I'm doing some network research, I want to find all the IoT devices (or at least devices that could be IoT) from .pcap files. Do IoT devices have some unique traffic characteristics, traffic pattern or identification (eg. protocols, ports, etc)? I can't find the answer. IoT devices are relatively new so there is not that much documentation about it.
Thanks!
This is an active area of research and may require some sort of ML algorithm. We (3 students at UC Berkeley) are also looking into it. Do you have any pcaps you can share?
There are many characteristics, but because this is a new field with insufficient standardization - there is no solution to find all devices, and you will have to use several different methods.
Watch the protocol - some devices use niche protocols that single them out (like SIP for VOIP devices)
Watch the urls devices are looking for via DNS - since most iot devices are not directly human controlled like normal computers, their communication is rather unique per device. They will contact the site of their vendors for updates, send and receive data that directly relates to their function and won't have much variance in their behavior.
Watch for service discovery protocols. Many protocols include the service that the device gives as field. Read about ssdp and mdns.
There are many more complex ways of using the fact that most of the communication is pre-defined. Devices have unique patterns of communication - like specific times between requests for example.
There really isn't. It's an internet device after all, and the manufacturer and the user through configuration will define its traffic pattern.
That said, there will be a traffic pattern for a particular type of IoT devices. Sine IoT devices always phones home for legit reasons, you can probably find your device types by the servers they connect to, and use that to refine your statistics/ML algorithm.
Now on a tangent, a lot of IoT devices (medical devices, OnStar, Tesla and etc) use cellular networks, both for mobility and for reliability. There are a set of protocols that show a lot more information.
Related
We are developing a mobile application that tracks users while they are picking up and delivering commodities. We have overcome many issues, including poor connectivity in rural areas, the app going into the background, and so on.
One issue continues to befuddle us. When receiving calls some drivers lose connectivity, other drivers will gain connectivity, and others (most) have no change in connectivity.
I remember earlier that Verizon iPhone users couldn't access data while on a call. Naively I thought that this issue was completely overcome, but perhaps it is not.
My understanding is that a) there are still some cellular protocols that cannot handle voice and data and b) there are (or were) some settings in mobile phones that give the user a choice.
I have searched for some list of cellular protocols and iOS and Android settings but so far come up empty.
Any guidance would be greatly appreciated.
Hopefully this will provide some more clarity; it all depends on the Radio Access Network (RAN) technology they're using (2G/3G/4G) and the terminal itself's capabilities.
There's 3 umbrella terms of technologies, each with their own revisions and variants, but this should cover it:
LTE (4G) only supports voice calls via VoLTE (Voice over LTE). Calls made over VoLTE will allow the user to continue accessing data at the same time. Many devices & some networks don't yet have VoLTE capability, so they use Circuit Switched Fall Back (CSFB) to drop to a 2G/3G Radio Access Network for making voice calls. (If your terminal does this you then have that RAN's ability to allow simultaneous voice/data.)
3G - There's a few flavors of "3G", depending on the terminal and the RAN variant (UMTS / EDGE / CDMA / HSDPA / HSDPA+) you may be able to access data and be on a call at the same time.
GSM (2G) does not have this functionality, the handset is either in Circuit Switched (Voice) or Packet Switched (Data) mode but not both.
The decision of which RAN to use is based off the priorities stored in the SIM/USIM, the received signal strength of the available networks and the capabilities of the terminal.
This means for example your users who may gain connectivity may find themselves using a 3G access technology on a 4G enabled terminal, with VoLTE support, jumping up to VoLTE to make the call. (Some operators resell to MVNOs but default to slower / older RAN technology like the 3G family)
Others may loose connectivity as you've seen, if they're happily using LTE on a device with no VoLTE support and need to drop to 2G/3G for a call (CSFB) they may loose data services as they're back to the limitations of these older RAN technologies.
I recently have been very interested in developing iOS apps (for iPhone specifically) that can "communicate" with nearby (geographically) apps.
My networking skills/resources are limited, so I was really hoping to make it a peer to peer app, avoiding the need to host my own server.
It seems like I have a few options, including the newish Multi-peer Connectivity framework, and Location services.
I was hoping someone who has experience writing peer to peer apps could direct me to what they think the most logical approach would be.
Additonal info:
*I am only looking to send text/small pictures (speed is not a priority)
*Detecting nearby (within a mile or so) geographically is the main goal
*Possibly communicate with Android devices (I know multi-peer connectivity lacks this)
Peer-to-peer communication is limited to a range of about 50 meters. To extend the range you can create a mesh using intermediate peers to relay messages. That is how the Firechat app works.
