Chatty IoT device on LAN

noplan

@ibbetsion
method A
set a firewall rule and activate log all on that rule and read the log

method B
package caputre on pfs and read output

brNP

NogBadTheBad

@ibbetsion said in Chatty IoT device on LAN:

114.67.71.104

What actually are the devices sat on your LAN ?

johnpoz

What specific iot device is this?

Not sure if I would call 156 pkts in 50 mins "chatty" ;)

Which is more strange to me is the yeah seems like a traceroute to 8.8.8.8.. Curious what some iot device would want/need with a traceroute?

If your curious to what the traffic is - firewall log not really going to give you much info other than what IP and port. You would need to do a packet capture (sniff) to see what is being sent/recv'd

gniting

@johnpoz said in Chatty IoT device on LAN:

What specific iot device is this?

Not sure if I would call 156 pkts in 50 mins "chatty" ;)

Which is more strange to me is the yeah seems like a traceroute to 8.8.8.8.. Curious what some iot device would want/need with a traceroute?

If your curious to what the traffic is - firewall log not really going to give you much info other than what IP and port. You would need to do a packet capture (sniff) to see what is being sent/recv'd

It's a network video recorder for the security cameras.

Downloading wireshark...

johnpoz

while wireshark is great for viewing the details of the capture. You can do the capture right on pfsense under diagnostic menu. And then just download and open with wireshark..

gniting

@johnpoz said in Chatty IoT device on LAN:

while wireshark is great for viewing the details of the capture. You can do the capture right on pfsense under diagnostic menu. And then just download and open with wireshark..

will do that, thanks!

johnpoz

BTW - if you want example of some chatty beasts ;)

That is just a couple of lightbulbs - like every few seconds a broadcast.. And people ask why you might want to isolate iot to their own vlans..

Well for starters to keep their noise isolated to that L2...

I have like 16 of of those little beasts just broadcasting a way ;)

gniting

@johnpoz said in Chatty IoT device on LAN:

BTW - if you want example of some chatty beasts ;)

That is just a couple of lightbulbs - like every few seconds a broadcast.. And people ask why you might want to isolate iot to their own vlans..

Well for starters to keep their noise isolated to that L2...

I have like 16 of of those little beasts just broadcasting a way ;)

Wowza! I'm def not in that camp... yet.

Can't do vlans cause I have a unmanaged switch. Otherwise I'd def put all the "junk" in its own little world.

johnpoz

Its great that your interested in what your devices are doing though..

Most of the devices share hardware and code even.. So its quite possible you can find details of what some of this stuff is even if not your specific make model of device.

For example - way back when when first started putting lightbulbs on the network, and looking into their traffic patterns..

Here is a link to the broadcast traffic they are doing, for my example.. You could prob find similar sort of write ups on your info - if your google fu is up to it ;)

https://revspace.nl/WifiLamp

edit: BTW, just remember that the S in IoT stands for "security" ;) hehehehhe

provels

@johnpoz said in Chatty IoT device on LAN:

edit: BTW, just remember that the S in IoT stands for "security" ;) hehehehhe

Just another reason to not let my dishwasher talk to my refrigerator.