Ask Your Question
0

want to study IoT device on LAN

asked 2019-09-27 04:00:12 +0000

I have an IoT device on my local network - has a touch screen to initiate some service requests from a remote internet host but it is otherwise inscrutible.

My setup is a private address space subnet/LAN with internet/WAN via 4G D-Link Wireless Router acting as DHCP host and gateway. There is no proxy or other stuff on this simple network.

I have my windows PC with Wireshark connected via ethernet on the D-Link and served up a reserved 192.168.0.50 IP.

The D-Link is the default gateway at 192.168.0.1, no firewalling, no NAT, VPN, DMZ or other stuff.

The IoT Device is also connected to the D-Link by ethernet and reserved up 192.168.0.52

So...

In Wireshark I can easily enough see the IoT device responding to ping on my Windows Laptop.

The web-browser admin session with the IoT device also shows session info [192.168.0.50 <-> 192.168.0.52] easily enough.

I have simply used the filter ip.addr == 192.168.0.52

What I am trying to observe/study is the frequency of calls from the IoT device to an internet service to get tasks. Is this a case where I cannot capture this from a (promiscuous) adapter on the local LAN - because they are not broadcast, but point to point going only from 192.168.0.52 -> 192.168.0.1 -> [Remote Host]

I can trigger a remote host connection with a touchscreen action on the IoT device.

I know it is then establishing an https session with a remote host but I want to then see how often in the background it is repeating these remote host connections. I have not worked out if it is even possible without perhaps a wiretap or something to observe these client to server requests from the IoT client to the remote host?

I hope is this clear enough to give a knowledgable wireshark user the kind of beginner ignorance I suffer from in this case.

edit retag flag offensive close merge delete

Comments

Update on this - is it likely i can "trick" the IoT device into revealing its remote session queries by using a cross-over between the device and my laptop after setting up the IPs as static on the same subnet and assigning the laptop IP as the gateway on the IoT device? Then it would think that it needed to try and communicate with the remote services via the direct IP to IP connection - thus revealing its comm activity without needing a tap?

stardotstar gravatar imagestardotstar ( 2019-10-03 02:15:43 +0000 )edit

That is what's called a proxy, and can be tougher to build.

Jaap gravatar imageJaap ( 2019-10-03 04:47:22 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-09-27 05:28:05 +0000

Jaap gravatar image

Your D-Link router has multiple Ethernet ports, which acts as a switch. Since a switch by definition isolates unicast traffic from other ports you won't see the IoT traffic on your PC, unless it's broadcast or unicast to/from your PC. So you either have to setup a monitor port on the switch (unlikely to be supported), or use a network tap between the IoT device and the D-Link router. You can read more on the WIki.

edit flag offensive delete link more

Comments

Thank you Sir! Makes perfect sense to me, thanks for takign the time to reply.

stardotstar gravatar imagestardotstar ( 2019-09-27 06:34:15 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-09-27 04:00:12 +0000

Seen: 125 times

Last updated: Oct 03 '19