Jump to content

A new device has joined my network - packet sniffing


Recommended Posts

Can I say up front that I love Domotz and think that it is sensational software in every respect :x  I have put a lot of effort into setting it up, identifying all the devices on my network (over 40) and have set up a few alerts. Some devices have multiple MAC addresses (i.e. LAN and WiFi) all of which I captured (bringing the total to over 50 network devices). It gave me a great sense of confidence knowing exactly what was connected so I put a lot of effort into this process.


Then yesterday I got the alert from hell which said

"A new device branded XYZ has joined your network" 

The alert gave details like name, make and MAC address. This of course put me into a mad panic because I had a very good idea of what was on my network. Had my kid given the WiFi password to one of his mates? Had the network been compromised? Then an hour later I got a second alert, then a third. By the time I got home I went into lock-down mode. Changed passwords. Locked the network down to known MAC addresses. Interrogated my kid. Nothing.


Then the thought occurred to me that whenever Domotz detects a new device, it could relatively easily go into "promiscuous mode" and start capturing packets for the new device that has joined the network. That would be very helpful. Packet capture would provide a lot of useful data at this point.

For example - if Domotz ever wanted to add an optional extra, you could provide an optional service where you analyse the traffic and advise what is going on. 

Or provide the data so that a mug user like me could use Wireshark or a similar program to attempt to analyse the data captured from the Packet sniffing process would be very useful to try and figure out what is going on. It could be as benign as someone stealing internet, or something more sinister.

Link to comment
Share on other sites



you're overflowing with ideas :) 


It's something that we're studying from september. It will take a bit of time to become a feature and a product because packet sniffing and inspection is an expensive activity in terms of machine capabilities.


Just spikes for now, but as you saw, we are pretty fast in make things happening.



Link to comment
Share on other sites

Great stuff.  I was thinking sniffing and capture only. Should be well within the capabilites of a Raspberry Pi. Forget the packet inspection because that needs a lot more grunt. 

Phase 2 could be.... this IP address talked to these addresses on your network. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...