Detecting IoT devices in a house

Hi. It would be supper useful to have an app that scans a wifi network and shows what IoT devices are there and shows basic info as in internetofshit.

Does anyone know anything like this?

Use-cases

Going to a not-so-privacy-conscious friend’s house

A useful use-case would be if you go to your “not-so-privacy-conscious” friends and just scan to see which devices are there and politely ask them to turn them off.

Find out if you already have any smart devices in your home

People who are new to the privacy would could find interesting to know what they already have and what it can collect (or is known to collect) on them.

it’s good idea, interested to hear answers…

You can use sudo nping --icmp 192.168.1.0/24 for a basic ICMP ping scan in the network 192.168.1.0/24. nping comes with nmap.

nmap is a well-known cross-platform scanner. There is even a GUI for people who don’t like terminals, called Zenmap.

You can scan a network with commands like sudo nmap -sV -O -T4 -oN scan-results.txt -v 192.168.1.0/24. This command tells nmap to scan the most common 1,000 TCP ports of all devices in the network 192.168.1.0/24. It also tells nmap to identify services of open ports and operating systems. The scanning result is stored in scan-results.txt. You can also add the flags -F to only scan the top 100 TCP ports or -p- to scan all TCP ports.

However, all scanning methods come with some limitations. For example, a device can be configured in a way that it ignores ICMP echo requests. This means that you won’t get any answers when you send a ping to the device. ICMP echo requests can also be blocked by your network router. Then, you won’t get any responses. The router could even block any scanning attempts. For instance, the Turris Omnia blocks all scanning attempts in the guest Wi-Fi network. In this case, you can’t scan for any devices. You could still record the network traffic with Wireshark or similar tools, because many devices send broadcast/multicast traffic, so you can passively detect them.

A more expensive solution is to use a managed switch or a router that supports tcpdump. In this case, you can monitor all network traffic and identify all devices in the network. Two exceptions: There might be a purely passive network component that never talks to anyone and blocks all connection requests, and there might be an IoT device that comes with its own network connection (e.g., via mobile networks).