Using Wireshark, I monitored my home internet traffic over a 10 hour period of time. There were definitely some interesting findings, some surprising and some expected.
The first thing I noticed during this assignment was just the sheer amount of traffic that flows through my router was pretty impressive… to me at least. Over a 10 hour period, we had 284,522 packets transmitted. That breaks down to about 8 packets a second. This helped to inform the method of my analysis that I chose.
Instead of looking at the content of these packets, I chose to instead look at 4 different cuts across the data:
- Who from within my network is sending the most packets?
- Who is sending the most packets into my network?
- Who is receiving the most packets from my network?
- Who is in my network is receiving the most packets?
After a quick bit of Excel work, I got the answers to these questions. I found that my desktop PC was sending the most amount of information. 166,994 packets were sent in total. The protocols included TCP, UDP, GQUIC, Dropbox LAN Discovery Protocol, among others. Dropbox, popped up in a few places. After seeing that my desktop PC was the number one sender, I checked to see who it was sending to the most, and it was Dropbox.
Dropbox also ranked number one my list of external senders, but Amazon prevailed when considering it included multiple IP addresses. This is despite the fact I was migrating large numbers of files across hard drives via Dropbox. Amazon is not terribly surprising considering how much we shop on the site in addition to the two Alexa devices we have in our house. The list reads like the top companies traded on the NASDAQ. Pretty boring. A couple of standouts, though, are Fastly, Yahoo and Valve. These three companies were the most surprising on the list to me at least because I don’t actively engage with any of these companies. Valve makes some sense considering I have Steam installed on my PC, but I don’t recall doing anything on it during that window.
Once again Amazon is up there. Three times. Clearly, there is a lot of data that is leaving our house that is ending up at Amazon. Surprisingly, none of these packets originated from my Amazon Echo or Sonos One. The Echo in my house only sent 24 packets over the same time period all to the same IP address multicast. The Sonos sent out 1,752 packets which were mostly
NOTIFY * HTTP/1.1. If Alexa is listening and sending data, I missed it on this exercise.
One other surprising observation came from the sheer amount of traffic there was between my phone and my computer. I’m still not sure what was happening here, but over the same 10 hour period 2,174 packets were transferred between these two devices. This included a lot of
Application Data, which was surprising because I always assumed that unless these two devices were directly connected via Bluetooth or a wire, they would only communicate through the internet. I may need to do a bit more digging and observation.