SPIN User Manual

Running SPIN

SPIN needs to be run on a gateway system, so either a router, or a local access point for a subnet. It consists of two daemons: the traffic collector daemon spind, and the web interface spin_webui. SPIN also requires an MQTT server available to both, with mqtt open on port 1884 and websockets support on port 1883.

When using a Valibox installation, all of this is started automatically.

For more detailed information, see the README on github.

The SPIN Visualiser (’the bubble app')

This is the main user interface for SPIN, which shows the devices on the local network, and their recent Internet traffic.

spinwebgui

Color legend:

  • Grey: This is a local device
  • Green: Traffic that occurred in the last minute
  • Blue: Traffic that occurred in the last ten minutes
  • Orange: This was only a DNS query, there has been no actual traffic

Manipulating nodes

When clicking on a node, a small window is opened with a number of options:

  • Ignore this node: All IP addresses of the selected node are added to the ignore list, and traffic to and from this node is no longer shown.
  • Rename this node: Specify a name to show in the bubble app for this node
  • (Un)block device: Toggle the ‘blocked’ status: all ip addresses of the selected node are now blocked by firewall rules
  • Allow node: Allow traffic to and from this node, even if the other end of the traffic is blocked with the previous option.
  • Download pcap traffic: Opens a windows where you can start a live traffic capture for this device.

Global lists

The top right contains buttons to show the ignore, blocked and allow lists. Clicking on these lets you remove addresses from these lists.

Downloading device traffic

From the ‘bubble app’, you can also directly live (pcap) traffic data from any specific device.

When you select a grey bubble, the following window will pop up. Click ‘Capture PCAP traffic’

spinwebgui

A new window will pop up, where you can start and stop the traffic capture.

spinwebgui

Click ‘start capture’ to start the capture, and ‘stop capture’ to stop it. You can download the pcap data with the ‘Download PCAP data’ button.

There is also a button ‘Upload data to SIDN’; with this, you can upload a specific capture to SIDN’s SPIN website, where additional analysis can be performed. We will not process any data without explicit permission, so in the next screen you will be asked to give permission, as well as some information on the device.

Click ‘close window’ to close the window and go back to the bubble app.