Who’s On My WIFI & What’s Phoning Home To Where?
In the US ISPs generally provide decent security for the home user to sensibly surf the Web, but many users don’t completely realize the consequences of not securing their home WIFI from others i/e: your contractor needed a connection, your friend wanted to show you something on his phone, your kids needed the password for one of their friends for homework or gaming, mom had a few cocktails and let her girlfriend or the neighbor use the connection. If you live in the city, and have big broadband WIFI like I do you can also become a target. My WIFI is accessible to the neighbors on my block, including two bars, two restaurants, a jewelry store, and the music store across the street. When you allow people to connect to your WIFI you are breaking down the general security of your home network. You have no way of knowing what those users will do once they are out of your presence. In the worst cases half of downtown could be connecting to your home WIFI network and/or a malicious actor could be compromising your stored data right now. The thing is: all the devices on your home WIFI network are much more vulnerable to data invasion from bad actors working from within that network because your ISPs security protections are no longer in front of the connection.
As always I am writing here for Linux Lite users and I realize the majority of them are recent Windows refugees and/or new to Linux in general. The thing is, the best way to answer the initial questions in the heading is with two powerful Linux/Unix network scanning applications: nmap and iftop. I’m only going to discuss some basic usage here, nothing particularly technically intimidating, but you will be able to answer the questions in the header concerning your own Linux Lite system on your own network.
Part 1: Basic Nmap Use With Linux Lite
You can find both nmap and iftop in your Linux Lite Package Manager (Synaptic). Mark them for installation and apply the changes and approve the necessary dependencies. See below:
Enter nmap in the search box then mark it for installation and apply the changes after accepting dependencies. See below:
Enter iftop in the search box and then mark it for installation and apply the changes. See below:
Before running nmap and/or iftop the first time click on your network icon in Linux Lite and find your connection information. You will need your IPv4 assigned address for nmap and your WIFI interface name for iftop. See below:
Below is an image of two nmap scans I ran on a WIFI network from a Linux Lite 5.8 OS. The left pane of the terminal (terminator) shows a regular host scan started with the command sudo nmap 192.168.1.2-254. In the image above 192.168.1.1 is listed as the default path on the network which means it is the address of the WIFI router on the network so there is no point in scanning it directly to find active hosts. The subnet contains 254 addresses so the command tells nmap to scan for any hosts between 2 and 254. This network has 3 Roku TVs on it (49, 54, 180), one Firestick TV or Kindle tablet (202), one firewalled computer named debianamd1 (98), one Android (LG K51 series) cell phone (141), and the firewalled Linux Lite computer running the scan (206). The scan as you can see below only took 15 seconds with this method.
The right pane in the terminal shows an operating system scan started with the command sudo nmap -O -v 192.168.1.49. This command scans for an operating system of a connected host on the network with the -O option, and reports in verbose mode with the -v option. On this network 192.168.1.49 is the address of a TCL ROKU TV. You can see below how nmap reports %guesses about the system the TV uses. The first one is usually the most likely and I know that TCL IoT devices are usually Android so I’m not surprised with the results. The TCL TV and its particular implementation of afs3 file system has been shown to have dangerous vulnerabilities in the past, and though it is reported as patched no documentation/information on the patching process is publicly available that I am aware of. To learn more about it see the links below:
https://en.wikipedia.org/wiki/Andrew_File_System
https://tools.ietf.org/id/draft-keiser-afs3-capabilities-00.html
To learn more about nmap usage see the first link below:
https://nmap.org/book/man.html
Part 2: Basic Iftop Usage With Linux Lite
Part 3: Basic Nmap Usage With Windows 10
Part 4: Some Useful Linux Lite Network Utilities