Recently I was wondering about the fact, that some of my network devices (smart home devices) had a large delay in their response time.
So I’ve decided to take a look with Wireshark and see what actually happened. I figured out, that most of the devices with delay were actually communicating with some server outside my home country.
I wanted to know more about the involved countries and my devices, so I’ve started to develop a live network traffic analyzer and visualizer. I’ve bought a gigabit network tap, to intercept all incoming and outgoing packets of each of my devices, and then analyzed all packets (Figure 1).
Of course, I just could have used Wireshark ;-).
After a first test, I could ensure that every single packet now arrives on my interception point.
I’ve automatically discovered all of my network devices, with help of my software and assigned meaningful names to them.
Every time a packet comes into my home network, my software will automatically analyze the packet and visualize the origin / destination of it (Figure 2).
I’ve set a filter to only visualize packets of the suspicious devices and found out that my devices have been used as intersection points between an Isreal endpoint and an endpoint of the U.S. cyber command.
Very interesting, but I’ve read that this is not unusual, depending on the used applications.
Btw, a live demonstration (gif) and some other visualizations of the software is added below.