Forked from williamzujkowski/iot-network-monitor.py
Created
December 3, 2025 11:46
-
-
Save adampielak/a409ef817216b7551958bede3f9a221e to your computer and use it in GitHub Desktop.
IoT Network Monitor - Real-time packet monitoring and anomaly detection using scapy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| IoT Network Monitor | |
| Real-time packet monitoring and anomaly detection for IoT devices using scapy | |
| """ | |
| from scapy.all import * | |
| import json | |
| from datetime import datetime | |
| class IoTMonitor: | |
| def __init__(self): | |
| self.suspicious_patterns = [] | |
| self.device_profiles = {} | |
| def packet_callback(self, packet): | |
| if packet.haslayer(IP): | |
| src_ip = packet[IP].src | |
| dst_ip = packet[IP].dst | |
| # Track device behavior | |
| if src_ip.startswith("192.168.20."): # IoT VLAN | |
| self.profile_device(src_ip, dst_ip, packet) | |
| # Detect anomalies | |
| if self.is_suspicious(packet): | |
| self.alert(packet) | |
| def is_suspicious(self, packet): | |
| # Check for unexpected destinations | |
| if packet.haslayer(TCP): | |
| dst_port = packet[TCP].dport | |
| if dst_port in [23, 22, 3389]: # Telnet, SSH, RDP | |
| return True | |
| # Check for large data transfers | |
| if packet.haslayer(Raw): | |
| if len(packet[Raw].load) > 10000: | |
| return True | |
| return False | |
| if __name__ == "__main__": | |
| monitor = IoTMonitor() | |
| print("Starting IoT network monitoring...") | |
| # sniff(prn=monitor.packet_callback, store=0) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment