First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

want to study IoT device on LAN

  • retag add tags

I have an IoT device on my local network - has a touch screen to initiate some service requests from a remote internet host but it is otherwise inscrutible.

My setup is a private address space subnet/LAN with internet/WAN via 4G D-Link Wireless Router acting as DHCP host and gateway. There is no proxy or other stuff on this simple network.

I have my windows PC with Wireshark connected via ethernet on the D-Link and served up a reserved 192.168.0.50 IP.

The D-Link is the default gateway at 192.168.0.1, no firewalling, no NAT, VPN, DMZ or other stuff.

The IoT Device is also connected to the D-Link by ethernet and reserved up 192.168.0.52

So...

In Wireshark I can easily enough see the IoT device responding to ping on my Windows Laptop.

The web-browser admin session with the IoT device also shows session info [192.168.0.50 <-> 192.168.0.52] easily enough.

I have simply used the filter ip.addr == 192.168.0.52

What I am trying to observe/study is the frequency of calls from the IoT device to an internet service to get tasks. Is this a case where I cannot capture this from a (promiscuous) adapter on the local LAN - because they are not broadcast, but point to point going only from 192.168.0.52 -> 192.168.0.1 -> [Remote Host]

I can trigger a remote host connection with a touchscreen action on the IoT device.

I know it is then establishing an https session with a remote host but I want to then see how often in the background it is repeating these remote host connections. I have not worked out if it is even possible without perhaps a wiretap or something to observe these client to server requests from the IoT client to the remote host?

I hope is this clear enough to give a knowledgable wireshark user the kind of beginner ignorance I suffer from in this case.

stardotstar's avatar
1
stardotstar
asked 2019-09-27 04:00:12 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Update on this - is it likely i can "trick" the IoT device into revealing its remote session queries by using a cross-over between the device and my laptop after setting up the IPs as static on the same subnet and assigning the laptop IP as the gateway on the IoT device? Then it would think that it needed to try and communicate with the remote services via the direct IP to IP connection - thus revealing its comm activity without needing a tap?

stardotstar's avatar stardotstar (2019-10-03 02:15:43 +0000) edit
more
  • delete

That is what's called a proxy, and can be tougher to build.

Jaap's avatar Jaap (2019-10-03 04:47:22 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Your D-Link router has multiple Ethernet ports, which acts as a switch. Since a switch by definition isolates unicast traffic from other ports you won't see the IoT traffic on your PC, unless it's broadcast or unicast to/from your PC. So you either have to setup a monitor port on the switch (unlikely to be supported), or use a network tap between the IoT device and the D-Link router. You can read more on the WIki.

Jaap's avatar
13.7k
Jaap
answered 2019-09-27 05:28:05 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you Sir! Makes perfect sense to me, thanks for takign the time to reply.

stardotstar's avatar stardotstar (2019-09-27 06:34:15 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer