A FreeBSD command-line tool for monitoring network traffic to/from IoT devices. Captures DNS queries and port usage to help configure firewall rules.
- Filter traffic by MAC address or IP address
- Track DNS queries to identify hostnames the device contacts
- Monitor outgoing TCP/UDP destination ports (the services the device connects to)
- Track outgoing ICMP message types
- Real-time status display
- Summary report on exit with well-known service name resolution
- FreeBSD
- libpcap (included in base system)
- Root privileges (for packet capture)
# Dynamic binary (requires libpcap at runtime)
make
# Static binary (portable, no runtime dependencies)
make staticUsage: iot_monitor -i <interface> [-m <mac>|-a <ip>] [options]
Required:
-i <interface> Network interface (e.g., vmx0)
Filter (one required):
-m <mac> Filter by MAC address (e.g., aa:bb:cc:dd:ee:ff)
-a <ip> Filter by IP address (e.g., 192.168.1.100)
Options:
-v Verbose output (show each packet)
-h Help
Monitor a smart thermostat by MAC address:
sudo ./iot_monitor -i em0 -m aa:bb:cc:dd:ee:ffMonitor a security camera by IP with verbose output:
sudo ./iot_monitor -i em0 -a 192.168.1.50 -vPackets: 1234 | DNS: 12 | TCP: 456 | UDP: 789 | ICMP: 3
Press q or Ctrl+C to exit and display the summary:
=== Capture Summary ===
Total packets: 1234
Total bytes: 567890
--- DNS Hostnames Requested ---
api.example.com (15 queries)
ntp.pool.org (3 queries)
--- Destination Ports (Outgoing) ---
TCP/443 (HTTPS): 234 packets
TCP/80 (HTTP): 45 packets
UDP/53 (DNS): 18 packets
UDP/123 (NTP): 6 packets
ICMP type 8 (Echo Request): 3 packets
IoT devices often communicate with cloud services and may have undocumented network requirements. This tool helps you:
- Discover which hostnames an IoT device needs to reach
- Identify which destination ports and protocols it connects to
- Configure firewall rules to allow only necessary outbound traffic
- Detect unexpected network activity
Public domain.