If you want to communicate over greater distances without a mesh I believe you will need to go via the cloud
In terms of communicating with Android, the people who made FireChat are coming out with their SDK. Not sure how/what pricing will be but I assume they will offer this cross platform function. There are of course other ways but I am not that advanced in app development to know them yet.
For a simple chat app there are many free online tutorials that help you create iphone to iphone chat app that can also send images. Range will be limited however to whatever is max for WiFi. Like Keith said, mesh is another option but I believe everyone in the network has to have the app for the data to bounce.
I have a scenario of two P2P groups ,each with one AP-client pair.They are independent P2P groups.I am curious to know what will happen if the two P2P groups come close to each other?
TLDR;
The groups will not effect each other.
The WiFi Direct specifications states that devices must be in the FIND phase in order to find more peers to connect to, and even if they were, they wouldn't try to connect unless they were running an app that told them to disconnect from their current group and connect to a new group if they find one.
Two group owner devices can connect to each other if that feature is supported in the particular implementation of Wi-Fi Direct on the devices you are using, and if it supported by the Wi-Fi chip on those devices. According to this paper, it's possible for a device to be a group owner in one group, and a client in another group by time-sharing the Wi-Fi interface:
In order to act both as P2P Client and as P2P GO the laptop will
typically alternate between the two roles by time-sharing the Wi-Fi
interface.
On the other hand, it is impossible to have a group with two group owners. The Wi-Fi direct groups will still be separate from each other, there will simply be a group owner in one that is a client in the other.
According to this article
Some of the capabilities, such as concurrent P2P group and AP
connections, will add complexity to product designs at both the IC and
Wi-Fi subsystem levels. A product will have to maintain multiple MAC
entities to support concurrent operations and most likely will require
concurrent communications on multiple Wi-Fi channels. Clearly the
feature will be valuable, but will it be worth the extra cost required
to implement it? That’s up to the designer to decide. Over time, the
market use, or not, of those features will make that decision easier.
So as far as I understood basic mode is single p2p group per device and since device bound to one group it will not jump in immediately to another group.
Android Classes Reference can be find here
Attempt of implementation can be found here
if device supports more then 1 group it will registered by 2nd group manager as available peer and then any member of group can TRY to connect to device. Device should have some WPS like security or for mobile phone popup dialog.
More on security from Wikipedia:
Wi-Fi Direct essentially embeds a software access point ("Soft AP"),
into any device that must support Direct.[9] The soft AP provides a
version of Wi-Fi Protected Setup with its push-button or PIN-based
setup.
When a device enters the range of the Wi-Fi Direct host, it can
connect to it, and then gather setup information using a Protected
Setup-style transfer.[9] Connection and setup is so simplified that
some suggest it may replace Bluetooth in some situations.[12]
Soft APs can be as simple or as complex as the role requires. A
digital picture frame might provide only the most basic services
needed to allow digital cameras to connect and upload images. A smart
phone that allows data tethering might run a more complex soft AP that
adds the ability to bridge to the Internet. The standard also includes
WPA2 security and features to control access within corporate
networks.[9] Wi-Fi Direct-certified devices can connect one-to-one or
one-to-many and not all connected products need to be Wi-Fi
Direct-certified. One Wi-Fi Direct enabled device can connect to
legacy Wi-Fi certified devices.
The Wi-Fi Direct certification program is developed and administered
by the Wi-Fi Alliance, the industry group that owns the "Wi-Fi"
trademark. The specification is available for purchase from the Wi-Fi
Alliance.[13]
I'm trying to find out what AWDL is. On iOS, if you use Apple's peer-to-peer networking over BlueTooth, it seems Apple creates a new Network Interface "awdl0" to implement (I guess) IP-over-BT.
But I can't find any docs on this tech, or this interface, how it behaves, things we must / must not do with it, etc. Google comes up blank :(.
In particular, I believe it means "established a BT connection, and I'm running an IP bridge over the top, and you can use this to communicate peer-to-peer". Apple's own system libraries have bugs where this bridge isn't setup quickly enough, and if you send data too soon, it appears to get dropped by the OS. So ... if I can query this awdl0, I hope to check "are you ready yet?" and delay P2P messages until the OS is happy.
UPDATE
More info: I can get pairs of iOS devices to create awdl0 connections to each other - but they never get created to OS X machines, whether BT and Bonjour are on or not, whether the devices are paired or not.
Some background:
In iOS5, Apple permanently disabled the Bluetooth parts of Bonjour/Peer-to-peer networking, and published a technote instructing everyone to use DNS-SD if they wanted to keep using Bluetooth as a transport between iOS devices. This is fine, but it means you must use DNS-SD if you want high-performance BT, and you want it reliable.
