Live Network Traffic Analyzer

Recently I was wondering about the fact, that some of my network devices (smart home devices) had a large delay in their response time.
So I’ve decided to take a look with Wireshark and see what actually happened. I figured out, that most of the devices with delay were actually communicating with some server outside my home country.

I wanted to know more about the involved countries and my devices, so I’ve started to develop a live network traffic analyzer and visualizer. I’ve bought a gigabit network tap, to intercept all incoming and outgoing packets of each of my devices, and then analyzed all packets (Figure 1).
Of course, I just could have used Wireshark ;-).

Network Structure
Figure 1: Home Network Structure

After a first test, I could ensure that every single packet now arrives on my interception point.
I’ve automatically discovered all of my network devices, with help of my software and assigned meaningful names to them.
Every time a packet comes into my home network, my software will automatically analyze the packet and visualize the origin / destination of it (Figure 2).

Live Visualizer
Figure 2: Live Visualizer (after IP block)

I’ve set a filter to only visualize packets of the suspicious devices and found out that my devices have been used as intersection points between an Isreal endpoint and an endpoint of the U.S. cyber command.
Very interesting, but I’ve read that this is not unusual, depending on the used applications.

Cheers, Lars

Btw, a live demonstration (gif) and some other visualizations of the software is added below.

Live Demo
Live Demonstration (Gif)
ireland
Figure 3: Endpoint Information
Figure 4: Packet Information
Figure 4: Packet Information

Post author

I'm an executive M.Sc. with over 12 years experience in cloud architecture / software development and software engineering.

Leave a Reply