SPIN User Manual

Running SPIN

SPIN needs to be run on a gateway system, so either a router, or a local access point for a subnet. It consists of two daemons: the traffic collector daemon spind, and the web interface spin_webui. SPIN also requires an MQTT server available to both, with mqtt open on port 1884 and websockets support on port 1883.

When using a Valibox installation, all of this is started automatically.

For more detailed information, see the README on github.

The SPIN Visualiser (‘the bubble app’)

This is the main user interface for SPIN, which shows the devices on the local network, and their recent Internet traffic.

spinwebgui

Color legend:

  • Grey: This is a local device
  • Green: Traffic that occurred in the last minute
  • Blue: Traffic that occurred in the last ten minutes
  • Orange: This was only a DNS query, there has been no actual traffic

Manipulating nodes

When clicking on a node, a small window is opened with a number of options:

  • Ignore this node: All IP addresses of the selected node are added to the ignore list, and traffic to and from this node is no longer shown.
  • Rename this node: Specify a name to show in the bubble app for this node
  • (Un)block device: Toggle the ‘blocked’ status: all ip addresses of the selected node are now blocked by firewall rules
  • Allow node: Allow traffic to and from this node, even if the other end of the traffic is blocked with the previous option.
  • Download pcap traffic: Opens a windows where you can start a live traffic capture for this device.

Global lists

The top right contains buttons to show the ignore, blocked and allow lists. Clicking on these lets you remove addresses from these lists.