(GameKit sometimes works fine, but we often see terrible performance in real-world scenarios, e.g. crowded public places - which goes away if you use DNS-SD)
DNS-SD protocol doesn't include info to tell you what the hardware is using. But it does tell you the Network Interfaces (which is how I know we're running on awdl0)
DNS-SD is awesome, and we have high-speed, low latency connections peer-to-peer between iOS devices - all the stuff that GameKit promises but often fails to deliver whenever there's more than a few wifi/BT devices in range.
AWDL recently caught a lot of attention when it caused Wi-Fi issues in iOS 8 and OS X Yosemite devices.
What is AWDL?
AWDL (Apple Wireless Direct Link) is a low latency/high speed WiFi peer-to peer-connection Apple uses for everywhere you’d expect: AirDrop, GameKit (which also uses Bluetooth), AirPlay, and perhaps elsewhere. It works using its own dedicated network interface, typically “awdl0".
While some services, like Instant HotSpot, Bluetooth Tethering (of course), and GameKit advertise their services over Bluetooth SDP, Apple decided to advertise AirDrop over WiFi and inadvertently destroyed WiFi performance for millions of Yosemite and iOS 8 users.
How does AWDL work?
Since the iPhone 4, the iOS kernels have had multiple WiFi interfaces to 1 WiFi Broadcom hardware chip.
en0 — primary WiFi interface
ap1 — access point interface used for WiFi tethering
awdl0 — Apple Wireless Direct Link interface (since iOS 7?)
By having multiple interfaces, Apple is able to have your standard WiFi connection on en0, while still broadcasting, browsing, and resolving peer to peer connections on awdl0 (just not well).
You can find more info here and here.
I'd like to provide a more precise answer as to how the protocol works internally. I quote part of the abstract of this paper.
In short, each AWDL node announces a sequence of Availability Windows
(AWs) indicating its readiness to communicate with other AWDL nodes.
An elected master node synchronizes these sequences. Outside the AWs,
nodes can tune their Wi-Fi radio to a different channel to communicate
with an access point, or could turn it off to save energy.
From a user perspective, AWDL allows a device remain connected to an infrastructure-based Wi-Fi network and communicate with AWDL peers "at the same time" by quickly hopping between the channels of the two networks (AWDL uses fixed social channels 6, 44, and 149). In contrast to the previous answer, we found that current versions of AWDL work fairly well and channel hopping only induces a small overhead.
Disclaimer: I'm co-author of this paper and we retrieved this information by means of reverse engineering. If you are interested in the details, please read the paper and have a look at the Wireshark dissector (published soon).
Please tell me in detail why it is impossible to send the data between two phones over GSM? I can find almost no information about this problem.
There are 2 points here.
Firstly, GSM is a mobile voice telephony system - plain GSM doesn't do data connections.
GPRS and EDGE are add-ons to the GSM network that allow data to be sent.
There are other kinds of wireless phone networks that also use a SIM and allow data to be sent (UMTS, LTE).
Secondly, when you establish a data connection with a mobile phone and a phone network, you are establishing an IP connection between your phone/modem and a gateway server in the operator's network. The gateway server allows you access to the internet (together with the DNS server etc, obviously).
This is similar to a computer plugging in a LAN cable and connecting to their ISP. But you can also connect 2 computers with a crossover cable, and configure them to have an IP connection directly. So what you are asking is, why can't I do the same with 2 GSM phones? what is the equivalent of a wireless crossover cable?
The reason is because GSM has no protocol to connect phones to each other. It only defines a protocol for phones to connect to a network base station.
To transfer data between 2 phones, therefore, you need a different protocol, one which will work between 2 peers. Bluetooth is a common such protocol, but it only works over short distances.
If you want to connect 2 distant phones, you can do this via a third party, like a website, to which data can be uploaded into the cloud by the first phone and downloaded by the second phone.
Or, you could establish a connection at the IP level via the internet, e.g. if one mobile device was a web server (the last sentence is only theorising).
See also this related question
EDIT: 3GPP Release 12 includes direct Device to Device communications. At the time of writing, it's still very new, and not yet commercially available, so the answer above still holds. D2D is designed for emergency services, eg if the network is damaged by a disaster, they can still communicate directly. But 3GPP suggests that it will be commercially available as well. From 3GPP news
There are also commercial benefits of D2D, with new applications building on the physical proximity of users being trialed by operators.
2nd EDIT: Apple has created a feature called Multipeer Connectivity Framework, which uses a mixture of WiFi networks, peer-to-peer WiFi and Bluetooth to enable short distance connectivity between iPhones when there is no GSM network.
NFC is another peer-to-peer technology for communicating between 2 devices, that is supported by some phones. More information here.