What's new

Skynet How to find out if a connected device tries to call any sites/google?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Muon

New Around Here
Hi!
Running Skynet on a asus merlin ac86u on a small home network.
Using setting in gui to block internet access for some connected devices (Network map -> clients -> block internet access).

None of them shows up in the gui logs on firewall -> skynet.

Question: is there some way I can use skynet to log any attempts from those devices to establish internet connections, and if so find out what ip:s/sites?
Would like to know if or when they try to connect to some google-sites for example - but without actually allowing any such connections to be established?
 
Welcome to the forum.

Suppose you unblock those devices via the GUI and then instead block the devices from inside Skynet - Skynet > Settings (11) > Block IOT Devices (11). Then enable IOT Device Logging (12). Does that show you the (failed) attempts to connect?
 
Thanks. Confirm having done that but still no, nothing shows up in the gui -> skynet statistics (nothing under "Last 10 Unique Connections Blocked (Outbound)".
Where should it show?
 
Thanks. Confirm having done that but still no, nothing shows up in the gui -> skynet statistics (nothing under "Last 10 Unique Connections Blocked (Outbound)".
Where should it show?


If I ever looked into this it was so long ago that I’ve forgotten. However, until someone knowledgeable comes along, here are my thoughts.

First, I’d unblock those devices, and I’d want to see how frequently/infrequently they connect. Or, to be more accurate, I’d want to get a feel for the normal logging of that device. Then, knowing how often it connects, I’d block it and then check that its failed connections are indeed logged.

Now, if you’re happy using a terminal, you might feel comfortable using Adamm’s comprehensive treasure-trove list of CLI commands for Skynet as listed here:


For, example, if you go down to the Example Stats Commands section (bottom of the list), you’ll see:

( firewall stats search device 192.168.1.134 ) Search For All Outbound Entries From Local Device 192.168.1.134

I think these commands allow you to do much more than you can do in the GUI. You probably have to give it 24 hours at least before you can get a representative picture.

Please let us know how it goes: I need to brush up on this in case I ever need it in anger.
 
Last edited:
As for now, I wish to get a better understanding of where those devices might 'call home' to, before allowing them internet access. So for now, I kept the devices blocked inside Skynet (ie removed block from gui and by ssh did (11) IOT blocking for each device inside Skynet.

1. First manually triggered one device to check for updates, which failed since the device was blocked.
2. Then did ssh command 'firewall stats search device [ip-numbers]'. Skynet reported 0 blocks total.
3. Next: repeated the manual device to check for its updates and now did same ssh command again: still 0 blocks.

Guessing about this outcome:
(i) 0 blocks when device attempt to connect somewhere for updates could mean Skynet completly locks down the ip assigned to the device, so there is no actual outgoing traffic at all for Skynet to log. But is the attempt not logged? Or where can I find that log?

4. Tried ssh (13) Stats -> (2) Search -> (2) Entries from specific ip -> [device ip]. This reports '[big number] Blocks total' and some lines with date, time, "kernel: [blocked - iot] ...

Guessing a bit again (ii): this appears to confirm the device attempts to connect somwhere, but those attempts never gets logged because its blocked?

5. Tried ssh (13) Stats -> (2) Search -> (9) IOT packets: this presented information on 3 iot outbound blocks to actual ip-adresses. Checking them up: one ip is opendns, other is related to isp, and final one is local, 10.0.x.x

Guessing (iii): that device tries to connect to some domain, but since its dns request was blocked the device could not proceed and do an actual 'call' to its home = Skynet prevented the actual attempt before it happened, so no attempt never existed for Skynet to log?

Does Skynet log which domain/ip that dns call was requesting?

So: am I on the right track? is there some way to get Skynet to provide information on those dns requests / iot packets?

What would be the next things to try? (preferably without or at least before granting internet access for those devices)
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top