Notifications
Clear all
16/03/2021 10:33 am
I'm doing some network research, I want to find all the IoT devices (or at least devices that could be IoT) from .pcap files. Do IoT devices have some unique traffic characteristics, traffic pattern or identification (eg. protocols, ports, etc)? I can't find the answer. IoT devices are relatively new so there is not that much documentation about it.
16/03/2021 10:33 am
There are many characteristics, but because this is a new field with insufficient standardization - there is no solution to find all devices, and you will have to use several different methods.
- Watch the protocol - some devices use niche protocols that single them out (like SIP for VOIP devices)
- Watch the urls devices are looking for via DNS - since most iot devices are not directly human controlled like normal computers, their communication is rather unique per device. They will contact the site of their vendors for updates, send and receive data that directly relates to their function and won't have much variance in their behavior.
- Watch for service discovery protocols. Many protocols include the service that the device gives as field. Read about ssdp and mdns.
There are many more complex ways of using the fact that most of the communication is pre-defined. Devices have unique patterns of communication - like specific times between requests for example.
Forum Statistics
14
Forums
2,745
Topics
5,490
Posts
11
Online
6
Members
Latest Post:How to get access to XHR data using python script?Our newest member:clairewardell50Recent PostsUnread Posts
