IoT Inspector Client for analyzing IoT device firmware
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
IoT Inspector 3
Simply run ./start.bash for Linux/Mac and start.bat for Windows. It will take care of all the dependencies.
If the underlying dependencies is updated, please run the following first:
uv cache clean
uv lock
uv sync
User guide
Please review the User Guide for instructions how to run IoT Inspector.
Developer Guide
If you are developing IoT Inspector, please read this section.
Database Schema
When presenting network stats, IoT Inspector reads from an internal SQLite database. To see how the packet collector and database is implemented, look at the IoT Inspector Core package.
You should always read from the database using the following approach:
import libinspector.global_state
db_conn, rwlock = libinspector.global_state.db_conn_and_lock
with rwlock:
db_conn.execute("SELECT * FROM devices")
The schema is as follows:
CREATE TABLE devices (
mac_address TEXT PRIMARY KEY,
ip_address TEXT NOT NULL,
is_inspected INTEGER DEFAULT 0,
is_gateway INTEGER DEFAULT 0,
updated_ts INTEGER DEFAULT 0,
metadata_json TEXT DEFAULT '{}'
);
CREATE TABLE hostnames (
ip_address TEXT PRIMARY KEY,
hostname TEXT NOT NULL,
updated_ts INTEGER DEFAULT 0,
data_source TEXT NOT NULL,
metadata_json TEXT DEFAULT '{}'
);
CREATE TABLE network_flows (
timestamp INTEGER,
src_ip_address TEXT,
dest_ip_address TEXT,
src_hostname TEXT,
dest_hostname TEXT,
src_mac_address TEXT,
dest_mac_address TEXT,
src_port TEXT,
dest_port TEXT,
protocol TEXT,
byte_count INTEGER DEFAULT 0,
packet_count INTEGER DEFAULT 0,
metadata_json TEXT DEFAULT '{}',
PRIMARY KEY (
timestamp,
src_mac_address, dest_mac_address,
src_ip_address, dest_ip_address,
src_port, dest_port,
protocol
)
);
IoT Inspector Helper Scripts
We also include two scripts to help with development and debugging.
Anonymize
After installing IoT Inspector, you can run the following command:
anonymize -i <input_pcap_file> -o <output_pcap_file>
Here is the help output
anonymize -h
usage: anonymize [-h] [-i INPUT_FILE] [-o OUTPUT]
Anonymize MACs and filter specific control packets (DHCP, SSDP, MDNS) from a PCAP file.
options:
-h, --help show this help message and exit
-i INPUT_FILE, --input INPUT_FILE
The path to the input PCAP file.
-o OUTPUT, --output OUTPUT
The path to save the anonymized PCAP file (default: sanitized_output.pcap).
The output PCAP file will have all
- MAC addresses anonymized
- all DHCP, SSDP, and MDNS packets removed.
This is useful for sharing PCAP files without revealing sensitive information.
PCAP Time Series
After installing IoT Inspector, you can run the following command:
time-series -i <PCAP_FILE> -m <TARGET_MAC> -o <OUTPUT_PNG_FILE> --b <BIN_SIZE_IN_SECONDS>
Here is the help output
usage: time_series [-h] -i INPUT_FILE -m TARGET_MAC [-o OUTPUT] [--interval INTERVAL]
Analyze PCAP file to plot upload and download traffic over time for a specific MAC address.
options:
-h, --help show this help message and exit
-i INPUT_FILE, --input INPUT_FILE
The path to the input PCAP file.
-m TARGET_MAC, --target-mac TARGET_MAC
The MAC address of the device to analyze (e.g., 'aa:bb:cc:dd:ee:ff').
-o OUTPUT, --output OUTPUT
The path to save the output plot PNG file (default: traffic_timeseries.png).
-b BIN_SIZE, --bin BIN_SIZE
The width of time bins in seconds for aggregating traffic data (default: 0.05 seconds).
The output will be a PNG file showing the upload and download traffic over time for the specified MAC address. This is useful for visualizing traffic patterns of a device in a PCAP file.
The output should look something like this on the console.
INFO: Starting analysis for: TEST.pcap
INFO: Target MAC for analysis: 44:3d:54:e3:4b:6e
INFO: Time bin size: 0.05 seconds
INFO: Read 2392 packets. Starting data processing...
INFO: Generating plot...
INFO: Successfully saved plot to 'traffic_timeseries.png'
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iot_inspector-3.0.16-py3-none-any.whl.
File metadata
- Download URL: iot_inspector-3.0.16-py3-none-any.whl
- Upload date:
- Size: 293.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b33235ed657e37138c6766c0ec354a55248a18ae6266d06382ec76c2f9c4a246
|
|
| MD5 |
6836d7a122e1a67217adb9b7f19dffab
|
|
| BLAKE2b-256 |
ab8fc46b4b265692d6a8e4274f37681c704eec160ca2f8fae2aecb9e0b6c9082
|
Provenance
The following attestation bundles were made for iot_inspector-3.0.16-py3-none-any.whl:
Publisher:
create_release.yml on nyu-mlab/iot-inspector-client
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
iot_inspector-3.0.16-py3-none-any.whl -
Subject digest:
b33235ed657e37138c6766c0ec354a55248a18ae6266d06382ec76c2f9c4a246 - Sigstore transparency entry: 983754905
- Sigstore integration time:
-
Permalink:
nyu-mlab/iot-inspector-client@c26ff8f8a1db880f5dcae4f44a4b49c4e42e202d -
Branch / Tag:
refs/heads/master - Owner: https://github.com/nyu-mlab
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
create_release.yml@c26ff8f8a1db880f5dcae4f44a4b49c4e42e202d -
Trigger Event:
push
-
Statement type:
