I'm curious to see what information I'm blasting out to the various services I depend on for internet (ISP, DNS, probably Cloudflare, etc.).
Are there any easy to setup, entirely self-hosted tools I can run on my home network that would allow me to snoop on my own traffic.
I want more than just DNS, so I'm not just looking for pihole and its ilk. I want to see things like SNI and any non-protected traffic that any of the devices on my network might be sending that I just don't know about.
Ideally, it would be something I could leave on without affecting my speed/latency, but something to turn on occasionally and spot check would be better than nothing.
My router runs VyOS, so I should have quite a bit of flexibility in what I do with my traffic, though I never have figured out if/how to deploy custom software to it…
Since we're talking specifically about network traffic, let's clarify the scope of the problem for reference.
You want to see what is being sent outside, to the wide internet from your network, and how might you be compromised by this traffic.
The logical method would be to snoop on this information. The question is, how would you do that?
port-mirroring
- mirror the traffic through your WAN-facing port into an analyser to check just what is it that you're sending out. Note that this will likely require extensive effort and time since everyone has different traffic they would like to check, and coming up with robust checks is entering the field of security professionals.Some considerations:
I know people will come up with "but they don't spy on you! It needs to be explicitly turned on to spy on you!" and "get a thinkpad bro, modify the HAP bit!", however, both arguments don't hold much weight considering the hardware readily available to the common user (bit of a fallacy, but we'll go with it). The point stands; such behaviour shall not be tolerated in a self-aware user's network, and needs to eradicated the second the user gets a whiff of such mischief playing out. I hope my note has ignited a willingness in you to prevent such rabid deanonymisation attempts to one's self in this age, and will spur you to fortify your network to prevent such malice from breaking anonymity and trust on hardware.
+1 for snort or securityonion.
I appreciate you. 🙏 I have been considering looking into hardening my home network, but I dreaded the idea of figuring out which tools weren't just sponsored SEO-optimising AI-generated time-wasting network-snooping bullshit. This gives me somewhere to start.
I am happy to know this helped you. Good luck in securing your network!