Hi all — I’m John, solo developer behind a new company Tracivex. Wanted to share something I’ve been working on because the engineering constraints turned out to be more interesting than I expected, and I’d love feedback from other Apple developers.
What it is
Kestrel is a PCAP analyzer for iPadOS and macOS. The lighter tier (Kestrel Sight) is on the App Store now; Pro versions for iPad/IOS is in final polish and macOS is in development. It opens packet captures, reassembles TCP streams, surfaces credentials, secrets, and embedded files in unencrypted traffic, detects anomalies like port scans and beaconing, and produces detailed PDF reports — all entirely on-device with no external network.
The interesting engineering bits
A few things I’m happy to discuss:
• 100% Swift, zero third-party dependencies. The whole codebase is around 50K lines.
• Structurally enforced offline operation.
• Memory-bounded analysis of large captures. Memory-mapped I/O for files under 2GB, streaming mode above. TCP stream reassembly spills to disk-backed temp files above 10MB per stream. A “Findings Mode” handles 2GB+ PCAPs by dropping payload bytes after scanning, bounding memory to O(evidence) allowing larger sizes.
• PDF reports rendered with UIGraphicsPDFRenderer including SHA-256 audit log, masked sensitive findings (raw values never written to disk), and on-device generation.
Honest about scope
iOS sandboxing means file-based analysis only — no live capture (Apple doesn’t allow promiscuous-mode interfaces on App Store apps to my knowledge). TLS payloads aren’t decrypted; user-provided key support is on the roadmap. Like any parser-heavy tool there will be bugs and false positives, which I’d rather find now than later.
Looking for TestFlight beta testers (iPad and iPhone)
I’ll be opening TestFlight in the coming days. If you comment or DM, I’ll have you on the list and send the invite as soon as the build is up. The macOS workstation version is also in development and I’ll open beta for that separately down the road, but right now I’m focused on getting the iOS/iPadOS build solid first.
One ask on bug reports: if you hit something, please don’t email me sensitive data from the PCAP itself (credentials, real client traffic, anything you wouldn’t want leaving your environment). Just describe what you were throwing at it — protocol, rough size, what you were looking for, what went wrong — and I’ll work on fixes from there. If a synthetic or sanitized sample is needed to reproduce, we can figure that out together. You can reach out at “support@tracivex.com.”
What I’d love feedback on
• Anyone else built large pure-Swift parsers? Curious how others handle bounded-resource guarantees in Swift specifically.
• Any Apple developers who’ve shipped professional tools — what worked for distribution beyond the App Store search?
App Store link for Kestrel Sight if you want to see what shipped: https://apps.apple.com/us/app/kestrel-sight/id6756164484
Tracivex.com for more information and the upcoming Pro versions.
Happy to answer any technical questions in the comments.
— John