Recently I was wondering about the fact, that some of my network devices (smart home devices) had a large delay in their response time.
So I’ve decided to take a look with Wireshark and see what actually happened. I figured out, that most of the devices with delay were actually communicating with some server outside my home country.
I wanted to know more about the involved countries and my devices, so I’ve started to develop a live network traffic analyzer and visualizer. I’ve bought a gigabit network tap, to intercept all incoming and outgoing packets of each of my devices, and then analyzed all packets (Figure 1).
After a first test, I could ensure that every single packet now arrives on my interception point.
I’ve automatically discovered all of my network devices, with help of my software and assigned meaningful names to them.
Every time a packet comes into my home network, my software will automatically analyze the packet and visualize the origin / destination of it (Figure 2).
I’ve set a filter to only visualize packets of the suspicious devices and found out that my devices have been used as intersection points between an Isreal endpoint and an endpoint of the U.S. cyber command.
That’s why I’ve decided to block all the traffic, coming from any IP range of the israeli company and the U.S. cyber command by modifying slightly the firmware of my ISP modem, because I actually don’t trust the native block option of the modem.
It’s needless to say, that after the traffic was blocked, my devices have no meaningful delay any longer.
Btw, a live demonstration (gif) and some other expressions of my software can you find below.