I'd like to occasionally scan my local network and get a feel for which devices are communicating with outside servers. I just want a quick overview (for now), not detailed packet-sniffing. Pi-hole has been recommended and I've happened across PRTG (free version) while down the rabbit-hole. What else?
I setup pi hole a few weeks ago - it will show you a good bit and it's fairly easy to block (and unblock). One thing I have seen today is some of the sites that are "necessary" for Windows 10 to complete an update . . .
The only negative for me was it is not as flexible at DHCP as linux dhcpd but it works.
As you probably know, it's not a scanner but it is a DNS (with DHCP if you so desire) so it will show you clients making a DNS call. It's also not a firewall.
If you have a good router you should be able to run reports. But most consumer routers have very little reporting. I know Asus can show application usage in a limited report on their management pages. Myself I use Untangle and always put new devices on my "untrusted" network to see what they are speaking and other behaviors they may be taking. I just wish the IoT vendors would just document what they used so we don't have to go though these types of exercises.
I also use Pi-hole but it's only for DNS lookups for name resolution. You can block DNS lookups but that doesn't cut all the lines of access.
Exactly. With most of these devices, I just block them (IP V4 and IP V6) at the router unless I know and understand why they need external access. IP cameras seem to be the worst offenders in my experience.
I remember hearing about this tool as well. They talked about it on the Internet of things podcast as well. The only crappy thing is that it only has a mac version. Last time I checked they were promising a windows/linux version coming soon.
Implicit deny. It's a little more work, but I take the approach of blocking all outbound traffic at the router and then allowing devices individually. I have a very good firewall, so it makes it easier. There are some pretty powerful opensource options out there these days.
2 Likes
I use OpnSense (a fork of PFSense) firewall - it works really well and has a nice interface.
and the Windows version has been created..
1 Like
Just a little heads-up, I got the IOT Inspector for Windows up and running and it caused my Harmony Hub to start cycling through it's activities. Be selective with your devices.
1 Like
Yes the Harmony Hub is my second least trusted device on my network, I have it firewalled off except for time services for internet access and it's on one of my "untrusted" VLAN's because of its need to phone home and I don't know what it's sending when it talks to the mothership so I don't want any data about the layout of my private network.
2 Likes
I'd like to think it's just status updates for keeping the mobile app in sync, but I'm just too stupid and too lazy to try and find out. I'll definitely look at some firewall rules.
Dare I ask what wins the prize?
2 Likes
It's a Samsung "Smart" TV. Just turning it on it calls back to fourteen different endpoints on the internet in addition to Samsung services.
3 Likes
Yep, had one pass 2 gigs of data in a week while turned "off". it's been a dumb TV ever since.
2 Likes
