Reputation: 23
IoT devices in pcap files
I'm doing some network research, I want to find all the IoT devices (or at least devices that could be IoT) from .pcap files. Do IoT devices have some unique traffic characteristics, traffic pattern or identification (eg. protocols, ports, etc)? I can't find the answer. IoT devices are relatively new so there is not that much documentation about it.
Thanks!
Upvotes: 2
Views: 1128
Answers (3)
Reputation: 13
There really isn't. It's an internet device after all, and the manufacturer and the user through configuration will define its traffic pattern.
That said, there will be a traffic pattern for a particular type of IoT devices. Sine IoT devices always phones home for legit reasons, you can probably find your device types by the servers they connect to, and use that to refine your statistics/ML algorithm.
Now on a tangent, a lot of IoT devices (medical devices, OnStar, Tesla and etc) use cellular networks, both for mobility and for reliability. There are a set of protocols that show a lot more information.
Upvotes: 0
Reputation: 321
There are many characteristics, but because this is a new field with insufficient standardization - there is no solution to find all devices, and you will have to use several different methods.
- Watch the protocol - some devices use niche protocols that single them out (like SIP for VOIP devices)
- Watch the urls devices are looking for via DNS - since most iot devices are not directly human controlled like normal computers, their communication is rather unique per device. They will contact the site of their vendors for updates, send and receive data that directly relates to their function and won't have much variance in their behavior.
- Watch for service discovery protocols. Many protocols include the service that the device gives as field. Read about ssdp and mdns.
There are many more complex ways of using the fact that most of the communication is pre-defined. Devices have unique patterns of communication - like specific times between requests for example.
Upvotes: 0
Reputation: 1147
This is an active area of research and may require some sort of ML algorithm. We (3 students at UC Berkeley) are also looking into it. Do you have any pcaps you can share?
Upvotes: 0
Related Questions
- Processing wireless frames with pcap
- C pcap 802.11 header
- IoT sensor data format unification
- Capturing packets using wireshark of an IoT device
- Analyzing pcap files using dpkt with python
- Extracting PCAP using Tshark
- How to use libpcap to sniff on multiple devices?
- extra light data format for IoT
- Discovering IoT Devices on the network
- developing a portable network analyzer application using pcap