation of the protopr function in his DHInet.m file, then copied Apple's open-sourced implementation of the protopr function (link here) and made some changes so that instead of printing out the current connections it converts them to NSStrings and places them in an array. The actual function that is supposed to print out the network connection is called inetprint in that link I posted above.

OK, I’m going to be crystal here. Do not build a product based around your ability to see the TCP connections being made by other apps. While this may work right now, it would not surprise me if it were blocked by the sandbox in the future (r. 23554314), at which point your product will be dead in the water.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I would agree that making an app completely reliant on a single system call would be a pretty awful idea. However it's not really that clear why this would be a security concern for Apple. Several apps (such as the "Status" app) make great use of this system call for informational purposes.


I can understand if Apple monitored its usage to ensure people aren't abusing it. But an outright ban wouldn't be good either. There are many completely legitimate reasons to use this system call, like my purpose (informational). It's pretty useful being able to see which connections are using your cellular connection vs. your wifi connection, for example.

However it's not really that clear why this would be a security concern for Apple.

I agree that this sort of functionality can be useful however it’s easy to imagine ways for it to be abused. For example, say I’m working as a clown and thus have the Uber for Clowns app installed on my phone so I can receive new work. However, I’m worried about the evilness of my job, so I’ve been browsing some clown horror stories on

http://www.ihateclowns.com/
. If the app, running in the background, sees TCP connections to that web site, it could easily report me to the Global Clown Conspiracy, meaning I’ll never work as a clown again!

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I suppose you're right. Especially when Trump is elected and begins hunting down those with a past hatred of clowns to reeducate them. You wouldn't want that on your record. I know you would like everyone to think you're just joking. But I know the truth. Clown hatred is a real movement in our society. And we've been fighting quietly against the GCC for a long time now. We think of ourselves as Le Resistance (you have to say it in a French accent otherwise they'll figure it out). But don't worry, your secret is safe with me.

Hello, i recently installed iOS 10 Public Beta 7 version and i'm optimizing/testing one of my apps for the upcoming iOS 10 release. Specifically, i have trouble getting TCP/UDP listening connections data using snippets from inet.c code. No data gets returned for the TCP connections. My code worked on iOS 9.3.5 but not on iOS 10. I've searched over the internet to find any possible fix for this or any other users that may had trouble with iOS 10 and the listening connection points but nothing found.

I’m sorry to hear that your app is having compatibility problems. Do you have a question that hasn’t already been answered by this thread?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"